Security Policy

Our Security Commitment

At Cyphex Technologies, security is not just a feature — it's the foundation of everything we build. Our motto, "Where Security Meets Simplicity," reflects our commitment to providing enterprise-grade protection that's accessible to all.

Data Encryption

In Transit: All data transmitted between your devices and our servers is encrypted using TLS 1.3, the latest transport security protocol.

At Rest: All stored data is encrypted using AES-256 encryption. Encryption keys are managed using industry-standard key management practices.

Infrastructure Security

• Data hosted in SOC 2 Type II compliant data centers
• Geographic redundancy for disaster recovery
• Regular infrastructure security assessments
• DDoS protection and Web Application Firewall
• Automated backup with secure offsite storage

Application Security

• Secure Software Development Lifecycle (SDLC)
• Regular code reviews and security testing
• OWASP Top 10 vulnerability protection
• Automated security scanning in CI/CD pipeline
• Regular penetration testing by third parties

Access Control

• Role-based access control (RBAC)
• Multi-factor authentication for all admin access
• Principle of least privilege
• Comprehensive audit logging
• Session timeout and device management

Incident Response

We maintain a 24/7 security operations capability. Our incident response plan includes:

• Immediate threat containment
• Root cause analysis
• Affected party notification within 72 hours
• Post-incident review and improvement

Compliance

We are committed to meeting relevant security standards and regulations:

• SOC 2 Type II (in progress)
• ISO 27001 aligned practices
• GDPR compliance for EU data
• India's IT Act and upcoming DPDP compliance

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly:

Email: security@cyphex.in
We appreciate your help in keeping Cyphex secure.