Trust Center

CYE maintains independent third-party assurance and certifications, including ISO 27001, CREST and SOC 2 Type II. For a more detailed list, check out the certifications section.

CYE is committed to protecting personal data and supporting our customers’ GDPR obligations. Our security and privacy requirements include principles such as data minimization, appropriate retention, and secure deletion when data is no longer required.

Yes. CYE’s security requirements include encrypting sensitive data both in transit and at rest using industry-standard encryption, and CYE’s platform encrypts customer data in transit over public networks using TLS.

Access is governed by least privilege and role-based access control (RBAC), supported by strong authentication mechanisms such as multi-factor authentication (MFA). We also conduct periodic access reviews to ensure permissions remain appropriate.

CYE monitors information systems for potential security threats, anomalies, and unauthorized access attempts and performs regular audits to assess control effectiveness. In CYE’s platform, logins and actions performed are audited and monitored.

Yes. CYE maintains an incident response plan outlining processes for detecting, responding to, and recovering from security incidents, including communication protocols and defined roles.

CYE continuously monitors and mitigates newly published security vulnerabilities and performs ongoing security testing activities to verify CYE’s platform’s resilience. CYE also follows “Secure by Design” principles across the SDLC, with changes subject to verification and validation.

No. CYE AI does not use customer data, chatbot transcripts, or uploaded files for training or fine-tuning.

CYE’s platform is deployed in a multi-cloud configuration that incorporates AWS and DigitalOcean. The geographical regions where CYEs platform compute operates and data is stored include AWS Germany (Frankfurt), AWS US (North Virginia), and DigitalOcean Netherlands (Amsterdam).

Vendors and third-party service providers with access to organizational data or systems must meet CYE’s information security standards. CYE performs due diligence (including risk assessments and security audits) and includes contractual security requirements such as data protection measures, incident reporting, and access controls.