Trust at ZeroBounce
ZeroBounce is the most-certified email validation and deliverability platform in the category. SOC 2 Type 2, ISO/IEC 27001:2022, HIPAA, EU GDPR, CCPA, CPRA, PCI DSS, EU AI Act readiness, and active participant in the EU-U.S. and Swiss-U.S. Data Privacy Framework. The platform runs on owned infrastructure - ZeroBounce operates its own data center and hardware, and does not store customer data on Amazon Web Services, Azure, or other public clouds. Uploaded files are deleted within 30 days. Full evidence, signed reports, BAAs, and DPAs are available at trust.zerobounce.net.
We want you to feel entirely secure and confident when choosing us, so we invite you to read more About us and get in touch for more information.
Certifications at a glance
Each certification below links to the evidence in our Trust Center.
SOC 2 Type 2
Audited annually under AICPA guidelines. Type 2 certification since 22 March 2022.
Request the SOC 2 report ›ISO/IEC 27001:2022
Certified by MSECB. The current management standard for information security.
Trust Center evidence ›HIPAA SOC 2 Type 2
Certified August 2023. BAA available for covered entities.
Trust Center evidence ›EU GDPR
Compliant since before 25 May 2018. Internal DPO + monthly third-party audits.
GDPR statement ›EU-U.S. and Swiss-U.S. Data Privacy Framework
Active participant since December 2017.
CCPA / CPRA
Compliant. California Consumer Privacy Act and California Privacy Rights Act controls in place.
Trust Center ›PCI DSS
Compliant. Monthly third-party assessments on all payment processing.
EU AI Act
Readiness controls documented in the Trust Center.
Trust Center AI section ›Cyber Smart Defence
Certified 2023. Quarterly penetration tests + IT security audits.
BBB Accredited Business
Since September 2017.
Verify accreditation ›
Trusted by global enterprises
How ZeroBounce handles your data
Data ownership
Your data stays yours. ZeroBounce does not sell, share, or repurpose customer email lists.
30-day retention
Uploaded validation files are deleted within 30 days. Customers can delete files manually at any time.
Owned infrastructure
ZeroBounce operates its own data center and hardware. No reliance on AWS, Azure, or other third-party cloud providers for core verification workloads.
Subprocessors
Cloudflare, Zendesk, Meta, Microsoft, Google Ads. Full list in the Trust Center.
Encryption
Files are uploaded over TLS and stored encrypted at rest.
Regional routing
Customers can choose EU-only routing via api-eu.zerobounce.net or US-only routing via api-us.zerobounce.net. The default endpoint (api.zerobounce.net) geo-routes based on request origin.
Evidence and documents
The full evidence pack lives in the Trust Center. Click a document below to request access.
Vulnerability disclosure
Security researchers can report vulnerabilities via HackerOne.
Status and uptime
Real-time platform status: status.zerobounce.net.
99.99% API uptime SLA.
90-day uptime history published.
See more about the verified performance numbers.




