We take security seriously at Zaimirai. As long-time developers with strong backgrounds in information security, our security culture starts at the top and permeates every facet of our day to day operations. All employees and contractors are required to read, acknowledge annually, and strictly adhere to our Information Security Policies and Procedures within the Zaimirai Information Security Management System.
Zaimirai and the European Union General Data Protection Regulation (GDPR)
Zaimirai is committed to complying with our users’ rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.
Controlling Access To Your Data
Zaimirai has strict policies in place that are designed to safeguard sensitive information, including customer data, by restricting access to authorized users and providing a reliable audit trail of system events and activity in order to identify unauthorized access or activities.
Access to Zaimirai information is restricted to ensure only authorized users or groups of users (in the case of accountant-managed clients) are granted rights. Authorization is granted by applying the principle of least privilege which begins at no access and expands as needed to information required by the authorized user in a controlled manner. This applies to both customer access and employee access at Zaimirai. Zaimirai logs and monitors system activity throughout its interconnected Zaimirai services.
Account Creation and TwoFactor Authentication (2FA)
To help enforce strong account access, Zaimirai searches public databases for known compromised username and password combinations. If a match is discovered during account creation or password changes, the provided credentials are denied.
Zaimirai allows – and highly encourages – customers to enable 2FA within their accounts. Enabling 2FA adds an extra step at sign in and provides an extra layer of access control to one’s account and data. You can read more about 2FA or sign in now and enable 2FA.
Employees at Zaimirai are required to use 2FA in their day-to-day work, including services such as email, cloud access, and messaging.
Multi-Layered Security and Encryption
Zaimirai protects sensitive data, including customer data, through a series of access control policies and state of the art encryption technology. We control network traffic to and from authorized devices through carefully constructed rules including, but not limited to, the type of data permitted, frequency of data permitted, and intended origin/destination of the data. At the application layer, additional safeguards are in place to ensure the users are granted access only to their own data and are restricted to performing operations authorized against a set of well-defined privileges. At the data layer, Zaimirai encrypts data considered private or sensitive such as third party API keys, blockchain infrastructure keys, tax forms, account data including passwords, and wallet extended public keys (xPubs).
Zaimirai ensures third party service providers implement and effectively operate appropriate controls to protect the privacy and security of Zaimirai Information Security Management System and data.
For sub-service providers, a current SOC 2 Type II audit report is requested and reviewed annually when available.
Security Questions or Issues?
If you think you may have found a security vulnerability within Zaimirai, please get in touch with our security team.