Trust & Security

Security is the product

We build security infrastructure, so we hold ourselves to the standard our customers expect. Here's how we protect your data.

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Secrets are stored in a dedicated, isolated vault.

Internal access is gated by SSO, hardware-backed MFA, and just-in-time permissions that expire automatically.

Customer data is logically isolated per tenant, with strict boundaries enforced at every layer of the stack.

SOC 2 Type II in progress, with controls mapped to ISO 27001, ISO 42001, and the EU AI Act.

We monitor our infrastructure 24/7 with automated anomaly detection and a documented incident response plan.

We welcome reports from security researchers and respond to every submission through our disclosure program.

Report a vulnerability

Found something? Email security@cyata.co with details and steps to reproduce. We acknowledge every report within one business day.