Security

Effective date: 1 July 2026

Zesty protects restaurant and platform data with organization scoping, branch scoping, role-based permissions, authenticated APIs, signed payment and upload flows, rate limiting, audit logs, monitoring, backup processes, and operational safeguards.

Data protection practices

Zesty uses practical safeguards including access control, masking, audit trails, provider secret isolation, webhook signature verification, secure session handling, and production readiness checks. Support access is limited to approved workflows and should be used only when relevant to a ticket.

Sensitive data handling

Zesty avoids storing full card numbers, UPI credentials, CVV, bank login credentials, passwords, OTPs, provider secrets, webhook signatures, bearer tokens, or raw payment signatures in application logs. Phone and email values should be masked in routine views where raw values are not needed for operations.

Incident response

When Zesty identifies a personal data breach or security incident, the response process is to contain the issue, identify affected organizations and data types, notify affected restaurants and users where required, notify regulators where required, record the incident, and add preventive checks.

Contact

For security questions, suspected abuse, or vulnerability reports, use Contact Zesty or email hello@zesty.id.