Zillable Security at a Glance

Security Practices

The protection of customer information, including security, privacy and compliance, is of the utmost importance to Zillable. We understand how important data security is to our customers and work to the best of our abilities to ensure data are secured, confidential and private. In fact, we use the Zillable platform for nearly all of our communication. Ensuring that the Zillable service remains secure is vital to protecting our own data.

Two-Factor Authentication

For added security, Zillable allows enablement of two-factor authentication (2FA). 2FA is simply the process of using a password plus something else to log in to increase the security of the site or your log in credentials. If you are a network owner or admin, you can turn on/off 2FA for any member of your network. Once enabled, the member will be required to enter both their password and an authentication code in order to sign in to your Zillable network. The authentication code will be sent to the member’s registered email address. With 2FA enabled, only your members can log into your Zillable network, even if their passwords are compromised or stolen.

Security Features for Network Members & Administrators

The highest security risk to any system is usually the behavior of its users. We want to provide you with the tools you need to protect your own data. For example, we log every time your account is signed in to, noting the device used and location of the connection, and make these access logs available to you. Network administrators can review consolidated access logs for the whole network.

Password maintenance protocol

We are extra vigilant in protecting our user account system. Our password system is encoded with SHA-256 + secret key + salt supported by Spring Security. In the event of a hack, we further protect user passwords with salted password hashing. Salt is used to prevent dictionary and brute-force attacks against the key in the event the encrypted data is compromised. To reset a password, a user will need to provide their email (USERID), Zillable will generate an URL with a onetime token and will send the unique URL to user’s email. The user will need to click on that URL to set their new password. The URL will be expired if not used. As for password changes, users can change their passwords at anytime once they are logged in.

Encrypted Traffic by Default, in Both Directions

Zillable uses 256-bit encryption.

Secure Physical Location

Our servers are located in Amazon's AWS data centers. They've devoted an entire portion of their site to explaining their security measures, which you can find here: https://aws.amazon.com/compliance/

Zillable data centers

Amazon controls the physical components of Zillable’s data centers. To help customers better understand what controls AWS has in place and how effectively they are operating, AWS publishes a Service Organization Controls 1 (SOC 1), Type 2 report (aws.amazon.com/security/) with controls defined around Amazon EC2, Amazon S3, and Virtual Private Cloud (VPC), as well as detailed physical security and environmental controls. These controls are defined at a high level of specificity that should meet most customer needs.

Zillable Enterprise vs. Zillable Public

Your Zillable Enterprise network is private to your company. Only users with a valid and verified email address for your company can join your Zillable Enterprise network. Zillable was built from the ground up as an enterprise-grade collaboration and innovation platform with security built-in at every level and a high degree of control available.

Rights over customer data

Zillable Enterprise customers retain control and ownership of their data. Please review Zillable’s Terms of Use or the signed customer contract for more details. Zillable is a data processor and has no rights to any content, or responsibilities for the data posted within Zillable. Upon termination of an enterprise license agreement, we will collaborate with the customer on retrieval and assignment of relevant customer data to the customer. Professional service fees may be applied. We endeavor to only retain customer data for so long as necessary to ensure the safe transfer of relevant data to the customer.

Legal Hold

Zillable goes beyond compliance. Most collaboration tools today provide data retention options. But is that enough? Zillable goes further provides companies who have regulatory and legal requirements to preserve communications and data the additional abilities to retain the original data, edit logs, and even exercise legal hold on certain data or users. This level of detailed control is unprecedented, allowing companies to avoid the pitfalls of e-discovery and legal sanctions and save hundreds of thousands in legal and compliance costs and on third party solutions.

Confidentiality

We regard the information you share within your Zillable network as private and confidential to your network. We place strict controls over our employees’ access to internal data and are committed to ensuring that your data is never seen by anyone who should not see it.

Privacy

A fundamental privacy principle we abide by is that by default, anything you post to Zillable is private to your network. That is, viewing the messages and files shared within a specific network requires authentication as a member of that network. If you are using Zillable in a workplace or on a device or account issued to you by your employer or another organization, they will most likely have their own policies in place regarding storage, access, modification, deletion and retention of communications and content.

Experienced Team

Our R&D team members are experienced and keep their skills up to date as industry best practices evolve. We’ve coded, tested and administered many enterprise-grade applications and we bring the collective wisdom that comes with years of experience to Zillable. In fact, our founder built his career on intellectual property and security of data, particularly IP, which is as important to you as it is to us.

If you have additional questions regarding data privacy, security or confidentiality, we’d be happy to answer them. Please write to hello@zillable.com and we’ll respond as quickly as we can. If you believe you have found a security vulnerability on Zillable, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.

Experience an enterprise-grade collaboration
and innovation app
for free!

Legal

Regulatory

IT Security Protocol

Data Protection