Trust & Compliance

    Enterprise Security & Compliance

    SOC 2 Type II certified, with HIPAA, PIPEDA, GDPR, and California (CCPA/CPRA) privacy controls. Built for enterprise trust with comprehensive security controls and audit trails.

    Core Certifications & Compliance

    SOC 2 Type II

    Audited by Johanson Group

    • Validates operational effectiveness of security controls
    • Regular testing and independent verification

    HIPAA Compliance

    Protected Health Information

    • Security controls mapped to HIPAA requirements
    • Ongoing monitoring and compliance assessments
    • Approved and used by U.S. clinics

    PIPEDA Compliance

    Canadian Privacy Standards

    • Alignment with Canadian privacy requirements
    • Validates operational effectiveness of controls
    • Regular testing and independent verification

    GDPR Compliance

    EU & UK Data Protection

    • Aligned with GDPR principles: lawful basis, purpose limitation, and data minimization
    • Acts as a data processor with Data Processing Addendum (DPA) and Standard Contractual Clauses available on request
    • Supports data subject rights: access, rectification, deletion, and portability

    California Privacy (CCPA/CPRA)

    California Consumer Rights

    • Operates as a service provider under CCPA/CPRA — customer data is not sold or shared for cross-context advertising
    • Supports consumer rights requests: know, delete, correct, and opt-out of sale/share
    • Sensitive personal information handled only for permitted business purposes

    Data Security Architecture

    Best-in-Class Encryption

    • AES-256 encryption for data at rest
    • TLS 1.2+ encryption for data in transit
    • Encrypted backups with secure key management

    Infrastructure Security

    • Hosted on Google Cloud Platform (GCP)
    • Multi-zone redundancy
    • Automated OS and security patching
    • Restricted and audited cloud access

    Access Control Systems

    • Role-Based Access Control (RBAC)
    • Multi-factor authentication (MFA)
    • Automated user provisioning/deprovisioning

    Security Operations

    Monitoring & Detection

    • 24/7 real-time threat monitoring
    • Automated security alerts and anomaly detection
    • Dedicated incident response ownership
    • Daily database backups and malware detection

    Proactive Testing

    • Regular penetration testing
    • Secure code reviews
    • Quarterly vulnerability scanning
    • Continuous security integration in CI/CD

    Incident Response

    • Documented incident response procedures
    • Regular tabletop exercises and drills
    • Automated alerting for rapid containment

    Data Governance & Privacy

    Data Protection

    • Defined data classification and retention policies
    • Routine access reviews and activity monitoring
    • Strict customer data segregation

    Privacy Controls

    • Privacy-by-design principles in product development
    • Data minimization and secure deletion practices
    • Clear and transparent data handling policies
    • Data subject and consumer rights requests (access, deletion, correction, opt-out of sale/share) handled within regulatory timelines

    Business Continuity

    Disaster Recovery

    • Comprehensive DR and resilience planning
    • Automated failover systems
    • Multi-region infrastructure

    Security Training

    • Mandatory employee security training
    • Ongoing education aligned with regulations

    Vendor Management

    • Strict vendor security requirements
    • Regular vendor risk assessments
    • Enforced vendor access controls and SLAs

    Security Concerns?

    Contact our security team at hello@pyrabuilds.ai