Security
Last updated: April 24, 2026
Report vulnerabilities to contact@zodagent.com. For general security inquiries: contact@zodagent.com.
Certifications and third-party assessments
A SOC 2 Type II attestation report is available on request at View our compliance report. We commit to at-least-annual penetration testing by reputable third parties.
Infrastructure security
- List of subprocessors published on trust portal
- Each subprocessor evaluated under vendor risk management program
- Zod does not use or maintain any infrastructure in China
- Infrastructure access granted on principle of least privilege
- Multi-factor authentication enforced
Client and agent security
- Upstream security patches assessed based on risk and impact
- App makes requests to Zod backend domains for API, indexing, update, and marketplace
- For proxy allowlisting: Agent security docs, LLM safety and controls, Cloud Agent network security, Hooks, MCP security
- Enterprise administration: Enterprise docs, Privacy and data governance, Compliance and monitoring, SSO and SCIM
Privacy Mode
Privacy Mode can be enabled in settings or by a team/admin. It is available to everyone (free or Pro). When enabled, we will not train on your data. Learn more at Privacy docs and Data Use policy.
Account deletion
You can delete your account at any time from the Settings dashboard. For help, see Delete account guide or email contact@zodagent.com.
Vulnerability disclosures
Submit vulnerabilities to contact@zodagent.com. Acknowledged within 5 business days. Critical incidents communicated via email.