Overview
Cysmiq is committed to security and compliance. This page outlines our certifications, security practices, and data protection measures.Compliance certifications
| Certification | Status | Timeline |
|---|---|---|
| SOC 2 Type II | In progress | Target: April 2026 |
| ISO 27001 | In progress | Target: March 2026 |
Trust portal
Our trust portal (coming soon) will provide:- Real-time compliance status
- Security documentation
- Penetration test summaries
- Subprocessor list
- Data processing agreements
Data isolation
Cysmiq uses a multi-tenant architecture with complete data isolation between workspaces:- Separate databases: each workspace has its own database
- No data sharing: data never crosses workspace boundaries
- Encryption at rest: all data encrypted using AES-256
- Encryption in transit: all connections use TLS 1.2+
Infrastructure security
- Cloud hosting: hosted on enterprise-grade cloud infrastructure
- Access controls: role-based access with principle of least privilege
- Audit logging: comprehensive logging of security-relevant events
- Vulnerability management: regular security scanning of our own infrastructure
Application security
- Secure development: security built into our development lifecycle
- Dependency scanning: we use Cysmiq to scan our own dependencies
- Code review: all changes reviewed before deployment
- Penetration testing: regular third-party security assessments
Data retention
- Vulnerability data retained while workspace is active
- Deleted workspaces are permanently removed after retention period
- Customers can request data export or deletion
Incident response
In the event of a security incident:- Affected customers notified within 72 hours
- Root cause analysis conducted
- Remediation steps implemented
- Post-incident report provided
Contact
For security questions or to report a vulnerability:- Security team: security@cysmiq.com
- Support: support@cysmiq.com
Related docs
- Workspaces: data isolation architecture
- Self-hosting requirements: for on-premise deployments