Enterprise-Grade Security

Rest easy knowing your company's information remains private and secure, thanks to SOC2/Type 2 and HIPAA compliance, and much more.

Built on the top standards in the industry

Our commitment to your security


We build our product, services, and internal processes with the integrity of your information in mind.


We’ve achieved breadth and depth in our compliance programs, adhering to SOC2, HIPAA, GDPR, CCPA, and others.

A constant priority

We’re committed from top-to-bottom to ensuring we meet or exceed security regulations and customer requirements.


Is Zingtree compliant with industry standard security and privacy regulations?

Yes. Zingtree has been awarded its SOC2/Type2 and HIPAA third-party compliance attestation.
Zingtree’s policies and processes also satisfy the compliance standards for GDPR and CCPA privacy regulations. 

Does Zingtree base its security program on a reputable industry standard?

Zingtree uses the National Institute of Technology and Standards’ (NIST) risk management standards (RMF)/Cybersecurity Framework (CSF) and the associated security policies and controls, as presented in its SP 800-53, r5.

In support of this privacy framework, Zingtree has developed the requisite policies and processes to be compliant with an array of international and domestic privacy regulations, such as GDPR, CCPA, etc.

These include safeguards surrounding governance, security/privacy compliance, industry best practices, and culture. Zingtree likewise stays proactive on the industry's latest security and privacy challenges and responses, in order to minimize potential exposure.

Does Zingtree do third-party security and privacy assessments, such as penetration testing?

Yes. In addition to conducting its own internal audits, Zingtree periodically engages qualified third parties to conduct compliance audits, vulnerability scanning, penetration testing, legal compliance reviews, GDPR Article 27 representation, and a variety of other security and privacy services.

What type of information does Zingtree store and process, and how sensitive is it?

Zingtree stores and processes Protected Health Information (PHI) and personal data (including Special Category). Credit card information is handled via a third-party (ie, Stripe).

How does Zingtree transmit information?

All information gets transmitted by HTTPS/SSL and/or secure API.

What security and privacy policies has Zingtree enacted?

Zingtree has developed and published a comprehensive set of 48 security and privacy policies, which are annually approved by Zingtree's executive management and third-party auditors. All Zingtree's employees are required to annually review and acknowledge these policies.

Does Zingtree have a security awareness training program?

Yes, Zingtree has implemented comprehensive security and privacy awareness training, including:
– Security/privacy briefings for new hires
– Annual company
-wide security/privacy training
– Periodic company
-wide messages about security

Where is Zingtree hosted and how is it secured?

Zingtree is hosted on Amazon Web Services (AWS) in multiple geographic regions including the US East (Northern Virginia) and Europe (Ireland). Security and Compliance is a shared responsibility between AWS and Zingtree. AWS is responsible for the “Security of the Cloud” and Zingtree is responsible for the “Security in the Cloud”. Please see AWS' Shared Responsibility Model.

Is there a Disaster Recovery Program?

Yes, Zingtree has implemented a comprehensive disaster recovery program (DRP), which is based on NIST SP 800-34, r1. Moreover, Zingtree conducts a formal business impact analysis (BIA) annually, and periodically tests the DRP for failover and backup/restore performance.

Does Zingtree have a security incident response program?

Yes, Zingtree has implemented a comprehensive security incident response (SIR) plan, which is based on NIST SP 800-61, r2.

Does Zingtree have a change management program?

Yes, Zingtree has implemented a formal change management program, which includes a comprehensive policy that consists of procedures to be followed and documented.

Is there an access control policy?

Yes, Zingtree has implemented a comprehensive access control policy, which includes:
– Unique user ID’s
– Role-based assignment of user accounts, with manager and security approval
– Complex passwords and periodic forced changing
– Periodic user entitlement reviews

Want to see
zingtree in action?

Two ways you can learn more today.

Check out our pricing and packages to see if Zingtree might be a good fit for your organization.

Schedule time with our team to get a full breakdown of everything Zingtree can do. Recommended for medium-to-large organizations.