Cyrenza's platform is built on a security architecture designed to protect your most sensitive business data. Our security framework covers the entire lifecycle — from document upload to processing to delivery — and is informed by the NIST Cybersecurity Framework.
We recognize that entrusting AI systems with your business operations requires rigorous security measures. SOC 2 Type II and ISO 27001 are on our compliance roadmap, alongside security controls appropriate to commercial real estate workloads. Where payments apply, processing is handled by our payment provider.
Every aspect of our platform—from the AI specialists to the underlying infrastructure—is designed with security-first principles, ensuring your business data remains protected throughout every interaction and process. Our zero-trust architecture assumes no implicit trust and continuously validates every transaction.
Security Status: SOC 2 Type II and ISO 27001 are on our compliance roadmap. The platform is designed to support our customers’ GDPR and CCPA obligations.
We make firm commitments to protect your business data and maintain high standards of security, privacy, and operational excellence. Your documents stay in your tenant, isolated at the database layer, and we do not sell your data. Detailed commitments on data use, including how content is processed by AI model endpoints, are set out in our Data Processing Addendum and Security Addendum.
You retain full ownership and control of your data; we never claim ownership, license rights, or derivative work rights to your business information. Your data is logically and physically isolated from other customers with separate encryption keys, database instances, and network segments. Enterprise customers can specify geographic data storage locations to meet regulatory compliance requirements.
We implement AES-256-GCM encryption at rest and TLS 1.3 in transit for all data, with no exceptions or downgrades permitted. Encryption keys are rotated every 90 days automatically with zero-downtime deployment and no service interruption. Where technically feasible, we implement zero-knowledge encryption so even our administrators cannot access your unencrypted data.
Multi-factor authentication is required for all user accounts without exception, with support for hardware tokens and biometric authentication. All system access follows strict least-privilege principles with role-based access control and regular permission audits.
Every API call, data access, and system interaction is logged with immutable, encrypted audit trails retained for 7 years. Enterprise customers have real-time access to comprehensive audit logs via API and dashboard, with export capabilities in multiple formats. We conduct quarterly penetration tests by independent security firms and promptly remediate any identified vulnerabilities.
We guarantee 99.9% platform availability with redundant infrastructure across multiple availability zones. Continuous, real-time backup replication across geographically distributed data centers ensures zero data loss. Recovery Time Objective (RTO) of less than 1 hour and Recovery Point Objective (RPO) of near-zero for all critical systems. Our Security Operations Center (SOC) monitors threats and responds to incidents 24 hours a day, 365 days a year.
All data transmitted to, from, and within the Cyrenza platform is protected using Transport Layer Security (TLS) version 1.3, the latest and most secure version providing enhanced security features including forward secrecy, improved handshake performance, and resistance to downgrade attacks. This ensures all communications between your devices, our servers, and integrated systems remain completely confidential and tamper-proof.
All stored data is protected with AES-256 encryption using FIPS 140-2 Level 3 certified hardware security modules. We utilize Google Cloud KMS with customer-managed keys and automatic key rotation every 90 days with zero-downtime deployment. All file uploads, document storage, and AI model data use separate encryption keys with tenant isolation.
Our cloud infrastructure is built on Google Cloud Platform (GCP), leveraging their globally distributed network of SOC 2 Type II certified data centers that maintain the highest standards of physical and logical security. These facilities implement comprehensive security measures including biometric access controls, 24/7 security monitoring, environmental controls, and redundant power systems to ensure continuous availability and protection of your data.
We maintain a multi-region deployment strategy that provides both performance optimization and disaster recovery capabilities. Our infrastructure spans multiple geographic regions with real-time data replication and automatic failover mechanisms ensuring your AI workforce remains operational even during regional disruptions.
Cyrenza enforces strong identity and access management across all accounts including multi-factor authentication (MFA), single sign-on (SSO), and least-privilege role-based access controls. All access changes are fully logged and audited. Every Knowledge Worker runs in isolated execution environments with restricted permissions, scoped API tokens, and full activity monitoring ensuring no cross-tenant data exposure or unauthorized access.
Our 24/7 security operations center continuously monitors for anomalies and potential threats. We maintain documented incident response procedures, immediate customer notification protocols within 24 hours of detection, and detailed post-incident reviews.
Cyrenza is designed to support our customers’ obligations under major privacy frameworks including GDPR and CCPA. SOC 2 Type II and ISO 27001 are on our compliance roadmap. Regular security reviews inform continuous improvement.
Our infrastructure operates with a 99.9% uptime SLA, redundant systems, and cross-region backups. Disaster recovery and failover procedures are tested regularly to maintain uninterrupted service availability.
If you discover a security vulnerability, please report it immediately to security@cyrenza.com with detailed vulnerability information. We maintain a bug bounty program to reward security researchers with details available at security.cyrenza.com.
This Security Policy shall be governed by and construed in accordance with applicable international commercial law principles, without regard to conflict of law rules or the laws of any specific jurisdiction. This policy should be read in conjunction with our Privacy Policy and Terms of Use, which contain additional information about our legal framework and dispute resolution procedures.
Any dispute arising from this Security Policy shall first be addressed through good-faith negotiations and, if unresolved within 30 days, referred to binding arbitration conducted in English in accordance with the rules of a recognized international arbitration institution such as the International Chamber of Commerce (ICC). The arbitrator's decision shall be final and binding, and judgment may be entered in any court of competent jurisdiction.