Security Overview

Last Updated: December 2025

At Cynorex, security is a core priority. We understand that our platform processes sensitive personal and professional information, and we are committed to protecting that data through robust technical, administrative, and organizational safeguards.

This Security Overview provides transparency into our security practices, controls, and commitments.

Infrastructure Security

Cloud Infrastructure

Cynorex is hosted on enterprise-grade cloud infrastructure operated by a leading global cloud service provider. This provider maintains independent, third-party security certifications and audits, including:

SOC 2 Type II

Covering Security, Availability, and Confidentiality controls

ISO/IEC 27001

Information Security Management Systems

These certifications apply to the underlying cloud infrastructure and physical data centers. Cynorex operates under the cloud provider's shared responsibility model and implements additional security controls at the application, data, and operational layers.

Our hosting environment is designed with:

  • Geographic redundancy across multiple availability zones
  • Automated backup and disaster recovery mechanisms
  • Physical security controls at data center facilities, including restricted access and surveillance

Network Security

  • Network firewalls and traffic filtering
  • Distributed denial-of-service (DDoS) protection
  • Web Application Firewall (WAF) protecting platform endpoints
  • Network segmentation to reduce lateral movement
  • Periodic security testing and assessments

Data Protection

Encryption

Data in Transit

All data transmitted to and from the Platform is encrypted using industry-standard transport encryption (TLS 1.2 or higher). HTTPS is enforced across all services.

Data at Rest

Stored data is encrypted using strong encryption standards (such as AES-256). Encryption keys are managed securely using cloud-based key management services.

Data Handling and Retention

  • Data collection is limited to what is necessary to operate the Platform
  • Logs and monitoring systems are designed to avoid storing unnecessary sensitive data
  • Data is retained only as long as required for legitimate business or legal purposes
  • Secure deletion procedures are applied when data is no longer required

Database Security

  • Databases are deployed in private network environments without direct public access
  • Regular security updates and patching
  • Backup and recovery capabilities, including point-in-time recovery where supported
  • Monitoring and alerting for unusual or suspicious activity

Access Controls

Authentication

  • Secure password requirements
  • Rate limiting and account lockout protections
  • Session management with automatic expiration
  • Support for multi-factor authentication (MFA)
  • Enterprise single sign-on (SSO) integrations where available

Authorization

  • Role-based access control (RBAC)
  • Principle of least privilege for all internal systems
  • Granular permissions for employer accounts
  • Logging of administrative and sensitive actions
  • Periodic access reviews

Monitoring and Detection

  • Continuous automated monitoring of platform activity
  • Centralized logging and alerting
  • Detection of anomalous or suspicious behavior
  • On-call security response procedures for escalations

Vulnerability Management

  • Regular vulnerability scanning of systems and dependencies
  • Periodic third-party security testing
  • Responsible disclosure process for reporting vulnerabilities
  • Timely remediation of identified issues based on severity

Compliance and Privacy

Cynorex aligns its security and privacy practices with applicable regulatory requirements, including:

  • GDPR and UK GDPR
  • CCPA and CPRA
  • Applicable U.S. state privacy laws

For enterprise customers, supporting documentation such as Data Processing Agreements (DPAs) may be provided upon request, subject to confidentiality obligations.

Incident Response

Cynorex maintains an incident response process designed to identify, contain, and remediate security incidents efficiently.

Incident Response Lifecycle

1

Detection

Identification of potential security events

2

Assessment

Evaluation of severity and scope

3

Containment

Actions taken to limit impact

4

Remediation

Resolution of root cause

5

Recovery

Restoration of affected systems

6

Review

Post-incident analysis and improvement

Breach Notification

If a security incident results in a breach of personal data, Cynorex will notify affected users and relevant authorities in accordance with applicable law, including required notification timelines.

Employee Security

  • Background checks for employees with elevated access
  • Security and privacy awareness training
  • Secure workstation and endpoint protection standards
  • Confidentiality obligations for all personnel
  • Prompt access revocation upon role change or termination

Third-Party Security

  • Security and privacy due diligence before onboarding vendors
  • Contractual security and confidentiality obligations
  • Ongoing vendor risk reviews
  • Limited data access based on necessity and role

Your Role in Security

Security is a shared responsibility. Users are encouraged to:

  • Use strong, unique passwords
  • Enable multi-factor authentication
  • Keep devices and browsers up to date
  • Remain alert to phishing attempts
  • Review account activity regularly
  • Report security concerns promptly

Reporting Security Issues

If you believe you have discovered a security vulnerability or suspect unauthorized access to your account, please contact us immediately at security@cynorex.com.

This Security Overview may be updated periodically to reflect changes in our practices or improvements to our security program. Any updates will be posted with a revised "Last Updated" date.