Secure by default.
Trust, security, integrity and availability are core values of our product. ZITADEL is open source following transparent processes, tooling and product management. Our company is based in Switzerland complying to strict privacy laws.
Development and Location
Switzerland stands for security
The security and privacy of your data is our greatest promise. As a Swiss vendor we are required to one of the strictest privacy laws and compliance with GDPR .
Stay in control where your data is stored by choosing on of our available regions or self-host for highest control.
Principle
Transparency
Transparency is a key principle. That is why our source code is open source and free to use. Our product development and the tools, processes and vendors we use to create our software are available on Github or our Website.
Measures for security and data protection are disclosed in this trust center, our policies, and via OpenSSF Best Practices .
Our Sub-Processors
In order to achieve the best possible transparency we regularly publish which providers and services we use to offer ZITADEL. It can occur that we obtain the same services from several providers. We regularly audit all data processing agreements that we have with our sub-processors to guarantee privacy of your personal data.
When using ZITADEL Cloud the end-user data will be stored and processed by the following providers.
- Google Workspace
- IaaS Provider
- Mail Relay (SMTP)
- DNS Server
- DDOS Mitigation
- WAF
- CDN
- Cloud Load Balancer
- PKI for TLS
- DNS Registrar
How we use Google
We use Google as our infrastructure provider and for business applications and collaboration.
CockroachLabs
- Cockroach Cloud
How we use CockroachLabs
We use dedicated CockroachDB clusters on Google Cloud for the database layer of our cloud service.
Datadog
- Infrastructure Monitoring
- Metrics / Dashboards
- Alerting
How we use Datadog
Datadog is used for infrastructure monitoring, analytics, and alerting. We process log files which could include IPs and potentially query parameters.
The following providers are used for communication, request tracking, payment, and communication with our customers. No end-user data will be shared with these providers, except you use our default SMS/mail gateway.
GitHub
- Source Code Management
- Code Scanning
- Dependency Management
- Security Advisory
- Issue Management
- Continuous Integration
How we use GitHub
We use Github amongst other things for source control, CI, testing and for tracking bugs and customer issues.
Stripe
- Subscription management
- Payment process
How we use Stripe
Stripe handles payments and invoicing of our cloud service. No end-user data will be shared with Stripe.
Bexio
- Customer Management
- Accounting
- Payment process
How we use Bexio
Bexio is used for accounting, invoicing for services, and CRM.
Mailjet
- Marketing automation
How we use Mailjet
Mailjet allows us and our customers to communicate through email. No end-user data will be shared with Mailjet.
Postmark
- Transactional mails
How we use Postmark
Postmark allows us and our customers to communicate through email. No end-user data will be shared with these providers, except you use our default mail provider in your ZITADEL Cloud Instance. We recommend that you configure your own mail server per instance.
Vercel
- Hosting websites
How we use Vercel
Vercel Inc. provides us with hosting services for our different websites, including our marketing websites, documentation, and customer portal.
Following companies are additional providers for auxiliary services or optional to our services. You need to opt-in, actively use a feature, or browse our websites.
Twilio
- SMS Gateway
How we use Twilio
Twilio is a messaging platform which allows you to send SMS to end-users. Customers can configure their own SMS Gateway per instance.