Trust & security
Security at CyberSec0x
Summary controls matrix for procurement and risk teams. Detailed questionnaires (SIG, CAIQ-style) are available under NDA.
Control matrix (summary)
| Domain | Control | Implementation notes |
|---|---|---|
| Identity | MFA for admins | Required for all tenant admin accounts; SSO optional (Business+). |
| Data | Encryption at rest | AES-256 for customer databases and object storage; keys in managed HSM. |
| Network | TLS | TLS 1.2+ for all public endpoints; HSTS on web properties. |
| Logging | Audit trail | Security-relevant events retained per plan; export to SIEM on Enterprise. |
| Vendors | Subprocessor review | List published in DPA; annual review for critical providers. |
Encryption
Data in transit is protected with TLS 1.2+. Customer data at rest is encrypted using industry-standard algorithms and keys managed under strict access controls.
Access control
Role-based access, MFA for administrators, and least-privilege defaults. Audit logs capture security-relevant events for your review where the product supports export.
Vulnerability disclosure
We welcome coordinated disclosure. Please email [email protected] with encrypted details if possible. We aim to acknowledge within 72 hours.
Compliance
Documentation for GDPR-aligned processing, subprocessors, and DPIA support is available under NDA for Enterprise customers. This page is a high-level summary—not a certification.