Trust & Security

Security posture

ZELODATA is a small B2B marketing and web development studio. We handle website assets, campaign data, analytics access, and client account permissions with a least-privilege approach.

This page describes our general security practices. It is not a SOC 2 report, ISO 27001 certification, penetration test report, or warranty.

Client account ownership

Clients should own their domains, ad accounts, analytics properties, hosting accounts, CMS accounts, and payment relationships with advertising platforms.

Where possible, ZELODATA works through delegated access instead of taking ownership of client accounts. When an engagement ends, we revoke or help transfer access as part of handoff.

Access controls

• Least-privilege access for client systems and internal tools.
• Multi-factor authentication where supported.
• Password manager use for credentials that cannot be delegated.
• Separate client workspaces where practical.
• Access review during onboarding, major scope changes, and offboarding.
• No intentional sharing of client credentials over unencrypted public channels.

Data handling

We try to collect the minimum data needed to evaluate an inquiry or deliver the agreed work.

Client marketing data is used to provide services, measure performance, troubleshoot campaigns, and report results. We do not use client data for unrelated secondary data products unless a client specifically authorizes that workflow in writing.

We prefer clients to grant tool-level access rather than sending raw passwords. When credentials are necessary, we store them in a password manager and remove them when they are no longer needed.

Infrastructure and website security

• HTTPS/TLS for zelodata.com.
• Static or pre-rendered website architecture wherever practical.
• No payment card collection on zelodata.com.
• No user account system on zelodata.com.
• Dependency updates during active maintenance windows.
• Modern hosting providers with their own physical, network, and platform controls.

Incident response

If we suspect unauthorized access to client data or personal information, we investigate, contain, preserve relevant evidence, and notify affected clients or individuals as required by law and contract.

Clients should promptly notify us if they suspect unauthorized activity in any account where ZELODATA has access.

Service providers

The specific tools used for a client may vary by scope. Common categories include hosting providers, email and calendar tools, project management tools, design tools, code repositories, analytics platforms, advertising platforms, call tracking, CRM tools, and professional advisors.

We disclose common categories in the Privacy Policy and can identify project-specific vendors during procurement or onboarding.

Limitations

We do not currently claim SOC 2, ISO 27001, HIPAA, PCI-DSS merchant processing, FedRAMP, or similar regulated certifications.

If a prospect or client requires a formal security questionnaire, data processing addendum, or vendor risk review, send it to support@zelodata.com before work begins.

Report a security concern

Please report suspected vulnerabilities, exposed data, or account abuse to support@zelodata.com with enough detail for us to reproduce or investigate the issue. Do not access, modify, destroy, or exfiltrate data that is not yours.