Zhade Labs logoZhade Labs
Privacy & Security

Clear security and privacy practices

Zhade Labs is designed with security and privacy considerations in mind. We document how data is handled, apply scoped access, and aim to keep data usage limited to what is necessary for the integration to function.

Privacy PolicyVisit the trust center

Security Statement

Last updated: December 16, 2025

Overview

At Zhade Labs (“Zhade”, “we”, “us”), protecting customer data and ensuring the security of our services is a core responsibility. We design, build, and operate our products with security in mind at every stage of their lifecycle.

This Security Statement provides an overview of the technical and organizational measures used by Zhade Labs to protect Customer Data processed through its cloud-based services.

This document is intended to complement our:

Additional contractual documents, including the DPA and the Authorized Sub-processor List, are available to customers upon request.

Scope

This Security Statement applies to all Zhade Labs cloud services and integrations distributed via third-party marketplaces, including Atlassian Marketplace and Google Workspace Marketplace.

Shared responsibility model

Security is a shared responsibility between Zhade and our customers.

Zhade is responsible for:

  • Security of the application code and backend services
  • Secure configuration of cloud infrastructure
  • Access controls, monitoring, and incident response
  • Safeguarding Customer Data processed by the Product

Customers are responsible for:

  • Managing user access and permissions in connected platforms (e.g., Jira, Google Chat)
  • Protecting credentials and administrator accounts
  • Configuring integrations in accordance with their internal security policies

Security governance

Zhade follows security-by-design principles across product development and operations:

  • Security considerations are incorporated during architecture and design
  • Code changes undergo peer review prior to deployment
  • Production changes are deployed through controlled CI/CD pipelines
  • Access to production systems is limited to authorized personnel only

Infrastructure security

Zhade operates its services on industry-leading cloud infrastructure providers. Key measures include:

  • Isolated environments for development, staging, and production
  • Network-level protections using cloud-native firewalls and private networking
  • Service-to-service authentication and authorization
  • No direct public access to internal databases or caches
  • Production workloads hosted primarily in the European Union

Access control

Access to systems and data is restricted based on the principle of least privilege:

  • Role-based access control (RBAC) for internal systems
  • Multi-factor authentication (MFA) for administrative access
  • Centralized identity management for staff
  • Regular review and revocation of access when no longer required

Data protection and encryption

Zhade implements encryption and data protection measures appropriate to the sensitivity of the data processed:

  • Encryption in transit using TLS 1.2 or higher
  • Encryption at rest supported by underlying cloud providers
  • Secure storage of secrets using managed secret management services
  • Tokens and credentials are encrypted or stored in protected secret stores

Logging, monitoring, and detection

We maintain logging and monitoring to support availability, troubleshooting, and security incident detection:

  • Application and infrastructure logs are collected centrally
  • Logs are protected from unauthorized modification
  • Monitoring and alerting are configured for abnormal behavior and service health
  • Log retention periods are limited and aligned with operational and legal requirements

Secure development practices

Zhade follows secure software development lifecycle (SDLC) practices, including:

  • Peer-reviewed code changes
  • Automated testing as part of CI/CD pipelines
  • Dependency vulnerability scanning where supported by tooling
  • Secure handling of secrets and credentials during development and deployment

Incident response

Zhade has processes in place designed to identify, assess, and respond to security incidents and personal data breaches. In the event of a confirmed incident affecting Customer Data, Zhade follows internal incident response processes intended to support timely investigation, containment, and remediation, taking into account the nature and scope of the incident.

Where required by applicable law or contractual obligations, including the Data Processing Addendum (DPA), Zhade will notify affected customers in accordance with those requirements. Corrective measures may be implemented, as appropriate, to reduce the likelihood of similar incidents occurring in the future.

Business continuity and backups

To support service availability and resilience:

  • Cloud infrastructure leverages redundancy and managed availability features
  • Backups are performed using cloud-native backup mechanisms
  • Backup data is protected and retained for limited periods in accordance with retention policies

Sub-processors and supply chain security

Zhade engages vetted third-party service providers (“sub-processors”) to support the delivery of its services, such as cloud infrastructure, databases, caching, and customer support systems.

All sub-processors:

  • are engaged solely to the extent necessary to provide services to Zhade;
  • are subject to written data protection and confidentiality obligations no less protective than those set forth in the DPA; and
  • process Customer Data only in accordance with Zhade’s documented instructions.

A current list of authorized sub-processors applicable to Zhade’s services is maintained by Zhade and is available to customers upon request.

Employee security awareness

Personnel with access to systems or Customer Data are:

  • bound by confidentiality obligations;
  • provided with security and privacy awareness guidance appropriate to their role;
  • granted access only to systems necessary for their responsibilities.

Compliance and certifications

Zhade Labs does not currently hold independent security certifications such as ISO 27001 or SOC 2.

However, Zhade aligns its security practices with widely recognized industry standards and leverages infrastructure providers that maintain independent certifications and compliance programs.

Transparency and updates

We may update this Security Statement as our products, infrastructure, or security practices evolve.

Material changes will be reflected by an updated “Last updated” date.

Contact

For security-related questions, access to our Data Processing Addendum (DPA), or requests regarding authorized sub-processors, please contact:

Email: security@zhadelabs.com
Website: https://zhadelabs.com