Security at HYVOR

Learn how HYVOR ensures the security of your data

Security Policies

- Application Security

  • End-to-end encryption for all data in transit and at rest
  • Multi-level rate limiting to prevent API abuse and brute force attacks
  • Robust code review process with automated and manual testing before deployment (SDLC)
  • Regular dependency checks and updates to prevent vulnerabilities
  • Support for 2FA for all user accounts
  • API Key-based authentication for all API requests

- Infrastructure Security

  • DDoS (Distributed Denial of Service) protection implemented on all servers
  • All servers are protected by a firewall
  • 24/7 real-time server monitoring and alerting system
  • Servers housed in ISO 27001 certified data centers in Germany 🇩🇪
  • SSH access restricted to authorized personnel using SSH keys and 2FA-enabled WireGuard VPN
  • All servers running latest patched version of Ubuntu LTS with automatic security updates
  • DNSSEC implemented on all domains to prevent DNS spoofing
  • TLS 1.2+ enforced for all connections
  • Zero trust network architecture with least privilege access
  • Backups are taken daily and stored in a separate data center

- Team Security

  • Mandatory multi-factor authentication (MFA) for all team members accessing company systems
  • Virtual Private Network (VPN) required for accessing company resources remotely
  • Regular security audits of all development, staging, and production environments
  • Data handling policies aligned with GDPR and other relevant regulations
  • Regular security assessments of third-party tools and services.
  • Incident response plan with clearly defined roles and procedures

As part of our Enterprise plan, we are happy to provide additional security documentation including internal incidence response plans, breach notification procedures, information security policies, and more. We are also open to third-party security audits and penetration tests.

Vulnerability Disclosure

If you believe you have found a security vulnerability in HYVOR, please report it to us at [email protected]. Use our PGP key to encrypt your message.