Enterprise-Grade Security
Learn how we secure our infrastructure, protect your API keys, and sanitize prompt traffic at the edge.
Data Protection & Encryption
All API requests sent to Zertru are encrypted in transit using TLS 1.3 and forward secrecy. Any database logs (optional compliance storage) are encrypted at rest using AES-256 keys managed via AWS KMS. We enforce strict HSTS and secure session cookies across all dashboards.
Private VPC & Gateway Isolation
For organizations with strict network requirements, Zertru offers self-hosted VPC deployments. You can deploy our Rust-based gateway in your private network via Docker, Helm charts, or Terraform. In this mode, no prompt payloads or decryption keys ever leave your cloud boundary.
Threat Detection & DLP Heuristics
Our gateway intercepts prompts at the edge, applying advanced heuristics and local Named Entity Recognition (NER) models to sanitize traffic. We redact PII/PHI and scan for prompt injections or jailbreaks before forwarding sanitized payloads to downstream LLMs.
Compliance & Attestations
Zertru is certified SOC2 Type II compliant. We regularly undergo external security audits and penetration tests performed by independent cybersecurity firms. Our service architecture also satisfies the administrative, physical, and technical safeguard requirements of HIPAA.
Vulnerability Disclosure Policy
We value the contributions of security researchers. If you believe you have discovered a vulnerability in our proxy gateway, API, or developer dashboard, please report it to us responsibly.
Please email details of the vulnerability to: security@zertru.com