Enterprise-Grade Protection
Cyrenza's AI workforce platform is built on a foundation of military-grade security architecture designed to protect your most sensitive business data. Our security framework encompasses the entire Knowledge Worker lifecycle, from deployment to data processing to results delivery, adhering to the NIST Cybersecurity Framework and ISO 27001 standards.
We recognize that entrusting AI agents with your business operations requires unprecedented security measures. Our comprehensive approach includes SOC 2 Type II readiness, ISO 27001 alignment, FedRAMP authorization in progress, and industry-specific security controls tailored to each of our 8 vertical markets including HIPAA alignment, SOX readiness, and PCI DSS compliance via Adyen where applicable.
Every aspect of our platform—from our 80 specialized Knowledge Workers to the underlying infrastructure—is designed with security-first principles, ensuring your business data remains protected throughout every interaction and process. Our zero-trust architecture assumes no implicit trust and continuously validates every transaction.
Security Status: SOC 2 Type II ready, ISO 27001 aligned, FedRAMP Moderate in progress, GDPR compliant, CCPA compliant. Annual security audits conducted by independent third-party firms including Deloitte Cyber Risk Services.
We make unwavering commitments to protect your business data and maintain the highest standards of security, privacy, and operational excellence. Your data will never be used to train public AI models or shared with third-party AI providers—all AI models are customer-specific and isolated. We encrypt over 500 field patterns across all business verticals, ensuring comprehensive protection for your most sensitive data.
You retain full ownership and control of your data; we never claim ownership, license rights, or derivative work rights to your business information. Your data is logically and physically isolated from other customers with separate encryption keys, database instances, and network segments. Enterprise customers can specify geographic data storage locations to meet regulatory compliance requirements.
We implement AES-256-GCM encryption at rest and TLS 1.3 in transit for all data, with no exceptions or downgrades permitted. Encryption keys are rotated every 90 days automatically with zero-downtime deployment and no service interruption. Where technically feasible, we implement zero-knowledge encryption so even our administrators cannot access your unencrypted data.
Multi-factor authentication is required for all user accounts without exception, with support for hardware tokens and biometric authentication. All system access follows strict least-privilege principles with role-based access control and regular permission audits.
Every API call, data access, and system interaction is logged with immutable, encrypted audit trails retained for 7 years. Enterprise customers have real-time access to comprehensive audit logs via API and dashboard, with export capabilities in multiple formats. We conduct quarterly penetration tests by independent security firms and promptly remediate any identified vulnerabilities.
We guarantee 99.9% platform availability with redundant infrastructure across multiple availability zones. Continuous, real-time backup replication across geographically distributed data centers ensures zero data loss. Recovery Time Objective (RTO) of less than 1 hour and Recovery Point Objective (RPO) of near-zero for all critical systems. Our Security Operations Center (SOC) monitors threats and responds to incidents 24 hours a day, 365 days a year.
All data transmitted to, from, and within the Cyrenza platform is protected using Transport Layer Security (TLS) version 1.3, the latest and most secure version providing enhanced security features including forward secrecy, improved handshake performance, and resistance to downgrade attacks. This ensures all communications between your devices, our servers, and integrated systems remain completely confidential and tamper-proof.
All stored data is protected with AES-256 encryption using FIPS 140-2 Level 3 certified hardware security modules. We utilize Google Cloud KMS with customer-managed keys and automatic key rotation every 90 days with zero-downtime deployment. All file uploads, document storage, and AI model data use separate encryption keys with tenant isolation.
Our cloud infrastructure is built on Google Cloud Platform (GCP), leveraging their globally distributed network of SOC 2 Type II certified data centers that maintain the highest standards of physical and logical security. These facilities implement comprehensive security measures including biometric access controls, 24/7 security monitoring, environmental controls, and redundant power systems to ensure continuous availability and protection of your data.
We maintain a multi-region deployment strategy that provides both performance optimization and disaster recovery capabilities. Our infrastructure spans multiple geographic regions with real-time data replication and automatic failover mechanisms ensuring your AI workforce remains operational even during regional disruptions.
Cyrenza enforces strong identity and access management across all accounts including multi-factor authentication (MFA), single sign-on (SSO), and least-privilege role-based access controls. All access changes are fully logged and audited. Every Knowledge Worker runs in isolated execution environments with restricted permissions, scoped API tokens, and full activity monitoring ensuring no cross-tenant data exposure or unauthorized access.
Our 24/7 security operations center continuously monitors for anomalies and potential threats. We maintain documented incident response procedures, immediate customer notification protocols within 24 hours of detection, and detailed post-incident reviews.
Cyrenza is compliant or aligned with major global security and privacy frameworks including GDPR, CCPA, and HIPAA. We are SOC 2 Type II ready with audit scheduled for Q4 2025, ISO 27001 aligned with certification planned for Q1 2026, PCI DSS Level 1 compliant via Adyen, and SOX ready for enterprise customers. Regular penetration tests and third-party audits ensure continuous improvement.
Our infrastructure operates with a 99.9% uptime SLA, redundant systems, and cross-region backups. Disaster recovery and failover procedures are tested regularly to maintain uninterrupted service availability.
If you discover a security vulnerability, please report it immediately to security@cyrenza.com with detailed vulnerability information. We maintain a bug bounty program to reward security researchers with details available at security.cyrenza.com.
This Security Policy shall be governed by and construed in accordance with applicable international commercial law principles, without regard to conflict of law rules or the laws of any specific jurisdiction. This policy should be read in conjunction with our Privacy Policy and Terms of Use, which contain additional information about our legal framework and dispute resolution procedures.
Any dispute arising from this Security Policy shall first be addressed through good-faith negotiations and, if unresolved within 30 days, referred to binding arbitration conducted in English in accordance with the rules of a recognized international arbitration institution such as the International Chamber of Commerce (ICC). The arbitrator's decision shall be final and binding, and judgment may be entered in any court of competent jurisdiction.