Security — ZELTREX

Infrastructure

DEDICATED HOSTING

Hetzner dedicated server in Germany (EU). Cloudflare edge network. No shared hosting — your data runs on isolated, single-tenant infrastructure.

Encryption

END-TO-END

TLS 1.3 in transit. AES-256 at rest. ECDH + AES-GCM end-to-end encryption for device synchronization. No plaintext data leaves your devices.

Authentication

MULTI-FACTOR

JWT token authentication with device fingerprinting. Optional two-factor authentication (2FA) via TOTP. Session tokens rotate automatically.

Access Control

6-TIER RBAC

Role-based access control with 6 tiers (T0 Owner through T4 End User + Personas). RPC allow-lists per tier ensure least-privilege access.

Data

ISOLATED STORAGE

Dedicated PostgreSQL instance per organization. Automated daily backups with verified restore. VPN-only administrative access.

Monitoring

REAL-TIME ALERTS

Prometheus + Grafana observability stack. Real-time alerts via ntfy. Anomaly detection for suspicious access patterns.

INCIDENT RESPONSE

Our incident response times are based on severity classification:

< 1 HOUR

Critical — Service down

< 4 HOURS

High — Major degradation

< 24 HOURS

Medium — Partial impact

COMPLIANCE

GDPR-ready: Data export and erasure RPCs built into the platform (see Privacy Policy)
Data residency: All data stored in Germany (EU) by default
Log retention: 90 days rolling, then purged
Audit trail: All administrative actions logged and immutable

SECURITY TESTING

Continuous SAST in CI pipeline — every commit scanned
Automated vulnerability scanning via security_analyzer.py (custom tool)
Dependency auditing with automated alerts for CVEs
JWT security hardened: Anonymous WS bypass fixed, role self-escalation prevented

REPORT A VULNERABILITY

If you discover a security vulnerability, please report it responsibly.

Email: security@zeltrex.com

We aim to acknowledge reports within 24 hours and provide a resolution timeline within 72 hours.