Zolvi
EU-hosted · Encrypted · GDPR compliant

Security at Zolvi

Your survey data is sensitive. We treat it that way. All data is stored in the EU, encrypted in transit, and protected by industry-standard security practices.

Get started free GDPR compliance

Frankfurt, DE

Data center location

TLS 1.3

Encryption in transit

GDPR

Fully compliant

Data hosting

  • All data stored in Frankfurt, Germany (eu-central-1)
  • Hosted on Neon PostgreSQL with automated infrastructure management
  • No data transfers to the United States
  • European data residency guaranteed for all survey responses

Encryption

  • TLS 1.3 encryption for all data in transit
  • HTTPS enforced on all endpoints — no unencrypted connections
  • Database connections secured with SSL/TLS
  • Passwords hashed with bcrypt (cost factor 10+)

Authentication & access

  • JWT-based session management with 30-day expiry
  • OAuth 2.0 support (Google, GitHub providers)
  • Email verification required for new accounts
  • Organization-level data isolation — users only access their own surveys

Application security

  • Parameterized database queries — no SQL injection vectors
  • CSRF protection via SameSite cookies and origin checking
  • Content Security Policy (CSP) headers enforced
  • X-Frame-Options configured to prevent clickjacking (except survey embeds)
  • Rate limiting on authentication and API endpoints

Data backup & recovery

  • Automated daily database backups with point-in-time recovery
  • Backup retention for disaster recovery
  • Database hosted on fault-tolerant infrastructure with automatic failover

Organizational controls

  • Role-based access control (admin, member roles)
  • Team-level survey ownership and permissions
  • Audit-ready data export (CSV, JSON formats)
  • Survey data can be permanently deleted on request

Our security commitments

Security-first development

Security is considered at every stage of development. We follow OWASP guidelines and conduct regular code reviews focused on security.

Regular updates

Dependencies are kept up to date. Security patches are applied promptly. We monitor for vulnerabilities in our dependency tree.

Transparency

We believe in honest communication about our security posture. If you have security questions, contact us at security@zolvi.app.

Found a vulnerability?

We take security reports seriously. If you've found a security issue, please email us at security@zolvi.app. We aim to respond within 48 hours.

Ready to create secure surveys?

Start collecting responses with a survey tool that takes data protection seriously. Free plan available.

Get started free