Our apps are force.com hosted applications i.e. run on Salesforce's servers inside the same datacenter (the data center is fully managed by Salesforce - this includes the following: network secuirty, restricted persoanl access to the facilities, disaster recovery).
Our apps respect Salesforce's native permissions (object / field data access policies - view/create/update/delete/sharing permissions) & Salesforce's sharing mechanism.
We do the a Security Review at least once a year & we fix any known / reported security issue in a timely manner.
We manage our apps & licenses by using a self-managed license Salesforce intance.
Access policy: ZaapIT doesn't have any access to your Salesforce and / or your data - you can grant access to ZaapIT's support by going to Salesforce's setup>grant access>ZaapIT's Support or by going to My-settings>grant access > ZaapIT's support.
Salesforce Government Cloud + Salesforce Government Cloud Plus certified more details
Data & Privacy:
Our apps / services / website collect and store app usage statistics inside Salesforce's servers and inside google cloud (Google Analytics).
By Default our apps allow the end user to export his data to a differant apps or to send his data to a differant app (e.g. excel / outlook) - it is up to the end-user / admin to remove unwanted buttons and/or to set the relevant permissions to restrict those options.
Our Sales team may collect and store publicly available data and / or data provided to us during email communication with a prospect/customer. This data is stored inside our dedicated Salesforce orgs/servers and used during sales/renewal processes.