Security
Last updated: May 2026
Zanav handles bookings, customer records, vaccinations, and payment notes for boarding operators. We treat that data the way you'd treat it yourself — encrypted in motion and at rest, isolated per kennel, and only accessible to people you authorize.
All traffic to zanav.io and your kennel's subdomain is served over HTTPS with TLS 1.2 or higher. Internal service-to-service communication is also TLS-encrypted. Customer data is stored in managed PostgreSQL with disk-level encryption at rest. Uploaded documents (vaccination records, photos) are encrypted in object storage.
Operator and staff accounts use Supabase Auth with email + password or Google sign-in. Customer portal access is limited to invited owners and scoped to a single kennel.
Every record — bookings, owners, dogs, documents, payments — is tagged with a kennel_id and protected by row-level security policies in the database. One kennel's records are never visible to another, even at the database layer.
The managed database runs daily automated backups with point-in-time recovery. Backup retention follows our infrastructure provider's standard schedule, and recovery procedures are tested regularly.
Zanav runs on Vercel (web/edge) and Supabase (database, storage, auth). Both providers are SOC 2 Type II audited and operate from data centers in the EU and the US. Tenant kennels can request EU-resident hosting.
Owners can export every record tied to their account in CSV format and request deletion at any time. The kennel is the data controller; Zanav is the data processor. We sign a Data Processing Agreement with kennels in the EU on request.
If you find a security issue, please email security@zanav.io with details and a way to reproduce. We acknowledge reports within two business days and won't take legal action against good-faith research.
Security questions, audit requests, or DPA requests: security@zanav.io. We respond within two business days.