Zona Utility
GDPR · LGPD · CCPA

Trust & security

How we handle your data, our infrastructure and the guarantees we give. No jargon — what matters.

Our 6 pillars

Encryption

TLS 1.3 in transit. AES-256 at rest (Supabase Postgres). Encrypted daily backups.

Authorization

Row-Level Security in Postgres. Each user sees only their own records.

Authentication

Supabase auth (email + OAuth). Bcrypt-hashed passwords. JWT rotation.

Infrastructure

Vercel edge (US/EU). Supabase Postgres 15. SOC 2 type II certified regions.

Compliance

GDPR, LGPD, CCPA. DPA available under NDA for Enterprise. 30-day deletion right.

Observability

Sentry for errors. 14-day log retention. No tool inputs logged by default.

Subprocessors

Providers processing data on Zona Utility's behalf. All with signed DPAs.

ProviderPurposeRegionPolicy
VercelHosting, edge, CDN
US/EU
View
SupabasePostgres + Auth + Storage
US/EU
View
StripePayments and billing
US/EU
View
ResendTransactional email
US
View
SentryError monitoring
US/EU
View

Your rights

  • Access: download your data from the dashboard.
  • Rectification: edit your profile anytime.
  • Deletion: delete the entire account within 30 days.
  • Portability: export your history to CSV/JSON.
  • Objection: immediate cancellation without penalty.

In case of an incident

If we detect a breach with risk to your data, we notify you within 72 hours (GDPR art. 33) with: nature of incident, affected data, measures taken, contact channel.

Priority channel: security@zonutility.com

Need a signed DPA?

Available for Business and Enterprise. Email privacy@zonutility.com.