This document is intended to be a resource for our customers. It is not intended to create a binding or contractual obligation between ZUMO PTY LTD (ABN 677 038 809) (“ZUMO”) and any parties or to amend, alter or revise any existing agreements between the parties. ZUMO is continuously improving the protections that we have implemented, so our procedures may be subject to change.
This document provides general guidelines and information regarding ZUMO's security and compliance practices. It is not intended to amend, alter, or revise any existing agreements between the parties or create any new contractual obligations.
ZUMO’s goal is to help marketing professionals and agencies reach and surpass their benchmarks for success. We believe in enhancing automation, improving communication, and boosting scalability in a consumer-friendly way, and we consistently provide future-embracing updates that exemplify these priorities.
Our AI-powered all-in-one sales, marketing, and customer relationship management (CRM) platform offers features such as automated marketing campaigns, detailed analytics, customer segmentation, and lead tracking.
At ZUMO, we measure our success by our customers' successes, and therefore, we prioritise optimising our offerings to meet their needs.
Our AI-powered all-in-one sales, marketing, and customer relationship management (CRM) platform offers numerous essential features to agencies and marketers. This expansive software solution provides limitless opportunities for our customers to set lofty sales goals and achieve them while being supported by our team of experts.
We have developed our security framework using best practices for the SaaS industry. Our key objectives include:
• Customer Trust and Protection: deliver superior products and services while protecting the privacy and confidentiality of data.
• Availability and Continuity of Service: ensure availability of the service and minimise risks to service continuity.
• Information and Service Integrity: make sure that customer information is never corrupted or altered inappropriately.
• Compliance with Standards: aim to comply with or exceed industry standard best practices.
We are commited to continuous improvement and regular updates to our security practices in line with evolving industry standards
In order to protect the data that is entrusted to us, ZUMO utilises layers of administrative, technical, and physical security controls throughout our organisation.
4.1 Cloud Hosting Provider
Cloud Hosting Provider ZUMO does not host any product systems or data within its physical offices. ZUMO outsources hosting of its product infrastructure to leading cloud infrastructure providers such as Google Cloud Platform Services and Amazon Web Services. Our product infrastructure resides in the United States. We place reliance on Google’s and AWS’s audited security and compliance programs for the efficacy of their physical, environmental, and infrastructure security controls.
4.2 Network and Perimeter
The ZUMO product infrastructure enforces multiple layers of filtering and inspection on all connections across our web application, logical firewalls, and security groups.
Network-level access control lists are implemented to prevent unauthorised access to our internal product infrastructure and resources.
4.3 Alerting and Monitoring
ZUMO invests in automated monitoring, alerting, and response capabilities to continuously address potential issues.
4.4 Encryption
All data transmitted to and from the Platform is encrypted using industry-standard protocols (
4.5 Access Controls
Strict access control measures are in place, including role-based access, multi-factor authentication, and regular audits of access logs.
4.6 Employee Training
Regular security awareness training is provided to all employees to ensure they are knowledgeable about the latest security threats and practices."
The ZUMO product infrastructure is instrumented to alert engineers and administrators when anomalies occur. In particular, error rates, abuse scenarios, application attacks, and other anomalies trigger automatic responses or alerts to the appropriate teams for response, investigation, and correction.
5.1 Web Application Defences
All customer content hosted on the platform is protected by firewall and application security. The monitoring tools actively monitor the application layer and can alert on malicious behaviour based on behaviour type and session rate.
5.2 Development and Release Management
ZUMO optimises our products through a modern, continuous delivery approach to software development. New code is regularly deployed. Code reviews, testing, and merge approval is performed before deployment.
ZUMO features seamless updates and, as a SaaS application, no downtime is associated with releases. Major feature changes are communicated through in-app messages and/or product update posts.
5.3 Vulnerability Management
The ZUMO team manages a multi-layered approach to vulnerability management, using a variety of industry-recognised tools and threat feeds to ensure comprehensive coverage of our technology stack.
ZUMO is committed to minimising system downtime. All ZUMO product services are built with redundancy. Server infrastructure is strategically distributed across multiple distinct availability zones and virtual private cloud networks within our infrastructure providers, and all web, application, and database components are deployed with a point in time recovery.
6.1 System Backups
Systems are backed up on a regular basis with established schedules and frequencies. Seven days’ worth of backups are kept for any database in a way that ensures restoration can occur easily. Backups are monitored for successful execution, and alerts are generated in the event of any exceptions. Failure alerts are escalated, investigated, and resolved.
6.2 Physical Backup Storage
Because we leverage public cloud services for hosting, backup, and recovery, ZUMO does not implement physical infrastructure or physical storage media within its products.
As described in our Privacy Policy, we do not sell your personal data to third parties. The protections described in this document and other protections that we have implemented are designed to ensure that your data stays private and unaltered.
7.1 Data Retention and Data Deletion
Current and former customers can make written requests to delete certain data, and ZUMO will fulfil those requests as required by privacy rules and regulations. ZUMO retains certain data like logs and related metadata to address security, compliance, or statutory needs.
ZUMO will notify customers as required by law if it becomes aware of a data breach that impacts your personal data.
In the event of a data breach, ZUMO will notify affected customers within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, the data affected, and steps being taken to mitigate the impact and prevent future occurrences.
ZUMO aims to provide features that enable our customers to easily achieve and maintain their GDPR compliance requirements. While ZUMO seeks to enable your GDPR compliance efforts, use of the ZUMO Platform along does not make you GDPR compliant.
