At ZENSTRO IT Solutions, security is a core part of how we operate — both in how we protect your data and in how we build the products we deliver to you. This Security Policy outlines our approach to keeping your information and projects safe.
To report a security concern, contact us at official@zenstro.space.
Data Protection
Your data is handled with strict confidentiality and never shared without consent.
Secure Development
All projects are built with security best practices from the ground up.
Access Control
Strict access controls ensure only authorized personnel handle your project.
Vulnerability Response
We take security reports seriously and respond promptly to any issues.
1. Our Security Commitment
ZENSTRO is committed to maintaining the security and integrity of all client data, project files, and communications. We implement industry-standard security practices across all our operations and deliverables.
2. Data Security
- All client data and project files are stored securely with access restricted to authorized team members only
- Communications containing sensitive information are handled through secure channels
- Client credentials, passwords, and access keys are never stored in plain text
- Project data is backed up regularly to prevent loss
- Upon project completion, sensitive client data is securely deleted unless retention is required
3. Secure Development Practices
All websites and systems we build follow security best practices, including:
- Input validation and sanitization to prevent SQL injection and XSS attacks
- HTTPS enforcement for all web projects
- Secure authentication implementation (hashed passwords, session management)
- Regular dependency updates to patch known vulnerabilities
- Principle of least privilege for user roles and permissions
- Secure payment integration using trusted third-party providers (no card data stored on our servers)
4. Access Control
We maintain strict access controls to protect your project and data:
- Only authorized ZENSTRO personnel have access to client project files
- Access is granted on a need-to-know basis
- All access credentials are managed securely and rotated regularly
- Client credentials provided to us (e.g., hosting access) are used only for the agreed purpose and deleted after project completion
5. Website Security
Our own website (zenstro.space) is secured with:
- SSL/TLS encryption (HTTPS) for all pages
- Regular security audits and updates
- Protection against common web vulnerabilities
- Secure contact form handling
6. Third-Party Services
We use trusted third-party services for certain functions (e.g., payment processing, hosting). These providers are selected based on their security standards and compliance. We do not share your data with third parties beyond what is necessary to deliver our services.
7. Incident Response
In the event of a security incident affecting your data or project:
- We will notify affected clients promptly
- We will investigate and contain the issue as quickly as possible
- We will take corrective action to prevent recurrence
- We will provide a clear account of what happened and what was done
8. Reporting a Security Vulnerability
If you discover a security vulnerability in our website or any project we've built, please report it responsibly:
- Email us at official@zenstro.space with details of the vulnerability
- Do not publicly disclose the vulnerability before we have had a chance to address it
- We will acknowledge your report within 48 hours and work to resolve it promptly
We appreciate responsible disclosure and will acknowledge your contribution.
9. Client Security Responsibilities
Clients also play a role in maintaining security:
- Keep your hosting, CMS, and platform credentials secure and do not share them unnecessarily
- Update passwords after project handover
- Keep your website's plugins, themes, and CMS updated after delivery
- Report any suspicious activity on your website to us immediately
10. Contact for Security Matters
For any security-related questions or to report an issue: