Zapflow is the industry leading platform for professional investors

Operational security and data security run deep in our DNA

Security is one of the most important criteria for selecting a deal flow tool. Due to the sensitive nature of the information stored on our platform, your security is paramount. Thanks to our comprehensive security features, we are currently trusted by several big banks, sovereign funds and Fortune 500 companies.

Data security

All data in Zapflow is encrypted at all times when stored, including all database entries, attached documents and emails. The data is stored encrypted in the Amazon Web Services (AWS) RDS service. All documents and email attachments are stored in AWS S3 in an encrypted bucket. The encryption keys are managed by AWS KMS. AWS provides services that comply with the highest security standards in the industry, including SOC 3, PCI DSS Level 1 and MTCS Level 3.

Network security

Any network traffic in and out of Zapflow servers will always be transported over encrypted network protocols: SSL, WSS and SSH. The application servers are hosted in a Virtual Private Cloud (VPC) and only the internet facing application servers are exposed through a firewall and load balancers. The databases and application servers are protected by firewalls. The firewalls only allow access to dedicated ports and protocols required by the application architecture.

Privacy and visibility

Zapflow pays the utmost attention to our customers’ data privacy and visibility. Access privileges to the data are managed and checked on four levels: input data validation, database queries, business logic and upon data serialization. In addition to that, role-based authorization privileges are checked upon every request to our application servers.

Secure authentication

All requests to Zapflow are authenticated with authentication tokens over secure network channels. There are three kinds of tokens; API access tokens have a long lifetime and are managed by the customer, mobile application tokens have a lifetime of 30 days and can be revoked by the user/admin, the session token default inactivity timeout is set at 15 minutes, but is fully customizable. The session token is generated upon successful user identification either by username/password login or SSO/2FA login. User passwords are never stored on Zapflow servers, we use industry-standard hashing algorithms for generating a hash from the provided password and only store the hash value in our database.

Automated audit logs

All requests to the Zapflow application servers are logged and logs are stored and encrypted on the AWS S3 service. An object-level change timeline is provided for select objects.

Internal data access

All Zapflow employees have signed an agreement to treat all customer data in accordance with Zapflow’s data management policies, which incorporate industry best practices. Zapflow also has controls in place to allow access to customer data only by employees who have a business need to know and who possess appropriate entitlements to view such data. Our developers do not have access to customer data.

Uptime and durability

The AWS RDS Database is configured with a multi-zone hot swap replica. The automated backups are stored daily and in multiple locations. Zapflow uses third-party tools to monitor service availability worldwide and our personnel is automatically notified of any outages.

Virtual Private Network

The Zapflow AWS application servers are protected by firewalls and only the internet facing servers can be accessed via SSL and WSS protocols. Any other access to our servers is limited to VPN. Access to the VPN is given only to our DevOps team and is only allowed with public key authentication.

Two-factor authentication

Zapflow AWS access policy requires all users to use Two-factor authentication (2FA) to log in to Zapflow Amazon Web Services accounts. 2FA can also be integrated into customer user accounts when they login to Zapflow. For more details on this subject please contact