Zithara Security

Physical Security

The Zithara.AI development center located in Hyderabad is secured with 24/7 physical protection. Access to the building and offices is restricted to authorized personnel only. Employees are permitted entry to the office following biometric authentication. Sensitive areas within the office are accessible solely to authorized individuals. Important documents are stored in secure cabinets, accessible only to designated personnel. The premises are monitored by surveillance cameras, with footage regularly reviewed by authorized staff. A policy is in place to manage and control visitor access to the facility. The office benefits from a continuous power supply, supported by an alternative uninterrupted power supply system to maintain operations during power outages. Zithara.AI's applications and data are hosted on Amazon Web Services, which has undergone rigorous security, availability, and business continuity assessments. For further information, please consult the AWS Security Whitepaper.

Application Security

All Zithara.AI applications and services are hosted on Amazon Web Services across various regions. The infrastructure for databases and application servers is managed and maintained by the cloud service providers. At Zithara.AI, we adopt a holistic approach to application security, ensuring that every aspect from engineering to deployment, including architecture, is thoroughly addressed.

Application Architecture

The application is initially safeguarded by AWS’s firewall, which is designed to mitigate standard DDoS attacks and other network-related threats. The subsequent layer of defense is a web application firewall (WAF) that actively monitors for malicious IP addresses, users, and spam activities. Access to the application is restricted to users with valid credentials; however, it is important to recognize that security in cloud-based solutions is a shared responsibility between the service provider and the businesses utilizing those cloud accounts. Our products facilitate administrators in enforcing industry-standard password policies and include features specifically aimed at protecting business data in the cloud:

Zithara.AI employs a multi-tenant data architecture to host all its applications. Each client is allocated a distinct database, ensuring that the system retrieves data exclusively associated with the logged-in tenant. Consequently, no client can access another client’s data. Access to the application by the Zithara.AI development team is also strictly controlled, managed, and subject to auditing. All-access to the application and its infrastructure is logged for future audits.

Application Engineering and Development

We adhere to a secure software development lifecycle, wherein security testing is integrated into the development, testing, and pre-release acceptance phases. A security review is an essential component of the application engineering process at Zithara.AI.

Software Changes and Release Management

Modifications in our production environment are executed through a meticulously defined and systematic process, transitioning from development and testing environments to final verification on staging prior to production deployment. Production deployments are exclusively carried out by authorized members of the DevOps team, with no other personnel granted access to our production environment.

Production Monitoring

Our dedicated Network Operations Center (NOC) team operates around the clock to oversee the application for any suspicious activities or potential attacks. We also engage in regular external audits conducted by third parties to validate the security status of our applications and services.

Data Security

Zithara.AI prioritizes the safeguarding and security of its customers' data. The company oversees the security of its applications and the data of its clients. The development team at Zithara.AI does not have access to data stored on production servers. All modifications to the application, infrastructure, web content, and deployment processes are meticulously documented as part of an internal change control protocol. The integrity and protection of customer data are of utmost importance to Zithara.AI. Data at rest is secured through AES-256-bit encryption (key strength – 1024), with key management handled by AWS Key Management Service. Additionally, all data in transit is encrypted using FIPS-140-2 standard encryption over a secure socket connection for all accounts hosted with us. Distinct environments are utilized for development and testing, with access to systems strictly controlled based on the principles of need-to-know and appropriate information classification, incorporating Segregation of Duties, which is reviewed quarterly.

Data Deletion

Upon the termination of your account with us, we ensure that all your data is thoroughly and securely deleted. Further details can be found in our terms of service.

Network Security

The network at Zithara.AI's office, where updates are developed, deployed, monitored, and managed, is fortified with industry-standard firewalls and antivirus solutions. This infrastructure is designed to safeguard internal information systems against unauthorized access and to deliver real-time alerts in the event of a security threat or incident. Firewall logs are systematically archived and reviewed on a regular basis. Access to the production environment is facilitated through SSH, with remote access strictly limited to the office network. Audit logs are generated for every remote user session and are subject to review. Furthermore, access to production systems is consistently secured through a multi-factor authentication process. Our data centers, hosted on AWS, comply with ISO 27001, SSAE-16, and HIPAA standards.

Reporting issues and threats

At Zithara.AI, we prioritize the security of our customers' data. Should you identify any issues or vulnerabilities that may affect the data security or privacy of Zithara.AI users, we encourage you to contact our Security team with the pertinent details so that we can address the matter promptly. We request that you refrain from disclosing or publicizing any unresolved vulnerabilities to third parties. Upon submission of a vulnerability report, the Zithara.AI security team, along with the relevant development teams, will make reasonable efforts to:

We greatly value your assistance in identifying and rectifying issues within our platform, and we will recognize your contributions to the community once the threat has been addressed. Public Disclosure Policy By default, this program operates under a “PUBLIC NONDISCLOSURE” policy, which stipulates: “THIS PROGRAM PROHIBITS PUBLIC DISCLOSURE. ANY INFORMATION REGARDING VULNERABILITIES DISCOVERED IN THIS PROGRAM MUST NOT BE RELEASED TO THE PUBLIC; FAILURE TO COMPLY MAY RESULT IN LEGAL CONSEQUENCES!” The Fine Print We reserve the right to amend the terms of this program or to discontinue it at any time. Any modifications made to these program terms will not be applied retroactively. Employees of Zithara.AI and their family members are ineligible for bounties.