Zillable Security at a Glance
The protection of customer information, including security, privacy and compliance, is of the utmost importance to Zillable. We understand how important data security is to our customers and work to the best of our abilities to ensure data are secured, confidential and private. In fact, we use the Zillable platform for nearly all of our communication. Ensuring that the Zillable service remains secure is vital to protecting our own data.
For added security, Zillable allows enablement of two-factor authentication (2FA). 2FA is simply the process of using a password plus something else to log in to increase the security of the site or your log in credentials. If you are a network owner or admin, you can turn on/off 2FA for any member of your network. Once enabled, the member will be required to enter both their password and an authentication code in order to sign in to your Zillable network. The authentication code will be sent to the member’s registered email address. With 2FA enabled, only your members can log into your Zillable network, even if their passwords are compromised or stolen.
The highest security risk to any system is usually the behavior of its users. We want to provide you with the tools you need to protect your own data. For example, we log every time your account is signed in to, noting the device used and location of the connection, and make these access logs available to you. Network administrators can review consolidated access logs for the whole network.
We are extra vigilant in protecting our user account system. Our password system is encoded with SHA-256 + secret key + salt supported by Spring Security. In the event of a hack, we further protect user passwords with salted password hashing. Salt is used to prevent dictionary and brute-force attacks against the key in the event the encrypted data is compromised. To reset a password, a user will need to provide their email (USERID), Zillable will generate an URL with a onetime token and will send the unique URL to user’s email. The user will need to click on that URL to set their new password. The URL will be expired if not used. As for password changes, users can change their passwords at anytime once they are logged in.
Our servers are located in Amazon's AWS data centers. They've devoted an entire portion of their site to explaining their security measures, which you can find here: https://aws.amazon.com/compliance/
Amazon controls the physical components of Zillable’s data centers. To help customers better understand what controls AWS has in place and how effectively they are operating, AWS publishes a Service Organization Controls 1 (SOC 1), Type 2 report (aws.amazon.com/security/) with controls defined around Amazon EC2, Amazon S3, and Virtual Private Cloud (VPC), as well as detailed physical security and environmental controls. These controls are defined at a high level of specificity that should meet most customer needs.
Your Zillable Enterprise network is private to your company. Only users with a valid and verified email address for your company can join your Zillable Enterprise network. Zillable was built from the ground up as an enterprise-grade collaboration and innovation platform with security built-in at every level and a high degree of control available.
Zillable goes beyond compliance. Most collaboration tools today provide data retention options. But is that enough? Zillable goes further provides companies who have regulatory and legal requirements to preserve communications and data the additional abilities to retain the original data, edit logs, and even exercise legal hold on certain data or users. This level of detailed control is unprecedented, allowing companies to avoid the pitfalls of e-discovery and legal sanctions and save hundreds of thousands in legal and compliance costs and on third party solutions.
A fundamental privacy principle we abide by is that by default, anything you post to Zillable is private to your network. That is, viewing the messages and files shared within a specific network requires authentication as a member of that network. If you are using Zillable in a workplace or on a device or account issued to you by your employer or another organization, they will most likely have their own policies in place regarding storage, access, modification, deletion and retention of communications and content.
Our R&D team members are experienced and keep their skills up to date as industry best practices evolve. We’ve coded, tested and administered many enterprise-grade applications and we bring the collective wisdom that comes with years of experience to Zillable. In fact, our founder built his career on intellectual property and security of data, particularly IP, which is as important to you as it is to us.
If you have additional questions regarding data privacy, security or confidentiality, we’d be happy to answer them. Please write to email@example.com and we’ll respond as quickly as we can. If you believe you have found a security vulnerability on Zillable, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.