Security & Compliance

We understand that your data is the lifeblood of your business. When you entrust to us not only your content, but also viewership analytics, subscriber data, and anything else managed through our platform, we are committed to providing best-in-class security on all aspects of that data.

For that reason, we are proud to host and manage our infrastructure and your data to be compliant with industry-standard certifications including SOC2, PCI, ISO 27001 and GDPR & CCPA. We monitor our network and perform penetration testing internal and externally to ensure we are meeting and exceeding standards. And for your streaming video content, we offer multiple levels of content security, including available DRM encryption in partnership with industry leading standards and services.

Please reach out to security@zype.com with any security or privacy related incidents or inquiries.

How we host and manage your data

Zype hosts services using the following cloud infrastructure providers, who are themselves covered by the appropriate compliance standards under a shared responsibility model. The underlying provider assumes responsibility for physical hardware and security and virtualization controls. Additionally, the provider assumes responsibility for software it is running on Zype’s behalf, such as database platforms or content distribution. Zype assumes responsibility for the security and management of guest operating systems, configuration of firewalls and pre-existing software, and the development and deployment of custom applications.

Amazon Web Services

Zype uses AWS to deliver both internal and external parts of its infrastructure under the shared responsibility model for the following security and compliance standards:

ISO 27001 ISO 27017 ISO 27018
MPA SOC 2 GDPR

More information available here.

Google Cloud Platform

Zype uses GCP to deliver both internal and external parts of its infrastructure under the shared responsibility model for the following security and compliance standards:

ISO 27001 ISO 27017 ISO 27018
MPA SOC 2 GDPR

More information available here.

Stripe

Zype uses Stripe to offer payment processing options to its customers, under the following card processing standards:

PCI DSS Level 1 PSD2 SOC 2

More information available here.

Recurly

Zype uses Recurly to offer payment processing options to its customers, and to process payments for the Zype platform itself, under the following card processing standards:

PCI DSS Level 1 PSD2 SOC 2

More information available here.

SOC 2

Zype has received a SOC 2 ® Type II report asserting that our computing infrastructure and company procedures ensure proper controls on data security and service availability. This report is available upon request under an NDA.

PCI

Zype has self-certified its PCI compliance on payments for the Zype platform in accordance with our payment provider partners, and regularly reviews the PCI compliance of its partners. Specific details of this self-certification are available upon request under an NDA.

Personal Data and Privacy Rights

Zype is committed to protecting personal data and ensuring privacy for all customers worldwide. As part of that commitment, we are compliant with GDPR for services provided in the EU and CCPA for services provided in California.

At the customer’s request, our standard Data Processing Agreement can be executed on a customer’s behalf.

Our detailed Privacy Policy can be found below in the footer of our website.

Sub-Processors

Zype utilizes industry-recognized organizations to support its platform and services, so you can have peace-of-mind knowing your data is with trusted partners.

This list is current as of 2023-10-27.

Sub-Processor

Country of Jurisdiction

Country of Processing

Description of Processing

Amazon Web Services (AWS)

Amazon Web Services, Inc.

410 Terry Avenue North

Seattle, WA 98109-5210

United States

United States, Global

Cloud Infrastructure Services

Google Cloud Platform (GCP), Google Analytics, Google Tag Manager, Google Fonts

Google LLC

1600 Amphitheatre Parkway

Mountain View, CA 94043

United States

United States, Global

Cloud Infrastructure Services, Backups, Analytics Services, Fonts

Edgecast / Edgio

11811 N. Tatum Blvd, Suite 3031
Phoenix, AZ 85028

United States

United States, Global

Content Delivery Network

Akamai

145 Broadway

Cambridge, MA 02142

United States

United States, Global

Content Delivery Network

New Relic, Inc.

188 Spear St., Suite 1000

San Francisco, CA 94105

United States

United States

Site Monitoring / Observability Platform

Stripe

354 Oyster Point Blvd

South San Francisco, CA 94080

United States

United States

Payment Processing

Recurly, Inc.

201 Spear Street, Suite 1100

San Francisco, CA 94105

United States

United States

Payment Processing, Order Management

Ordway Labs

1707 L St. NW

Suite 850

Washington, DC 20036

United States

United States

Payment Processing, Order Management

MongoDB

1633 Broadway, 38th Floor

New York, NY 10019

United States

United States

Scalable Database Services

Cloudflare, Inc.

101 Townsend St

San Francisco, CA 94107

United States

United States

DNS

MediaMelon, Inc.

50 Francisco Street, Suite 265

San Francisco, CA 94133

United States

United States

Streaming Analytics / Intelligence

StatusPage, Jira

Atlassian

350 Bush Street Floor 13

San Francisco, CA 94104

United States

United States

Real-time status communication, software development tracking, change management tracking

Orca Security, Inc.

2175 NW Raleigh St, Suite 110

Portland, OR 97210

United States

United States

Cloud Security Platform

Crowdstrike

Crowdstrike Holdings, Inc.

150 Mathilda Place, 3rd Floor Sunnyvale, CA 94086

United States

United States

Endpoint Detection and Response, Cloud Security, Security Operations

Mailgun Technologies, Inc.

112 E Pecan St, #1135

San Antonio, TX, 78205

United States

United States

Transactional Email Platform

Salesforce, Inc.

415 Mission St 3rd Floor

San Francisco, CA 94105

United States

United States

CRM Platform

Zendesk, Inc.

989 Market Street

San Francisco, California 94103 

United States

United States

Customer Service Management

Hubspot, Inc.

25 First Street, 2nd Floor

Cambridge, MA 02141, USA

United States

United States

CRM and Marketing platform

 

Network Monitoring and Security

As part of Zype’s commitment to security and availability, we maintain logging and monitoring related to our infrastructure. All services are regularly monitored in real time for unusual activity, for performance tuning and for resolving unexpected issues. Access to Zype’s infrastructure is strictly controlled through a combination of secure authentication with a tiered authorization model as well as managed firewall rules to limit network access to well-known sources. Infrastructure is managed using a version-controlled source of truth that highlights any unexpected changes. All changes to infrastructure are audited and logged for review.

Penetration Testing

Zype has partnered with a reputable third party to conduct a manual penetration test on Zype systems at least annually and as-needed throughout the year. These tests identify system and app vulnerabilities, business logic flaws, and other opportunities for Zype to take its protection of data to the next level.

Content Security

All traffic between Zype and any external user is encrypted using industry-standard protocols. In all possible cases, we adhere to the recommendations set by Mozilla for the “Intermediate” compatibility tier in order to service the largest number of configurations while maintaining security.

In one specific edge-case related to older devices, metadata related to media content may be accessed using a subset of legacy ciphers that were carefully reviewed and deemed to be acceptable for this narrow purpose.

All content stored with Zype is encrypted at rest, and internal access is granted on an extremely limited basis as needed. Content is always encrypted when moving between parts of the infrastructure, such as from storage to a Content Distribution Network.

DRM - Digital Rights Management 

Zype's DRM implementation will encrypt video content, ensure that the viewer is authorized to consume the content, and then decrypt the video for playback.

DRM leverages the following industry standard content protection formats that rely on trusted video players: 

  • Google Widevine (DASH)
  • Microsoft PlayReady (HLS)
  • Apple FairPlay (DASH)

For more information, please see Product > Video Meta CMS > DRM.