Security & trust

Last updated: April 2026

This page describes our security practices and the infrastructure providers (subprocessors) we rely on.

Personal information in Japan (APPI)

We handle personal information in line with Japan’s Act on the Protection of Personal Information (APPI; 個人情報保護法), using policies, contracts, technical controls, and vendor management. We work to support customers’ accountability under the APPI where applicable.

What we do

  • Data stays in Japan. All data is stored on servers in Japan. No overseas transfer. Full stop.
  • Encrypted in transit and at rest. Built to meet business-grade security requirements.
  • HTTPS is used for traffic between browsers and Zaseki.
  • Access to the service requires authentication; features are available only to signed-in users as designed.
  • Membership in a workspace (“space”) is enforced in the application and backed by database-level access rules so users only reach data their organization is intended to see.
  • Billing is processed by Stripe. Zaseki does not store full primary account numbers (PANs) for cards on our own systems.
  • We maintain processes for security incidents and, where the law requires, notifications to affected individuals, regulators, or other parties. In Japan, incidents involving personal data may require reporting to the Personal Information Protection Commission (PPC; 個人情報保護委員会) or other steps depending on the facts and applicable rules.
  • Voice and meeting media use real-time infrastructure only when a session is started through the product; it is not used as always-on surveillance of your workplace.

Subprocessors & infrastructure

Zaseki uses the following providers. Each processes data only as needed for the role described. Official security and trust documentation is published by the vendor:

Supabase
Hosted database, authentication, and object storage for the Zaseki application and customer content. Vendor security & trust (official)
Stripe
Payment processing and billing; card data is handled according to Stripe’s PCI DSS–aligned infrastructure, not stored as full PAN data on Zaseki servers. Vendor security & trust (official)
LiveKit
Real-time voice and meetings when participants start a session in the product. Vendor security & trust (official)

Legal documents on this site

For definitions, retention, and legal terms, see:

Report a security issue

If you believe you have found a security vulnerability affecting Zaseki, please email us at help@zaseki.com. Include enough detail for us to reproduce the issue. We appreciate responsible disclosure.

help@zaseki.com

Please do not post exploit details or customer data publicly before we have had a reasonable chance to investigate and mitigate.