Security

Here at Zazu security is taken seriously to ensure maximum confidentiality of your personal data.
Privacy by Design

All algorithms and AI models for natural language processing and machine learning are specially built in-house by Zazu. Zazu’s homemade and fully optimized AI models are there to ensure maximum confidentiality of your data while preserving high accuracy. Zazu's use of in-house technology means that there is no use of off-the-shelf natural language processing or machine learning API’s. By designing and building models in-house, Zazu can eliminate the requirement and dependency on third-party service providers. Everythings sums up and results in that third-party AI services will not process your data. Zazu calls this Privacy by Design.

Authentication of Zazu Employees

All employees at Zazu are screened extremely thorough and careful, and access to the infrastructure and data store locations are authorized based on the principle of least privilege. All sign-ins with internal and third-party tools employ multi-factor authentication (MFA). Individual user access control is managed through a role-based, security group management system. This enforces isolation of permissions for group. Additionally, all employees are required to sign a strict non-disclosure agreement (NDA) from day one. As soon as employees leave the company, revoking of accesses are completed immediately. Upon a change of an employee's job or position, accesses are reevaluated and permissions that are no longer required are revoked.

Access Protection for Users

Users of Zazu identify themselves only with their email address. Your emailing provider (Google) realizes this access protection utilizing strong encryption and robust security measures. Only data for which the user explicitly gave consent will be provided to Zazu. Utilization of industry-standard emailing providers means that, for the complete Zazu environment, access security is enforced automatically 'by design and by default'. Additionally, incoming emails are validated using DKIM (to counter email spoofing) and SPF (verify mail exchange legitimacy) verification. This verification enables the system to know if a message is coming from the right user and authenticated server. Users logging into the Zazu dashboard and other endpoint are protected by HTTPS secure communication sessions using SSL.

Digital Server Security & Physical Security

Zazu’s servers are located behind a sophisticated firewall and Virtual Private Cloud to prevent unauthorized access via the internet. Because the servers are used exclusively for hosting the Zazu environment, the firewall is configured so strictly that almost all traffic is blocked from the internet. Zazu uses the public Web Services cloud from Amazon. Amazon is a prominent supplier of cloud infrastructure. Amazon has strict regulations to ensure maximum protection of personal data, with the use enterprise-grade digital protection and multi-factor access management systems. Zazu’s servers are located in the datacenters of Amazon Europe. Data produced and collected by Zazu are stored with Amazon in Dublin, Ireland. This is to comply with EU laws and regulations.