Security Policy
Last Updated: May 2026
Objective
To protect Zeek Maps data and infrastructure, we implement robust security practices:
Data Encryption
All data in transit is protected by TLS (HTTPS). Sensitive data at rest (e.g. user passwords) is encrypted or hashed. Payment info is tokenized via PCI-compliant gateways; we never store full card data.
Access Controls
Systems use strong authentication (unique credentials, 2FA) and the principle of least privilege. Production servers and databases are on secure cloud platforms with firewalls. Administrative access is logged and restricted.
Infrastructure Security
Servers and services are regularly patched. Unnecessary services/ports are disabled. We conduct vulnerability scans and penetration tests periodically.
Monitoring & Incident Response
We monitor for suspicious activity (logins, data exports). In the event of a suspected breach, an incident response team will investigate, contain, and remediate. Affected users and regulators will be notified promptly in line with law.
Data Backups
User data and content are backed up securely. Backups are encrypted and access-limited. We retain backups only as long as necessary.
RBAC for Admins
Internal user roles (e.g. support vs. developer) have controlled access to systems. Changes to permissions or data access are reviewed.
Developer Practices
Code deployments follow CI/CD with code reviews. Secrets (API keys, passwords) are managed securely (e.g. vaults).
Employee Security
Staff receive training on data protection. We enforce confidentiality obligations and conduct background checks on key personnel.
Third-Party Security
Vendors must have adequate security certifications (e.g. ISO 27001). We review their security practices before integration (e.g. for hosting, analytics).
Contact
We review and update this Security Policy regularly. Users should report any security issues to security@zeekmaps.com.