Security/Privacy Compliance and Best Practices

  • Updated

- Disclaimer - 

Zingtree highly values the security and privacy of Customer information and, therefore, is most committed to proactively ensuring its confidentiality, integrity, and availability. Consequently, Zingtree has designed security and privacy upfront into its products and services rather than just as an afterthought. Zingtree’s security and privacy program is designed to not just satisfy compliance standards, but to go beyond to embrace the concept of industry’s “best practices.”

Zingtree has been awarded its SOC2/Type2 and HIPAA third-party compliance.  Additionally, Zingtree has developed the requisite policies and processes to be compliant with an array of international and domestic privacy regulations, e.g., GDPR, CCPA, etc.

Below are some of the ways you can further protect your organization via Zingtree's settings.

Single Sign-on (Authors, End-Users and Authors)

Zingtree supports SAML 2.0 based Single Sign-on. This lets you require anyone accessing a tree to log in via your Identity Provider and authenticate themselves first.

You can have separate Identity Providers for:

  • Agents/End-users
  • Authors

Identity provider support includes:

  • ADFS (Microsoft Active Directory / Azure)
  • Google G-Suite
  • OKTA
  • OneLogin
  • Salesforce
  • And any other SAML 2.0 compliant identity provider.

You can set up SSO by clicking Account, Single Sign-on from the top menu bar - more info here.

Google Sign-in (Agents only)

Leverage Google Sign-in to verify the identity of agents or employees. This is incredibly easy to implement. In short:

  1. Add a list of authorized agents to your organization using the My Agents tool.Enable Google Sign-in Verification in Zingtree (Account > My Agents > Agent Tools > Agent Portal Options).
  2. Make sure each agent is logged into their Google accounts.

For example, if you have added an agent identified as joe@gmail.com, if Joe is logged into his Google account as joe@gmail.com, he will have access to your trees. If Joe is not logged into his Google account, he will be prompted to do so - more info here.

Data Retention

You can set a custom Data Retention Period. By default, this is Forever, but you can choose to delete your data after an amount of time you choose.

To set up a Data Retention Policy, go to Account > Organizations and Billing > Data Retention.

IP Filtering (Agents and End-Users)

Some Zingtree customers want to restrict access to their trees to a particular machine or location. You can do this using IP Filtering - more info here.

Author Security Options

  • Time out settings

    Zingtree lets you choose the length of time after which an author gets automatically logged out if he/she/they stay inactive.

    • Account > My Authors > Show Author Security Options > [input length in minutes]

  • Require Strong Password

    You can also force your authors to have a strong password for additional security.

    • Account > My Authors > Show Author Security Options > Require Strong Passwords for New Authors > [checkbox]

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Submit a Ticket