Zipy
  • Welcome to Zipy ai
  • Getting Started
    • Install Zipy
    • Installing with Google Tag Manager
    • Supported frameworks
    • Security Overview
    • Sensitive User Data
    • SOC2 Type II
  • Zipy For Mobile
    • React Native Setup
      • Install React Native
      • Input Masking
      • Session Replay
      • Screen Transition Capture
      • Gesture Capturing
      • Unhandled Exception Capture
      • Custom Logging
      • Fetch and XHR Network Calls
      • Profiling
      • Device Information Capture
      • Session URL Retrieval
      • Identify Users
      • Firebase Integration
    • Flutter Setup
      • Install Flutter
      • Session Replay
      • Input Masking & Custom Masking
      • Screen Transition Capture
      • Gesture Capturing
      • Unhandled Exception Capture
      • Custom Logging
      • Http Network Calls
      • Dio Network Calls
      • Profiling
      • Device Information Capture
      • Session URL Retrieval
      • Identify Users
      • Firebase Integration
      • Session Recording Control
      • Data Sanitization
  • iOS Setup
    • Install in an iOS app
    • Identify Users
    • Screen Tracking & Tagging
    • Custom Logging
    • Session URL Retrieval
    • Session Recording Control
    • Input Masking & Custom Masking
  • Chrome Extension
    • Zipy Plug and Play Support
  • Configure
    • Zipy Recording Control
    • Release Version
    • Identifying Users
    • Adding Custom Identifiers
    • Anonymize Users
    • Source Maps
    • Blocking PII data
    • Ignoring Errors/Noise
    • npm Update
    • Support Integration
    • Session Stitching (rootDomain)
  • Product Features
    • Custom Events
    • Session Replay
    • Errors
    • Analytics
    • Time Filters
    • Multiple Filters
    • Clicked Element Filters
    • Manage Teams
    • Stack Trace
    • Console Logs
    • Network Requests
    • Network Headers and Payload
    • Custom Logs
    • Live Users
    • Alerts
      • Slack Alerts
      • Email Alerts
      • Live Alerts
    • Auto Resolve Errors
    • Zipy Labels Plugin
    • iFrame Support
    • API Performance
    • Heatmaps
    • Page Performance
    • Seen/Unseen Sessions
  • FAQs
    • Install Zipy
    • Session Replay Definition
    • Error Tracking
    • Error Classification
    • Environment Support
    • Impact on your App
    • Performance Impact
    • Mobile Support
    • Network Data Capture
    • API Performance Diagnostic Help
      • High DNS Time
      • High SSL Connection Time
      • High Connection Setup Time
      • Large API Response Size
      • High Response Time
      • Compression Not Enabled
      • Server side API Failures
      • Client side API Failures
      • Insecure Connections
  • Troubleshooting
    • Errors in npm
    • Network header missing in Zipy
    • Can't see user data in sessions
    • No recordings or errors visible
    • No network timing split available
  • Product Videos
    • Ask AI
    • Getting Started
    • Session Replay
    • Multiple Project Creation
    • Team Management
    • Alerting on Slack
    • Time Filters and Daily Alerts
    • Custom Identifiers
    • Ignore Errors
    • Identify Users
    • Dashboard
    • Resolve Errors
    • New Error Digest
    • Jira and Slack
    • Online/Offline Network Status
    • Zipy on Zipy
      • Zipy Product Roadmap
  • Whats new
    • Product Updates
  • Legal & Policy
    • Terms of Service
    • Privacy Policy
    • Fulfillment Policy
    • Cookie Policy
    • Acceptable Usage Policy
    • Zipy Sub Processor List
  • Integration
    • Azure DevOps
    • Factors
    • RB2B
    • Webflow
    • WordPress
    • Amplitude
    • Coralogix
    • DevRev
    • Drift
    • Errorception
    • Freshchat
    • Google Analytics
    • Heap
    • HelpScout
    • Honeybadger
    • Hubspot
    • Intercom
    • Mixpanel
    • New Relic
    • Pendo
    • Raygun
    • Rollbar
    • Segment
    • Sentry
    • Shopify
    • Sumo Logic
    • TrackJS
    • Zendesk
Powered by GitBook
On this page
  1. Getting Started

Security Overview

Zipy Security Overview

We believe that consumer experience data is very important for your business and security of this data is equally important.

Hence to provide our customers peace of mind we follow certain security standards and practices, which will constantly keep evolving to protect the data against any security breaches.

Our customers can control what data Zipy will record and store. Any data that our customers deem sensitive should not be recorded and Zipy will not store it.

The following are the best practices followed by Zipy to ensure the security of our customers data.

System Security

  • Servers and Networking

All production servers running Zipy are hosted on Google Cloud and support only https connections on port 443.

All recorded data transmitted from customer products to Zipy servers is over https and hence encrypted and secure. We support SSL certificates on all our network API endpoints.

Our website is also secure and supports https.

  • Storage Security

We are storing all customer data in Google Cloud Platform which allows multi layer access, encryption and monitoring.

Each customer data is stored in a separate bucket.

Data is stored in an encrypted manner using Google-managed keys. (Objects are encrypted automatically using keys that Google manages on Zipy’s behalf)

We plan to use Customer-managed keys going forward.

Employee Access

We use Google account roles and policies to verify employee account identity. We also provide two factor authentication for all sensitive data access. All Google Cloud based access is based on Google accounts.

Application Security

  • Sensitive Data

Any data that is sensitive to the customer shall not be recorded by Zipy unless specified or enabled by the customer. Zipy provides configuration parameters to allow the customers to enable and disable what data is recorded by Zipy.

  • All recorded data is transferred over https ( Data security in transit)

  • All recorded data is stored in encrypted format in separate customer partitions ( Data security in store)

  • SDK ( javascript) which is embedded in customers code

    • The sdk is hosted at a secure endpoint on the Google cloud and it cannot cause security vulnerabilities as all the communication endpoints are behind SSL certificates and only allow an https connection.

    • Every customer has a unique sdk key which can only be used by them. It is verified and authenticated in Zipy backend before storing any data for that customer. There is an additional handshake Zipy provides before any communication is initiated with Zipy servers for recording and storing data.

  • Developer interface

    • Our developer console - app.zipy.ai allows only authenticated users to login. We support standard JWT email authentication and SSO currently.

    • All current developer console REST APIs are over https.

PreviousSupported frameworksNextSensitive User Data

Last updated 1 year ago