Securing your data

Let's cover all the ways we do to protect your data

Encryption

Whenever your data is sent between us, it’s encrypted using HTTPS (end-to-end encryption) and WSS (Secure Websockets). We use a 2048-bit SSL certification for encryption in transit and at rest (when the data is stored on disk). Your data is backed up daily, and we have achieved an A+ grading by Qualys SSL Labs.

Basically, your data is stored safely in the cloud and no one can access your information except you and us. Plus, we refresh our backups multiple times per day to make sure it stays current.

Service Partners

We choose our partners carefully. Our hosting partners are Amazon Web Services (AWS) and MongoDB (MDB). They both have achieved outstanding accreditations and certifications globally which can be found here (AWS) and here (MDB).

Furthermore, we do a routine check every month to make sure we're always following up with the industry's best practices in regard to privacy and security.

You own your data

Okay, let's make this clear. We are only custodians of your data. You are the sole owner of your data. Your clients' data is owned by your clients. We don't own any of your data nor your clients' data.

We've taken extra steps to help you manage your data securely. If you decide to go elsewhere, you can choose to export your data or leave it with us in case you come back in the future. If you abandon your account, your data will be archived and used according to our terms and conditions.

High availability

We have multiple instances with data replication and auto-scaling to ensure our service is available whenever you need it and that we can handle an outburst of traffic and more than normal use.

We monitor our systems 24/7 and transparently communicate any issues or failures with our customers. You can see our system performance history here

Real-time Security

Foodzilla is monitored 24 hours a day, 7 days a week, 365 days a year. Our automated anomaly detection has the ability to detect suspicious activity and lock the account in real-time (without requiring a page refresh). It can also detect spam and abuse at the signup stage and block bad actors at the gate.

Furthermore, we never store your account password in our servers. They are stored in a separate instance by our service provider (MDB) and no one can access them including us. We do store other information about you such as email, accountId and other data to identify your account. In the unlikely event that Foodzilla app is compromised, your password is safe because we don't actually have them anywhere.

We offer bug bounties for new, responsibly disclosed issues. If you’ve found something, please contact us at [email protected].

Vulnerability Disclosure

At Foodzilla.io, safeguarding our systems is super important to us - it’s right at the top of our to-do list every day! However, despite our best efforts, sometimes vulnerabilities may still sneak through. If you discover a vulnerability, we would like to know about it, so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Out of scope vulnerabilities:

  • - Clickjacking
  • - Cross-Site Request Forgery (CSRF)
  • - Attacks requiring MITM or physical access to a user's device.
  • - Any activity that could lead to the disruption of our service (DoS).
  • - Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS.
  • - Email spoofing
  • - Missing DNSSEC, CAA, CSP headers
  • - Lack of Secure or HTTP only flag on non-sensitive cookies
  • - Deadlinks
  • - Anything related to DNS or email security
  • - Rate Limiting
  • - XSS (Cross-Site Scripting)
Note: foodzilla.io reserves the right to designate any reported vulnerability as out of scope.

Privacy and Compliance

We store your clients consent information whenever you add one of your clients to our systems. This can help you prove to authorities that you comply with how data is stored and shared.

Clients can choose to revoke consent at any time and stop sharing data with you (and us). They can also request to delete their data from our system at anytime through the app.

Data is currently stored in our AU data centers. For this reason, we have not achieved HIPAA nor GDPR compliance yet. We do however comply with the Australian and New Zealand Privacy Principles and data storage requirements. More data centers are coming soon for our international customers (US and UK).

Ready to level-up?

Create meal plans 10x faster, follow up with your clients through our mobile app, and never struggle with meal planning or recipe management again.