ZestRecon
Legal
Security
Last updated: July 13, 2026
Security is core to how ZestRecon builds and operates its platform. This page summarizes the practices we follow to protect Customer Data and the ZestRecon Service. It is a summary, not an exhaustive technical specification.
Tenant isolation
Customer workspaces are tenant-scoped: data, findings, connectors, and reports for one workspace are not accessible from another. Access to a workspace requires authentication and is governed by role-based permissions configured by the workspace's administrators.
Encryption
Data is encrypted in transit using TLS. Sensitive credentials and secrets (such as connector tokens and API keys) are stored using one-way hashing or encrypted secret storage rather than in plain text, and full secret values are only ever displayed once, at creation time.
Access controls
Internal access to production systems is limited to personnel who need it to operate the Service, and is logged. Customer-facing accounts support role-based access control, and we recommend enabling multi-factor authentication and reviewing team membership and API key inventories regularly from the Administration section of the app.
Authorized scanning only
ZestRecon only assesses assets that a Customer has connected under its own authorized scope, as described in our Terms of Service. Assessment activity is scoped, logged, and available to Customer through the platform's audit log.
Vulnerability disclosure
If you believe you have discovered a security vulnerability in the ZestRecon platform or website, please report it to info@zestcyber.com. Include enough detail for us to reproduce the issue. We ask that you avoid accessing or modifying data that is not your own and give us a reasonable opportunity to investigate and remediate before public disclosure.
Incident response
We maintain an internal process for triaging and responding to security events affecting the Service. If an incident is determined to have affected Customer Data, we will notify affected customers in accordance with our contractual and legal obligations.
Contact us
For security questions or to report an issue, contact info@zestcyber.com or call (346) 235-5062.