― Security
How we protect your data
We're a cybersecurity product. Practicing what we preach is the only credible posture — here's the short version of how we do it.
Encryption everywhere
AES-256 at rest in DynamoDB and S3. TLS 1.3 in transit. Application secrets stored in AWS Secrets Manager with KMS-managed keys.
Authentication
AWS Cognito user pools with email verification, password policies enforcing length and complexity, optional MFA, and social login via Google with OIDC.
Data minimization
We collect only what's required to compute your score and run monitoring. Card numbers never touch our infrastructure — Stripe handles all payment data.
Infrastructure
Hosted on AWS in us-east-1 with a SOC 2-aligned configuration. CloudTrail audit logging on all API calls. Least-privilege IAM with no long-lived production access keys.
Dark web checks (k-anonymity)
Watch tier breach checks use Have I Been Pwned and the Pwned Passwords k-anonymity model — we never send full passwords or hashes over the wire.
Disclosure
Found a vulnerability? Email security@cybersaviq.com with details. We commit to acknowledging within 48 hours and won't pursue good-faith researchers.
Report a vulnerability
Email security@cybersaviq.com with steps to reproduce. We'll respond within 48 hours and credit you in our disclosure log if you wish.