Security Policy

Effective Date: 10.07.2025
Company Name: ZSUPPORT.AI LTD
Website: https://www.zsupport.ai/


1. Overview

We take security seriously. This Security Policy outlines the technical and organizational measures we implement to protect customer

data, ensure system integrity, and reduce the risk of unauthorized access to our SAP Agent AI platform and demo environment.


2. Data Security


a. Encryption

  • All data in transit is encrypted using TLS 1.2 or higher.

  • If applicable, sensitive stored data is encrypted at rest using AES-256 standards.


b. Access Control

  • Internal access to demo environments is restricted to authorized personnel based on role and need-to-know.

  • Authentication and access logs are monitored and reviewed.


c. Data Minimization

  • We do not collect production SAP data in demo mode.

  • All demo interactions are limited to non-sensitive, test-level information.

  • Any data entered during demo usage is automatically deleted after the evaluation period.


3. Application Security


a. Code Management

  • Our development follows secure coding practices and version-controlled deployments.

  • Security patches are applied regularly and monitored in CI/CD pipelines.


b. Vulnerability Management

  • We use automated tools to scan for vulnerabilities in application dependencies.

  • Critical vulnerabilities are remediated with priority.

  • Periodic security reviews are conducted internally.


4. Infrastructure Security

  • Our infrastructure is hosted in reputable cloud environments with strong physical and logical security

  • controls (e.g., AWS, Azure, or equivalent).

  • All servers are firewall-protected and monitored for unusual activity.

  • Demo environments are logically separated from production infrastructure.


5. Monitoring & Incident Response

  • Real-time monitoring is used to detect anomalies, misuse, or unauthorized access attempts.

  • In the event of a suspected breach or incident, we will initiate a structured incident response process, investigate,

  • contain, and notify impacted parties where legally required.


6. Customer Responsibilities

  • You are responsible for ensuring that no confidential or production-level data is entered into the demo environment.

  • Use of demo access must comply with your internal security and compliance policies.


7. Compliance & Privacy Alignment

We aim to align with key data protection regulations and industry best practices:

  • UK GDPR & EU GDPR

  • Swiss revFADP

  • ISO27001-aligned processes (non-certified)


8. Contact

If you have security-related concerns, requests for documentation, or need to report a vulnerability, please contact:

Security Contact
Email: contact@zsupport.ai
Company: ZSUPPORT.AI LTD