Skip to main content

ZeroTier Security

Millions of users across thousands of organizations use ZeroTier for secure, private networking. Our platform keeps data confidential, minimizes data collection, and preserves user privacy.

How We Protect Our Users

ZeroTier networks are secure by default. We use strong, modern cryptography and minimize data collection about users, networks, and devices.

Our Product

All network traffic uses state-of-the-art asymmetric encryption with private keys that never leave the device. This keeps device data private and ensures traffic integrity. Read our cryptography details

We collect minimal metadata about active networks and devices. ZeroTier routes traffic directly between peers, so our infrastructure cannot observe or modify packets on user networks.

Our client agent source code is available on GitHub. Use ZeroTier via signed binary packages, command-line installer, or self-hosted deployment. All options maintain the same privacy and security focus.

Platform Security

ZeroTier’s production applications are deployed to a managed cloud environment, using best practices for testing, deployment, and administration. This includes automated build + test processes, continuous monitoring of our infrastructure, and the use of network segmentation to keep sensitive systems from being reachable from untrusted hosts.

All production system access is authenticated and authorized using single sign-on (SSO), multi-factor authentication (MFA), and role-based access control (RBAC). Critical services are restricted to private networks, using native cloud provider controls and secure remote access services.

Development Process

We use automated testing, mandatory code review, and package signing to ensure secure code and that distributed binaries match tested and reviewed code.

We track and address security issues in third-party dependencies using automated scans and vulnerability reporting.

Incident Response

We take security reports seriously. Report directly to [email protected] with PGP encryption for message integrity and privacy.

Any incidents related to security issues within ZeroTier’s core service offerings will be assigned a public Common Vulnerability and Disclosure (CVE) code. We provide potentially-impacted customers time to assess and mitigate issues in their own deployments before publicly sharing details of any vulnerability.

Business Practices

All ZeroTier employees are subject to a formal background check and confidentiality/non-disclosure agreement. We require annual security training for our entire staff.

ZeroTier reviews all vendors’ security policies and disclosures to ensure they meet our own requirements and commitments to our users.

SOC2 Compliance

ZeroTier is SOC2 Type II certified, demonstrating our commitment to maintaining the highest standards of security, availability, and confidentiality. Our SOC2 certification validates that we have implemented and maintain effective controls for protecting customer data and ensuring service reliability.

Privacy

Maintaining our users’ privacy is core to what we do and how we work at ZeroTier. Connecting to and using ZeroTier networks does not require account registration or any other personal information, and users can sign up for our hosted network administration service using only an email address.

We collect and log only the data needed to provide our services, such as the IP addresses of network members and usage logs for administrative access. No additional data or telemetry leaves a device without an explicit opt-in choice, and all collected telemetry is anonymized.

ZeroTier does not share any user information with 3rd parties except when it is strictly required or for our business operations (billing and support). We do not sell any customer information, analytics, or usage data.

See our full Privacy Policy for more details.

Audit

In March 2020 we worked with @trailofbits to audit our protocol and cryptographic designs for ZeroTier 2.0. As one of its subjects is in our just-released beta, we are ready to make our first preliminary audit public here. A full code audit is coming after 2.0.