ISO 27001

Cycode is ISO27001 certified by a third party, managing information security risk in a way that complies with a robust design, implementation, and continuous monitoring framework.

Read More

SOC2 Type II

Cycode has completed a full third-party SOC 2 Type II audit. An independent auditor has evaluated our product, infrastructure, and policies to certify that Cycode complies with their stringent requirements.

Read More

CSA Star

Cycode has completed a CSA STAR Level 1 attestation. The CSA STAR Level 1 attestation confirms a cloud provider's self-assessment of security controls and documentation of security measures.

Read More


Ensuring all new vendors, assets and activities pertaining to processing personal data are subject to a review of privacy, security, and compliance.


Privacy by Design

Ensuring personal data is properly collected, stored, and documented.



Retaining customer data only for the duration of the customer’s contract with a limited additional retrieval period for the benefit of our customers.


Data Transfers

Ensuring relevant processes are followed for transfers of personal data outside the European Union / UK. For more information, see our Privacy Policy here.


EU Rep and DPO

Designating MyEDPO as our DPO and EU Representative under Article 27 of the EU GDPR.


Data Protection Addendum

Providing all our customers with the opportunity to enter a Data Processing Addendum, for ensuring the protection and proper processing of their personal data.


Global or EU Data Regions

Offering our enterprise SaaS customers the ability to choose their data hosting locations, either EU data residency or Global (US) data residency, both hosted by the leading cloud providers – Amazon Web Services (AWS) and Google Cloud Platform (GCP).


Sub-Processor Info

Upon request or via our documentation, providing customers with information regarding affiliates and trusted third-party vendors that Cycode engages as sub-processors to support its services.


Government Requests

Cycode will only provide access to personal data in response to written authorized government requests when required to respond to valid binding and properly issued government processes that satisfy legal requirements.


Our customers can deploy on either public cloud or on private cloud and on-premises environments via our Cycode Enterprise Server offering. This gives our customers full control over their own resources, services, and data to meet the highest security and privacy standards.

Defense in Depth

To avoid a single point of failure, security is built in layers. At Cycode we have implemented many layers of defense to ensure the security of our customers’ data. 
This includes the following: Organizational Security, Cloud Security, Access Security, Vendor and Risk Management.


The team at Cycode believes in transparency and provides full visibility into our privacy policie and agreements. Our privacy policy outlines our handling of personal data, its usage, and your rights related to it. 
Our subprocessor list provides a complete rundown of the third-party service providers we work with and the locations and services they provide.

Responsible disclosure

The security of our data is a crucial issue for Cycode, and we are confident that by collaborating with talented security researchers, we can detect and address any security weaknesses in our technology.

Contact Cycode’s security team directly at: