zenloop
HomeLogin

About zenloop Trust Center

A comprehensive compliance and security management platform for ISO 27001 and GDPR.

Features

Policy Document Management

Upload and manage policy documents with AI-powered analysis and automatic ISO 27001 / GDPR mapping.

Compliance Matrix

Track ISO 27001 and GDPR coverage with a real-time compliance matrix showing gaps and progress.

Evidence Collection

Automated evidence collection from AWS and codebase scanner mapped to ISO controls.

Audit Workflow

Complete audit workflow with findings, tasks, activity log, and comments for auditor collaboration.

GDPR Management

Processing activities register (VVT), data processor tracking with DPA status and risk assessment.

SOC 2 Type II

Full SOC 2 Trust Services Criteria tracking across Security, Availability, Processing Integrity, Confidentiality, and Privacy with ISO 27001 cross-mapping.

AI Assistant

Bilingual chatbot that answers auditor questions using policy documents and compliance data.

Evidence Sources

AWS

Cloud infrastructure evidence

PostgreSQL

Database security evidence

GitHub

Source code & deployment evidence

Codebase Scanner

Automated code security checks

Automated Security Scanning

Continuous detection of security issues across your entire infrastructure

Detection of hardcoded secrets and API keys in source code
SSL/TLS certificate validation and HTTPS enforcement
Dependency vulnerability scanning (npm audit)
Configuration checks for .env files and access controls
Security headers analysis (CSP, HSTS, X-Frame-Options)
Cloud provider compliance checks (AWS)

Scan results are automatically collected as verified evidence and mapped to the relevant ISO 27001 controls and SOC 2 criteria. Each scan produces timestamped evidence demonstrating continuous compliance status.

AI-Powered Compliance Queries

Ask questions in natural language — get instant, source-backed answers

"Is SendGrid GDPR compliant?"

Automatically checks DPA status, data processing lawful basis, retention policies, and third-party risk assessments

"Which ISO controls have gaps?"

Analyzes the compliance matrix and identifies controls without full document coverage or evidence

"How is data encrypted at rest?"

Searches policies, evidence, and infrastructure configs, citing specific document sections

"Generate a compliance report for the board"

Produces comprehensive reports with trust score, gap analysis, and action items — exportable as PDF

The AI agent uses specialized sub-agents for documentation, compliance, evidence, and tasks. Every answer includes source citations from policies and evidence. Responses can be exported directly as PDF and shared with the team.

For Auditors

Auditors can view documents, review controls, post findings, and generate reports.

View policy documents and controls
Review compliance matrix and coverage
Post findings and recommendations
Generate and export audit reports

Tech Stack

Next.jsReact framework
SupabaseDatabase & auth (Trust Center)
AWSCloud infrastructure (S3, eu-central-1)
Azure OpenAIAI/LLM services for analytics & insights
PostgreSQLPrimary database
RedisCaching & sessions
SendGridEmail delivery
SentryError monitoring
GitHubSource code & CI/CD
Claude AIAI agent & compliance
Tailwind CSSUI framework

Access the Trust Center

Sign in to access complete compliance documentation and audit reports.

Trust Center Login