The security of your data is our top priority. Zest complies with the requirements of the GDPR.
For more details on our compliance policy:
Zestmeup is a company under French law and its teams are based in France.
The GDPR legal basis for using Zest is legitimate interest and users systematically receive a GDPR warning when they first sign up. Users have the right of access, rectification, erasure, as well as the right to request the restriction of processing or to object to processing.
The data is hosted in France by OVH, which is certified ISO 27001, SOC 1 & SOC2.
All connections are secured with HTTPS.
No activity data is used or stored via the mobile application.
Data is stored throughout the contract period with Zest and for up to 60 days after termination.
Passwords are encrypted and the encryption mode can be set by the super administrator.