Securing your data
Let's cover all the ways we protect your data
Encryption
Whenever your data is sent between us, it's encrypted using HTTPS (end-to-end encryption) and WSS (Secure Websockets). We use a 2048-bit SSL certification for encryption in transit and at rest (when the data is stored on disk). Your data is backed up daily, and we have achieved an A+ grading by Qualys SSL Labs.
Basically, your data is stored safely in the cloud and no one can access your information except you and us. Plus, we refresh our backups multiple times per day to make sure it stays current.
Service Partners
We choose our partners carefully. Our hosting partners are Amazon Web Services (AWS) and MongoDB (MDB). They both have achieved outstanding accreditations and certifications globally.
Furthermore, we do a routine check every month to make sure we're always following up with the industry's best practices in regard to privacy and security.
You Own Your Data
Let's make this clear. We are only custodians of your data. You are the sole owner of your data. Your clients' data is owned by your clients. We don't own any of your data nor your clients' data.
We've taken extra steps to help you manage your data securely. If you decide to go elsewhere, you can choose to export your data or leave it with us in case you come back in the future. If you abandon your account, your data will be archived and used according to our terms and conditions.
High Availability
We have multiple instances with data replication and auto-scaling to ensure our service is available whenever you need it and that we can handle an outburst of traffic and more than normal use.
We monitor our systems 24/7 and transparently communicate any issues or failures with our customers.
Real-time Security
Foodzilla is monitored 24 hours a day, 7 days a week, 365 days a year. Our automated anomaly detection has the ability to detect suspicious activity and lock the account in real-time. It can also detect spam and abuse at the signup stage and block bad actors at the gate.
We never store your account password in our servers. They are stored in a separate instance by our service provider (MDB) and no one can access them including us. In the unlikely event that Foodzilla app is compromised, your password is safe because we don't actually have them anywhere.
We offer bug bounties for new, responsibly disclosed issues. If you've found something, please contact us at support@foodzilla.io.
Vulnerability Disclosure
At Foodzilla, safeguarding our systems is super important to us. However, despite our best efforts, sometimes vulnerabilities may still sneak through. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.
Privacy and Compliance
We store your clients' consent information whenever you add one of your clients to our systems. This can help you prove to authorities that you comply with how data is stored and shared.
Clients can choose to revoke consent at any time and stop sharing data with you (and us). They can also request to delete their data from our system at any time through the app.
Data is currently stored in our AU data centers. We comply with the Australian and New Zealand Privacy Principles and data storage requirements. More data centers are coming soon for our international customers.
HIPAA Compliance
Foodzilla offers a dedicated HIPAA-compliant plan for healthcare practitioners. The HIPAA plan runs in a locked-down environment with only core features enabled: meal planning, recipes, and food management. Client management, integrations, files, and all other PHI-related features are fully disabled to ensure no protected health information ever enters the platform.
Foodzilla signs a Business Associate Agreement (BAA) with your organization for all HIPAA plans.