Skip to main content

    Security Overview

    Last Updated: December 2025

    At Cynorex, security is a core priority. We understand that our platform processes sensitive personal and professional information, and we are committed to protecting that data through robust technical, administrative, and organizational safeguards.

    This Security Overview provides transparency into our security practices, controls, and commitments.

    Infrastructure Security

    Cloud Infrastructure

    Cynorex is hosted on enterprise-grade cloud infrastructure operated by a leading global cloud service provider. This provider maintains independent, third-party security certifications and audits, including:

    SOC 2 Type II

    Covering Security, Availability, and Confidentiality controls

    ISO/IEC 27001

    Information Security Management Systems

    These certifications apply to the underlying cloud infrastructure and physical data centers. Cynorex operates under the cloud provider's shared responsibility model and implements additional security controls at the application, data, and operational layers.

    Our hosting environment is designed with:

    • Geographic redundancy across multiple availability zones
    • Automated backup and disaster recovery mechanisms
    • Physical security controls at data center facilities, including restricted access and surveillance

    Network Security

    • Network firewalls and traffic filtering
    • Distributed denial-of-service (DDoS) protection
    • Web Application Firewall (WAF) protecting platform endpoints
    • Network segmentation to reduce lateral movement
    • Periodic security testing and assessments

    Data Protection

    Encryption

    Data in Transit

    All data transmitted to and from the Platform is encrypted using industry-standard transport encryption (TLS 1.2 or higher). HTTPS is enforced across all services.

    Data at Rest

    Stored data is encrypted using strong encryption standards (such as AES-256). Encryption keys are managed securely using cloud-based key management services.

    Data Handling and Retention

    • Data collection is limited to what is necessary to operate the Platform
    • Logs and monitoring systems are designed to avoid storing unnecessary sensitive data
    • Data is retained only as long as required for legitimate business or legal purposes
    • Secure deletion procedures are applied when data is no longer required

    Database Security

    • Databases are deployed in private network environments without direct public access
    • Regular security updates and patching
    • Backup and recovery capabilities, including point-in-time recovery where supported
    • Monitoring and alerting for unusual or suspicious activity

    Access Controls

    Authentication

    • Secure password requirements
    • Rate limiting and account lockout protections
    • Session management with automatic expiration
    • Support for multi-factor authentication (MFA)
    • Enterprise single sign-on (SSO) integrations where available

    Authorization

    • Role-based access control (RBAC)
    • Principle of least privilege for all internal systems
    • Granular permissions for company accounts
    • Logging of administrative and sensitive actions
    • Periodic access reviews

    Monitoring and Detection

    • Continuous automated monitoring of platform activity
    • Centralized logging and alerting
    • Detection of anomalous or suspicious behavior
    • On-call security response procedures for escalations

    Vulnerability Management

    • Regular vulnerability scanning of systems and dependencies
    • Periodic third-party security testing
    • Responsible disclosure process for reporting vulnerabilities
    • Timely remediation of identified issues based on severity

    Compliance and Privacy

    Cynorex aligns its security and privacy practices with applicable regulatory requirements, including:

    • GDPR and UK GDPR
    • CCPA and CPRA
    • Applicable U.S. state privacy laws

    For enterprise customers, supporting documentation such as Data Processing Agreements (DPAs) may be provided upon request, subject to confidentiality obligations.

    Incident Response

    Cynorex maintains an incident response process designed to identify, contain, and remediate security incidents efficiently.

    Incident Response Lifecycle

    1

    Detection

    Identification of potential security events

    2

    Assessment

    Evaluation of severity and scope

    3

    Containment

    Actions taken to limit impact

    4

    Remediation

    Resolution of root cause

    5

    Recovery

    Restoration of affected systems

    6

    Review

    Post-incident analysis and improvement

    Breach Notification

    If a security incident results in a breach of personal data, Cynorex will notify affected users and relevant authorities in accordance with applicable law, including required notification timelines.

    Employee Security

    • Background checks for employees with elevated access
    • Security and privacy awareness training
    • Secure workstation and endpoint protection standards
    • Confidentiality obligations for all personnel
    • Prompt access revocation upon role change or termination

    Third-Party Security

    • Security and privacy due diligence before onboarding vendors
    • Contractual security and confidentiality obligations
    • Ongoing vendor risk reviews
    • Limited data access based on necessity and role

    Your Role in Security

    Security is a shared responsibility. Users are encouraged to:

    • Use strong, unique passwords
    • Enable multi-factor authentication
    • Keep devices and browsers up to date
    • Remain alert to phishing attempts
    • Review account activity regularly
    • Report security concerns promptly

    Reporting Security Issues

    If you believe you have discovered a security vulnerability or suspect unauthorized access to your account, please contact us immediately at security@cynorex.com.

    This Security Overview may be updated periodically to reflect changes in our practices or improvements to our security program. Any updates will be posted with a revised "Last Updated" date.