Tenant isolation
Workspace APIs require authentication and scope data by organization. Campaign, segment, template, provider, contact, and analytics records are organization-bound.
Security
ZOLLO is built for organizations that need clear tenant boundaries, controlled access, protected provider credentials, signed integrations, responsible sending, and auditability.
Workspace APIs require authentication and scope data by organization. Campaign, segment, template, provider, contact, and analytics records are organization-bound.
ZOLLO supports Owner, Admin, Marketing, Sales, and Viewer roles so teams can separate administration from campaign and analytics workflows.
Email provider and AI provider credentials are encrypted at rest with a dedicated encryption key separate from JWT signing.
Provider webhooks require an organization identifier and HMAC-SHA256 signature before campaign events are accepted.
Email previews are sandboxed and rendered HTML is cleaned to reduce script, event-handler, and unsafe URL risks.
Rate limits, import size limits, audit logs, unsubscribe links, consent fields, and suppression states support safer launch operations.
Compliance posture
ZOLLO gives teams the product controls needed to support CAN-SPAM, GDPR, CCPA, provider policy, and internal approval workflows. Legal responsibility remains with each sending organization and its data practices.
Security contact
For security, privacy, provider, or compliance questions, contact support@zollo.live. Include affected workspace details, timestamps, and reproduction steps when reporting a potential issue.
Start building
Create contacts, segments, templates, campaigns, automations, providers, and analytics from the app workspace.