SECURITY & COMPLIANCE
ISO 27001 · SOC 2 TYPE I · GDPR · OFFICIAL META BUSINESS PARTNER · WHATSAPP BSP · SHOPIFY PARTNER
CERTIFICATIONS
ISO
ISO 27001
Certified information security management system covering the Zefir platform and operations.
SOC
SOC 2 Type I
Independent audit of security controls. Reports available to customers under NDA.
EU
GDPR
Full compliance for data subjects in the EU and UK, with data processing agreements available.
Official Meta Business Partner & WhatsApp Business Solution Provider
A direct, first-party connection to WhatsApp. No intermediaries in the message path.
Shopify Partner
Approved integration reviewed by Shopify.
US
TCPA & US Messaging Compliance
US messaging runs on TCPA-compliant opt-in, registered sender numbers, quiet-hours enforcement, and immediate opt-out handling — enforced before any message sends.
PLATFORM SECURITY
Encryption
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). WhatsApp messages are end-to-end encrypted in delivery.
Access control
Role-based access, least-privilege defaults, and full audit logs across the platform.
Authentication
Two-factor authentication with hardware-backed passkeys and authenticator apps. SSO available for enterprise accounts.
Infrastructure
Isolated environments, continuous monitoring, and independent penetration testing.
RELIABILITY
Platform uptime
Message delivery rate
Zefir processes millions of customer signals daily — orders, browsing events, message engagement — and holds throughput during peak commerce periods, including Black Friday and Cyber Monday.
RESPONSIBLE AI
Zefir’s AI decides what to send, when, and on which channel — for every customer. Those decisions run inside strict, monitored boundaries.
Human oversight
Brand voice and messaging boundaries are approved by the brand before the first send. AI operates within them, never outside them.
Anti-spam by design
Frequency caps, quiet-hours enforcement, and engagement-based throttling are enforced at the platform level. The AI cannot over-message a customer.
Consent, always
Messages are sent only to opted-in customers. Opt-outs are honored immediately and permanently across channels.
Continuous monitoring
Message quality, delivery health, and customer response signals are monitored continuously; anomalies trigger automatic holds and human review.
MESSAGING COMPLIANCE
TCPA-compliant opt-in for US messaging
Meta template approval on every WhatsApp template
Quiet-hours enforcement by recipient time zone
One-tap opt-out, honored across channels
Sender verification and registered numbers only
Compliance is enforced before any message leaves the platform.
YOUR DATA
Ownership
Brands own all customer and messaging data. Zefir provides infrastructure; it does not resell, share, or train external models on customer data.
Portability & deletion
Data export on request. Deletion honored fully under GDPR and applicable US privacy law.
Agreements
Data Processing Agreements, security questionnaires, and audit reports available to enterprise customers.
Enterprise customers get a dedicated account team, support for security reviews and vendor onboarding, and direct access to our security and compliance staff.
Talk to our team
