Security at ZeroGravity
We take the protection of your data seriously. Here's how we keep the platform secure.
Encryption in transit
All data between your browser and our servers is encrypted using TLS 1.2+. We enforce HTTPS across all endpoints and use HSTS to prevent downgrade attacks.
Secure authentication
Passwords are hashed with bcrypt. Access tokens are short-lived (8 hours) and refresh tokens rotate on every use. We support secure cookie-based sessions with SameSite and Secure flags.
Audit logging
All administrative actions are logged with timestamps, user identity, and IP address. Logs are retained for compliance and incident investigation.
Vulnerability management
Dependencies are monitored for known vulnerabilities. Critical patches are applied within 24 hours of disclosure. We conduct periodic security reviews of our codebase.
Security headers
All responses from zegravity.com include the following security headers:
Responsible disclosure
If you discover a security vulnerability, please report it responsibly by contacting us at hello@zegravity.com before disclosing publicly. We will acknowledge your report within 48 hours and work to resolve confirmed issues promptly. We appreciate security researchers who help keep our platform safe.
Report a vulnerability