Security overview

Transport security

zachicom.com is served over HTTPS (TLS). Data in transit between your browser and our infrastructure is encrypted using industry-standard TLS configurations appropriate for a public web application.

Data at rest

We use hosting and storage providers that support encryption at rest for application data and backups where available. Specific retention and subprocessors may evolve; material changes to how we handle personal data are reflected in our Privacy Policy.

Human-in-the-loop

Zachicom is designed for trades workflows where reputation matters. Automated steps (such as estimates or scheduling suggestions) are bounded by confidence and policy rules; low-confidence or complex jobs are escalated for human review rather than silently auto-completed.

Access and operations

Access to production systems and customer data is limited to authorized Zachicom operators on a need-to-know basis. We do not sell personal information collected through walkthrough requests.

Email and payments

Product communications are email-first. Where invoicing features use Stripe, card and payment processing are handled by Stripe according to their security program; Zachicom does not store full card numbers on Zachicom servers for standard pay-by-link flows.

Reporting security issues

If you believe you have found a vulnerability affecting zachicom.com or Zachicom services, email [email protected] with a description and steps to reproduce. We appreciate responsible disclosure.

This page describes high-level practices and is not a certification or audit report. Compliance frameworks (for example SOC 2) may be pursued separately and will be documented if and when they apply to Zachicom services.