Skip to content

Compliance Matrix

Framework Status Audit Period Report Available
SOC 2 Type II Certified Annual (Jan–Dec) Under NDA
ISO/IEC 27001:2022 Certified Triennial + annual surveillance Under NDA
HIPAA Ready N/A (architecture) BAA available
GDPR Compliant Ongoing DPA + SCC available
CCPA/CPRA Compliant Ongoing Documentation available
FedRAMP Moderate In Progress Contact federal@cyfr.technology
PCI DSS SAQ-A Annual Under NDA

SOC 2 Trust Services Criteria

Criterion Status Controls
Security In Scope Access control, encryption, monitoring, incident response
Availability In Scope Redundant infrastructure, disaster recovery, uptime SLAs
Processing Integrity In Scope Data validation, quality assurance, error handling
Confidentiality In Scope Encryption, access controls, data classification
Privacy In Scope Data minimization, consent management, data subject rights

Subprocessor List

Provider Service Location Data Processed
Hetzner Online GmbH Infrastructure hosting Germany Encrypted customer data
Linode LLC Email delivery United States Account metadata
Cloudflare Inc. DNS, CDN Global DNS queries

Subprocessor changes are communicated 30 days in advance. Subscribe to notifications: compliance@cyfr.technology.