How we keep your data safe.

Encryption

Every connection between you and us is encrypted with TLS. The marketing site (zephlet.com) and the app (login.zephlet.com) both redirect any plaintext request to HTTPS, and our certificates are managed through Cloudflare with HSTS turned on — so a protocol downgrade isn't an option.

Where your data lives

We host on OVHcloud and DigitalOcean. Both run their own datacenters with audited physical security, redundant power and network paths, and independent compliance attestations.

• OVHcloud — full compliance program at us.ovhcloud.com/compliance (SOC 2, ISO 27001, and more).
• DigitalOcean — independently audited (SOC 2 Type II, ISO 27001) with hardened datacenters.

We don't ship your data to third-party SaaS databases or analytics vendors — it stays on infrastructure we directly control.

Subscription payments

Paying for a Zephlet subscription goes directly through Stripe, a PCI-DSS Level 1 payment processor. Your card number is entered on Stripe's hosted checkout, never touches our servers, and is never stored in our database. We see only what Stripe shares back: a customer ID, the last four digits, and your subscription state.

Zephlet isn't a marketplace — there's no flow where you take payments from your own customers through us — so no card data moves through our app at all.

Reporting a security issue

If you spot something, please tell us. Use the support page and pick the Something broke category — security reports route to the same team and we triage them within 24 hours.

Changes to this page

If our security posture meaningfully changes (a new vendor, a new attestation, a new control), we'll update the date at the top.