Skip to main content
Trust Center

Security & Compliance
Transparency

Enterprise-grade security with full transparency. Access our compliance documentation, security certifications, and data protection policies.

SOC 2 Type II (Zoho)
ISO 27001 (Zoho)
NIST PQC Aligned
Request Compliance Documentation

Enterprise Security

SOC 2 Type II compliant infrastructure

Certifications & Compliance

Our security posture is validated by independent third-party auditors and aligned with industry-leading frameworks.

SOC 2 Type II

Inherited

SOC 2 Type II certified through Zoho infrastructure. Annual third-party audits verify security, availability, and confidentiality controls.

Last Audit: 2025|Next: Annual
Zoho SOC 2 Certificate(PDF)
Control Mapping(PDF)

ISO 27001

Inherited

ISO 27001:2022 certified through Zoho infrastructure. Information security management system with continuous compliance monitoring.

Last Audit: 2025|Next: Annual surveillance
Zoho ISO 27001 Certificate(PDF)
ISMS Overview(PDF)

ISO 27017 / 27018

Inherited

Cloud security (ISO 27017) and cloud privacy (ISO 27018) certified through Zoho. Controls for cloud-specific security and PII protection.

Last Audit: 2025|Next: Annual surveillance
Zoho ISO 27017 Certificate(PDF)
Zoho ISO 27018 Certificate(PDF)

SOC 2 + HIPAA

Inherited

SOC 2 + HIPAA attestation through Zoho for healthcare data protection. BAA available for covered entities.

Last Audit: 2025|Next: Annual
Zoho SOC 2 HIPAA Certificate(PDF)
BAA Template(PDF)

NIST PQC

Aligned

Cryptographic implementations aligned with NIST Post-Quantum Cryptography standards (FIPS 203, 204, 205).

Last Audit: Ongoing|Next: Continuous alignment
PQC Implementation Guide(PDF)
Algorithm Transition Roadmap(PDF)

ISO 22301

Inherited

Business continuity management certified through Zoho. Ensures service resilience and disaster recovery capabilities.

Last Audit: 2025|Next: Annual surveillance
Zoho ISO 22301 Certificate(PDF)

Understanding Inherited Controls

What "Inherited" means: Qryptonic operates on Zoho's enterprise infrastructure, which holds SOC 2 Type II, ISO 27001, and other certifications. Under the shared responsibility model, we inherit these infrastructure-level controls.

What Qryptonic owns directly:

  • Application-layer security controls and code security
  • Access management and authentication policies
  • Data handling procedures and encryption key management
  • Security monitoring, incident response, and vulnerability management
  • Employee security training and background checks

Verification: Zoho's compliance reports are available at zoho.com/compliance. For questions about Qryptonic-specific controls, contact security@qryptonic.com.

Security Practices

How we protect your data and maintain the highest security standards.

Data Encryption

All data encrypted at rest (AES-256) and in transit (TLS 1.3). Quantum-safe encryption available for sensitive workloads.

Access Control

Role-based access control with MFA enforcement. Privileged access management with just-in-time elevation.

Infrastructure Security

SOC 2 compliant cloud infrastructure. Network segmentation, IDS/IPS, and 24/7 security monitoring.

Incident Response

24/7 security operations center. Documented incident response procedures with defined SLAs.

Secure Development Lifecycle

Security is integrated into every phase of our development process, from design through deployment.

Phase 1

Design & Planning

  • Threat modeling for all new features
  • Security requirements defined upfront
  • Architecture review by security team
  • Third-party dependency risk assessment
Phase 2

Development

  • Secure coding standards (OWASP)
  • Pre-commit hooks for secrets scanning
  • Automated SAST in CI pipeline
  • Peer code review with security checklist
Phase 3

Testing

  • Automated security unit tests
  • DAST scanning in staging environment
  • Dependency vulnerability scanning (SCA)
  • Manual penetration testing (quarterly)
Phase 4

Deployment & Operations

  • Infrastructure as Code with security policies
  • Immutable deployments with rollback
  • Runtime application self-protection (RASP)
  • Continuous security monitoring

Security Testing Cadence

Every Commit
SAST, Secrets Scan
Daily
Dependency Scan
Weekly
DAST Scan
Quarterly
Penetration Test

Data Protection Documents

Access our data protection agreements and privacy documentation. For sensitive documents, please contact our security team.

Data Processing Agreement (DPA)
Request
Privacy Policy
View
Subprocessor List
View
Data Retention Policy
Request
GDPR Compliance Statement
Request
CCPA Compliance Statement
View
Accessibility Statement
View
Security & VDP
View

Security Questions?

Our security team is available to answer questions about our security practices, compliance certifications, or to provide additional documentation for your vendor assessment.

security@qryptonic.com
Response within 24 hours
Contact Security Team

Vulnerability Disclosure

If you believe you have discovered a security vulnerability in our systems, please report it responsibly. We appreciate your help in keeping our platform secure.

Report a Vulnerability

Release & Deprecation Policy

Clear versioning, advance notice, and migration support for all platform changes.

Semantic Versioning

All platform components follow semantic versioning (MAJOR.MINOR.PATCH).

  • MAJOR: Breaking changes (90+ days notice)
  • MINOR: New features, backward compatible (30 days notice)
  • PATCH: Bug fixes, security patches (immediate or 7 days)

Deprecation Timeline

Announcement

90 days before deprecation. Email + in-app notice.

Sunset Warning

30 days before. Migration guides provided.

End of Life

Feature removed. Support for migration available.

API Stability Guarantee

  • Stable APIs maintained for minimum 24 months after deprecation notice
  • Breaking changes only in major versions with migration guides
  • Changelog published with every release