Zeplin aligns with the American Institute of CPAs industry-standard cybersecurity program SOC-2. Compliance with SOC-2's Trust Services Criteria controls for Security, Availability and Confidentiality (SOC-2 Type I) was most recently attained in April 2020, and we are currently in a period of continuing compliance in preparation for a SOC-2 Type II audit before the end of 2021.
Zeplin uses AWS for all compute and data hosting. Zeplin evaluates all our subprocessors, including AWS, to ensure they hold appropriate compliance certifications such as ISO27001. AWS detail their compliance online.
Privacy Shield Update 2020
Where Privacy Shield is not applicable and where required, the European Commission Decision C(2004)5271 Model Contract Clauses (Controller to Controller) (“Model Clauses”) will govern the transfer of such Personal Information.
You can read the Security Whitepaper, which describes our overall approach to Security, and the controls we have in place.