Zeplin maintains a comprehensive set of IT controls to ensure it meets various compliance obligations. Zeplin has certification with the U.S. Department of Commerce to participate in the EU-U.S. Privacy Shield Framework. Full details can be found in the Privacy Policy, and more specifically in the Privacy Shield policy.

Zeplin aligns with the American Institute of CPAs industry-standard cybersecurity program SOC-2. Compliance with SOC-2's Trust Services Criteria controls for Security, Availability and Confidentiality (SOC-2 Type I) was most recently attained in April 2020, and we are currently in a period of continuing compliance in preparation for a SOC-2 Type II audit before the end of 2021.

More Information

Where Privacy Shield is not applicable and where required, the European Commission Decision C(2004)5271 Model Contract Clauses (Controller to Controller) (“Model Clauses”) will govern the transfer of such Personal Information.

You can read the Security Whitepaper, which describes our overall approach to Security, and the controls we have in place.

Did this answer your question?