Security starts with the runtime boundary, then extends into how the console is operated.
Every plan keeps the runtime inside your infrastructure. The commercial operating model adds identity, access, audit, and private deployment controls on top of that boundary.
Runtime boundary
The runtime stays in your infrastructure on every plan. That is the primary security boundary and the baseline deployment model.
Admin and access controls
The commercial operating model is designed to support controls such as SSO, SCIM, RBAC, MFA, audit logs, and key rotation where those workflows are enabled.
Private deployment option
Enterprise can self-host both runtime and console when a hosted control plane is not acceptable for policy or procurement reasons.
Security & compliance status
What is available in the product today and what is on the roadmap. We distinguish between implemented capabilities and formal external attestations.
| Area | Status |
|---|---|
| Runtime location | Stays in customer infrastructure on every plan |
| Identity & access | SSO, SCIM, RBAC, MFA supported in the commercial operating model |
| Audit & key management | Audit logs and key rotation supported in the commercial operating model |
| Private deployment | Runtime and console can both be self-hosted in Enterprise |
| SOC 2 / ISO 27001 | On the roadmap - not yet publicly attested |
| Contractual SLA | Available for Enterprise; published SLA page coming soon |
Reviewing ZNYX for your security team
ZNYX is designed for enterprise security requirements: the runtime runs in customer infrastructure, the commercial operating model supports SSO, SCIM, RBAC, MFA, audit logs, and key rotation, and Enterprise can self-host both runtime and console when a hosted control plane is not acceptable. For a detailed security review, architecture diagrams, or a signed questionnaire, contact the team directly.