Here is the security page updated for Zealot Technology Corporation:

This document describes the technical and organizational measures we have adopted to ensure that the data we process is safe in our care.

Pages to reference:

Zealot Privacy Policy

Zealot - EU and CCPA Data Processing Agreement

Subprocessing

  1. Zealot uses third party subprocessors and services providers to help us perform our work for our customers. We will make every effort to ensure that each of our subprocessors and service providers complies with all data protection laws. This is done differently for different subprocessors and service providers:

a. Large-scale subprocessors and service providers such as cloud providers (AWS, Google Cloud or Azure) have their own data processing agreements (Each, a "DPA") under which they agree to comply with applicable laws and standards. We will confirm that those DPA's in place.

b. Smaller or newer subprocessors and service providers that do not necessarily have their own DPA's will be required to sign our DPA. Our DPA will be continually updated and posted on our website at joinzealot.com/data.

c. We will list our subprocessors on our website at joinzealot.com/data and will keep that list updated continually. We will post a notice of any changes on our website at least ten days prior to any subprocessor coming into contact with any customer personal data. We only process Payment Data to facilitate payment, and we only communicate it to those parties who are strictly necessary for that purpose. 2) In each case, and via the DPA's, Zealot will restrict the subprocessors' access to customer personal data only to what is necessary to assist Zealot in providing or maintaining the services and will prohibit the subprocessor from accessing customer personal data for any other purpose.

  1. As part of our due diligence when we add new subprocessors or service providers, we will ask any new subprocess or service provider to provide us with their DPA, and we will require the following assurances before entering into an agreement with them.

a. They must enter into a DPA with us that contains provisions similar to our DPA.

b. They must tell us in writing where their processing occurs.

c. They must disclose any threatened or active legal actions against them regarding data or privacy issues or breaches.

d. They must agree in writing that they will not use any of the customer personal data for any purposes other than to provide us the services we require, that they will not sell, rent, or make available to any third party any of the customer personal data, and that they will cooperate with us with regard to any customer request for information. All these provisions can be included in the DPA, but we will independently confirm their existence.

Security Measures

Zealot has implemented and will maintain appropriate technical and organizational security measures to protect customer personal data from security incidents and to preserve the security and confidentiality of the customer personal data ("Security Measures"). The Security Measures applicable to the Services are as follows:

  1. Network and Web Application Penetration Tests: Zealot shall continue to annually engage in network & web application penetration testing conducted by an accredited independent 3rd party. Upon any customer's written request, we will provide the executive summary of the report to Customer. We will address all high, critical and severe vulnerabilities in the findings of the report within a reasonable, risk-based timeframe and resolved within 90 days of the findings.