Zeplin maintains a comprehensive set of IT controls to ensure it meets various compliance obligations.
Zeplin aligns with the American Institute of CPAs industry-standard cybersecurity program SOC-2. Compliance with SOC-2's Trust Services Criteria controls for Security, Availability and Confidentiality (SOC-2 Type I) was most recently attained in April 2020, and we are currently in a period of continuing compliance in preparation for a SOC-2 Type II audit before the end of 2021.
Zeplin uses AWS for all compute and data hosting. Zeplin evaluates all our subprocessors, including AWS, to ensure they hold appropriate compliance certifications such as ISO27001. AWS detail their compliance online.
Where required, the European Commission Decision C(2004)5271 Model Contract Clauses (Controller to Controller) (“Model Clauses”) will govern the the collection, use, and retention of Personal Information transferred from the European Union and Switzerland to the United States.
You can read the Security Whitepaper, which describes our overall approach to Security, and the controls we have in place.