How we keep things locked down

Zantiq manages real identities for AI testers. That's sensitive stuff. Here's how we handle it.

Encrypted end to end

TLS 1.3 in transit. AES-256 at rest. API keys bcrypt-hashed. We don't cut corners on crypto.

SOC 2 providers

Our infrastructure runs on Vercel and Neon — both SOC 2 Type II compliant. We audit regularly.

Isolated by design

Every tester's credentials are encrypted with their own key. No customer can access another's data.

Infrastructure

The platform runs on Vercel's edge network with built-in DDoS protection and a global CDN. Our database is Neon's serverless PostgreSQL — automated backups, point-in-time recovery, encryption at rest. We picked providers who take security as seriously as we do.

Data protection

Every API call is encrypted with TLS 1.3. Data at rest uses AES-256. We store API key hashes, never the raw keys. Tester credentials — passwords, tokens, OAuth secrets — are encrypted with per-tester keys. Stripe handles all payment data; we never touch card numbers. Test data is deleted 90 days after a tester is terminated.

Identity security

Tester identities are the most sensitive thing in Zantiq. Each tester's identity components — email, phone, social accounts — live in isolated environments with unique encryption keys. There's no way for one customer's testers to see another's data. When you terminate a tester, credentials are destroyed within 24 hours.

Access controls

Authentication is OAuth 2.0 only — we never store passwords. API keys have optional expiration and instant revocation. Rate limits are enforced per plan tier. Dashboard sessions time out after 24 hours of inactivity. Every admin action is logged.

Found something?

If you've found a vulnerability, email security@zantiq.io. We'll respond within 48 hours. Please don't disclose publicly until we've had a chance to fix it. We don't have a formal bounty program yet, but we'll credit anyone who helps us improve.

Compliance

Our providers (Vercel, Neon, Stripe) maintain SOC 2 Type II compliance. We're working toward our own SOC 2 certification. We handle GDPR requirements for EU customers and offer data processing agreements on request. Reach out to compliance@zantiq.io.