StatementZenStatementZen

Security You Can Trust

Your financial data deserves enterprise-grade protection. StatementZen is built with security at every layer — from post-quantum encryption to Australian data residency.

WAF Protected(Cloudflare)
PCI DSS(Via Stripe)
GDPR(Compliant)
APP(Compliant)

Post-Quantum TLS

All connections use ML-KEM (Kyber768) key exchange via Cloudflare, protecting your data against both current and future quantum threats. TLS 1.3 enforced across all endpoints.

AES-256 Encryption at Rest

Every document, database record, and backup is encrypted with AES-256. Encryption keys are managed via AWS KMS with automatic rotation.

Cloudflare Edge + AWS Sydney

Traffic is routed through Cloudflare's global edge network for DDoS protection and WAF filtering. Application infrastructure runs exclusively in AWS ap-southeast-2 (Sydney).

Web Application Firewall

All traffic is filtered through Cloudflare's WAF with managed rulesets that block OWASP Top 10 threats, bot traffic, and malicious payloads before they reach the application.

PCI DSS Compliance

All payment processing is handled by Stripe, a PCI DSS Level 1 certified processor. StatementZen never stores, processes, or transmits credit card data.

RBAC & Multi-Factor Auth

Role-based access control ensures team members only see what they need. Multi-factor authentication (MFA) is available for all accounts and required for admin roles.

Australian Data Residency

All customer data is stored and processed within Australia (AWS Sydney ap-southeast-2). Your financial data never leaves Australian jurisdiction.

24-Hour Incident Response

Our security team monitors for threats around the clock. We commit to acknowledging security incidents within 1 hour and providing initial assessment within 24 hours.

GDPR & APP Compliance

Full compliance with the Australian Privacy Principles (APP) and the EU General Data Protection Regulation (GDPR). Data subject requests are honoured within 30 days.

Penetration Testing

Regular third-party penetration tests are conducted on our infrastructure and application. Findings are remediated on a risk-prioritised schedule.

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please report issues to security@statementzen.com. We commit to acknowledging reports within 24 hours and will not take legal action against good-faith security researchers.

Enterprise-grade security, startup simplicity

Start your 14-day free trial. No credit card required.

Start Free Trial