Encryption
DZDESK implements encryption to protect your data at rest and in transit.
Encryption at Rest
Database Encryption
All database storage is encrypted:
- AES-256 encryption
- Transparent Data Encryption (TDE)
- Keys managed by Azure Key Vault
File Storage
Uploaded files are encrypted:
- AES-256 encryption
- Server-side encryption
- Unique keys per tenant
Backup Encryption
All backups encrypted:
- Same encryption as production
- Encrypted during transfer
- Secure storage
Encryption in Transit
HTTPS/TLS
All connections use:
- TLS 1.2 minimum
- TLS 1.3 supported
- Strong cipher suites
API Communication
- All API calls over HTTPS
- Certificate validation required
- No HTTP fallback
Internal Communication
- Service-to-service encrypted
- Internal TLS certificates
- Network isolation
Key Management
Azure Key Vault
Keys managed through:
- Azure Key Vault HSM
- Automatic key rotation
- Access auditing
Key Rotation
- Regular automatic rotation
- Zero-downtime rotation
- Old keys retained for decryption
Key Access
- Limited administrative access
- Separation of duties
- Audit logging
Encryption Standards
Algorithms Used
| Purpose | Algorithm |
|---|---|
| Data at rest | AES-256 |
| Data in transit | TLS 1.2/1.3 |
| Password hashing | bcrypt/Argon2 |
| API tokens | Secure random |
Compliance
Encryption meets:
- SOC 2 requirements
- ISO 27001 standards
- KVKK requirements
- GDPR requirements
What's Encrypted
Always Encrypted
- User credentials
- API keys and secrets
- Personal data
- Request content
- File attachments
- Audit logs
Tenant Isolation
- Per-tenant encryption keys
- Data isolation
- No cross-tenant access
Verification
Certificate Information
Your connection uses:
- Valid SSL certificate
- Trusted certificate authority
- Certificate pinning (mobile)
Checking Encryption
Verify HTTPS:
- Browser shows lock icon
- URL starts with https://
- No security warnings
Related Topics
- Data Residency - Where data is stored
- Audit Trails - Access logging
- Backups & Retention - Backup security