Information Security Policy

Effective Date: December 28, 2025

Last Updated: December 28, 2025

1. Overview

At Zetric, we are committed to maintaining the highest standards of information security to protect our customers' data and our business operations. This Information Security Policy outlines the framework and specific controls we have implemented to ensure the confidentiality, integrity, and availability of our information systems.

2. Information Security Program

We maintain a comprehensive information security program that is aligned with industry best practices. Our security measures are designed to protect against unauthorized access, use, disclosure, disruption, modification, or destruction of information.

3. Vulnerability Management

We strictly adhere to a vulnerability management policy to identify, assess, and remediate security vulnerabilities in our systems.

Remediation Timelines

  • Critical Vulnerabilities: Remediated within 48 hours of discovery.
  • High Severity Vulnerabilities: Remediated within 7 days of discovery.
  • Medium and Low Severity Vulnerabilities: addressed within 20 days of discovery.

We utilize automated tools for continuous dependency scanning (e.g., Dependabot, npm audit) and conduct regular security assessments.

4. Access Control

Access to Zetric's production systems and customer data is strictly controlled based on the principle of least privilege.

  • Privileged Access Reviews: Conducted monthly for all administrative and privileged accounts.
  • Standard Access Reviews: Conducted quarterly for all non-administrative user accounts.
  • Authentication: We enforce strong password policies and support Multi-Factor Authentication (MFA). Critical integrations use secure OAuth 2.0 flows with PKCE.

5. Data Protection

We implement robust encryption and security measures to protect data throughout its lifecycle.

  • Encryption in Transit: All data transmitted between our clients and servers is encrypted using TLS (Transport Layer Security).
  • Encryption at Rest: Sensitive data stored in our databases is encrypted at rest using industry-standard encryption algorithms (e.g., AES-256).
  • Data Isolation: We use Row-Level Security (RLS) to ensure strict data isolation between different customer workspaces.

6. Device and Endpoint Security

All company-owned and managed devices used to access Zetric systems are secured with the following controls:

  • Anti-malware protection
  • Full-disk encryption (e.g., BitLocker, FileVault)
  • Host-based firewalls enabled
  • Automatic screen lock after inactivity
  • Locked-down administrative privileges

7. Monitoring and Incident Response

We employ comprehensive monitoring systems to detect and respond to security incidents.

  • Breach Detection: We have systems in place (via Vercel and Supabase infrastructure) to detect anomalies, suspicious traffic, and authentication failures.
  • Incident Response: We have a documented incident response plan to address security breaches promptly and notify affected parties in compliance with applicable laws (GDPR, CCPA).

8. Contact Us

If you have any questions about this Information Security Policy or wish to report a security concern, please contact us:

Email: support@zetric.co

Zetric - Comprehensive profit analytics for e-commerce businesses.

© 2025 Zetric. All rights reserved.

Information Security Policy - Zetric