Compliance Matrix
| Framework |
Status |
Audit Period |
Report Available |
| SOC 2 Type II |
Certified |
Annual (Jan–Dec) |
Under NDA |
| ISO/IEC 27001:2022 |
Certified |
Triennial + annual surveillance |
Under NDA |
| HIPAA |
Ready |
N/A (architecture) |
BAA available |
| GDPR |
Compliant |
Ongoing |
DPA + SCC available |
| CCPA/CPRA |
Compliant |
Ongoing |
Documentation available |
| FedRAMP Moderate |
In Progress |
— |
Contact federal@cyfr.technology |
| PCI DSS |
SAQ-A |
Annual |
Under NDA |
SOC 2 Trust Services Criteria
| Criterion |
Status |
Controls |
| Security |
In Scope |
Access control, encryption, monitoring, incident response |
| Availability |
In Scope |
Redundant infrastructure, disaster recovery, uptime SLAs |
| Processing Integrity |
In Scope |
Data validation, quality assurance, error handling |
| Confidentiality |
In Scope |
Encryption, access controls, data classification |
| Privacy |
In Scope |
Data minimization, consent management, data subject rights |
Subprocessor List
| Provider |
Service |
Location |
Data Processed |
| Hetzner Online GmbH |
Infrastructure hosting |
Germany |
Encrypted customer data |
| Linode LLC |
Email delivery |
United States |
Account metadata |
| Cloudflare Inc. |
DNS, CDN |
Global |
DNS queries |
Subprocessor changes are communicated 30 days in advance. Subscribe to notifications: compliance@cyfr.technology.