Your Data.
Our Responsibility.
Enterprise-grade security for the most sensitive professional work – from financial analysis to legal review, insurance claims to real estate transactions.
Compliance & Regulatory Alignment
GDPR Ready
Full compliance with the General Data Protection Regulation, with data processing agreements, data subject rights, and lawful processing bases built into the platform.
CCPA / CPRA
Cyrenza operates as a Service Provider under the California Consumer Privacy Act and California Privacy Rights Act.
HIPAA Ready
Business Associate Agreements available for customers processing protected health information.
EU Data Transfers
Standard Contractual Clauses (Module 2 and 3), UK International Data Transfer Addendum, and Swiss-specific protections in place.
Built for Regulated Industries
Cyrenza serves finance, insurance, legal, real estate, consulting, and business operations teams. Security isn’t a feature – it’s the foundation.
No Model Training on Your Data
Cyrenza contractually guarantees that Customer Data is never used to train, fine-tune, or improve AI models. Data sent to AI model providers is processed transiently and not retained beyond the request.
Tenant Isolation by Design
Every customer’s data is cryptographically separated with unique per-tenant encryption keys. Database queries are automatically scoped to the authenticated tenant. One customer’s data can never be accessed by another.
Encryption at Every Layer
AES-256 at rest with per-tenant keys via hardware-backed key management. TLS 1.3 for all data in transit. Keys rotated every 90 days with zero-downtime re-encryption. Field-level encryption for PII.
Enterprise Access Controls
Single sign-on via OIDC/OAuth 2.0, automated provisioning and deprovisioning via SCIM 2.0, multi-factor authentication, role-based and attribute-based access controls, and short-lived tokens with automatic rotation.
Independently Tested
Independent third-party penetration testing at least annually. Enterprise customers may review summary reports under NDA and conduct their own assessments with prior written approval.
Enforceable Commitments
Our Security Addendum includes binding terms on data protection, encryption, access controls, incident response timelines, and disaster recovery targets. Contractual, auditable, and enforceable.
You Stay in Control
Data Retention
Set and manage data retention policies. Upon contract termination, Customer Data is available for export for 30 days and then securely deleted.
Data Governance
Comprehensive audit logs cover authentication, authorization, data access, configuration changes, and security events — cryptographically signed for tamper evidence.
Encryption Management
Per-tenant encryption keys with hardware-backed key management. Enterprise customers may specify data residency requirements with independent regional infrastructure.
User Authentication
Configure SSO, enforce MFA, manage user provisioning and deprovisioning via SCIM 2.0, and define role-based access policies from your admin console.
AI-Specific Security
Cyrenza is an AI-native platform. Security controls are designed specifically for AI workloads.
No Model Training – Customer Data is never used to train or improve AI models. Contractually guaranteed with Cyrenza and all AI model providers.
Transient Processing – Data sent to AI providers is not retained beyond the inference request.
Content Filtering – All Agent inputs and outputs pass through safety layers to detect harmful, biased, or non-compliant content.
Provenance Tracking – Every AI-generated output includes source attribution and lineage for auditability.
Human Oversight – All Agent outputs are presented for review. No fully automated decisions with legal or significant effects on individuals.
Frequently Asked Questions
Built on trust. Ready to work.
The security infrastructure you've just reviewed isn't just compliance — it's how we build. Purpose-built AI Knowledge Workers for each industry vertical, with enterprise-grade security, privacy by design, and full transparency engineered in.
Building DCF models for investment analysis
Working now...