Trust Center
Enhance your infrastructure's resilience, fortify security measures, ensure compliance, exercise administrative control, and unlock more with Cryptr.
-
- One or more annual third-party audit(s)
-
- Deletes customer data on request
-
- Has cyber insurance
-
- Annual third-party penetration testing
-
- Uses a centralized IAM solution (SSO) to manage employee access
-
- Has a bug bounty or vulnerability disclosure program
-
- Subprocessors list available
-
- Has a formal mobile device management (MDM) program
-
- Has an API available
-
- Will enter into a DPA
-
- Has a disaster recovery plan
-
- Has a status page
Controls
Application & Data Security
Cloud Security
Incident Management
Privacy
Cryptr can help you comply with GDPR.
Request Data Processing Agreement-
- According to Article 7 of GDPR, the personal data you collect must be limited to what is necessary. You have to be able to show that the user has consented, and provide you an easy way to withdraw consent at any time.
-
- According to Articles 15, 16, 17, and 19 of GDPR, your users have the right to get a copy of their personal data you are processing, ask for rectifications if they are inaccurate, and ask you to delete their personal data. Cryptr provides you an API, you can access, edit and delete user data.
-
- According to Article 5 of GDPR, the personal data you collect must be limited to what is necessary for processing. The data must be kept only as long as needed, and appropriate security must be ensured during data processing, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage.
-
- According to Article 20 of GDPR, users have the right to receive personal data concerning them in a structured, commonly used and machine-readable format. You can export user data, stored in Cryptr user directories, with the Cryptr API. The raw data from our API is in a machine-readable format: JSON format.
-
- According to Article 32 of GDPR, Cryptr implements appropriate measures to ensure a level of security, like data encryption, ongoing confidentiality, data integrity, and availability and resilience of processing systems and services. See the Architecture for security and the Architecture for resilience parts
Data Location
-
Zone: EU
Amazon Web Service
- Country: Germany
-
Zone: US
Google Cloud Platform
- Country: USA
-
Zone: ASIA
Amazon Web Service or Google Cloud Provider
- Country: SGP
Database has backups with a Point-in-Time Recovery system with encryption at rest.
Subprocessors
-
Infrastructure management
Platform As A Service for hosting, continuous integration and resilience. By the Head of Risk of Stripe
- Country: USA
-
HIPAA/PCI/PII Compliant, End to End Encryption Static IP’s using HTTPS/SOCKS
Depends on the plan you choose for your dedicated instance of Cryptr, we may use load balanced IP.
- Country: USA
- Error monitoring
- Country: NLD
-
Mailing API
Only for Magic link (login link by email) and notification
- Country: USA
- Payment API
- Country: USA
Internal Developers Audit
Cryptr is a security company, as security is our culture, we perform strict “Analysis of Software Composition,” this process is integrated with continuous integration which “checks before release a new version of Cryptr code source.”
Static Analysis (SAST) check before code delivery, the OWASP TOP 10, and the following family vulnerabilities (non-exhaustive list):
Dependency-Check with Software Composition Analysis (SCA) checks vulnerability presences in dependencies with CVE (Common Vulnerability Exposures database).
Runtime Application Self-Protection (RASP)
Cryptr detects unusual for functions to be created at runtime, so this can be used as a high-quality signal of malicious activity. Cryptr provides a runtime application self-protection (RASP) against remote code execution (RCE) exploits.
Denial of Service (DDoS) Protection
We use a Denial-of-service protection to every Cryptr instance. We’re using Cloudflare’s industry-leading DDoS protection infrastructure behind the scenes, and you don’t have to do anything to benefit. When your Cryptr it is automatically protected.
Architecture for Availability & Resilience
Cryptr is resilient by design
Request Disaster Recovery Plan-
- With our CPU scheduler
-
- Our software state is distributed through nodes, with a load balancer on the top
-
- Crashes have no impact on the server, thanks to our process supervisors
-
- In a few seconds, the standby DB becomes the new primary DB. When the degraded DB becomes healthy again, it becomes the new standby DB.
-
- Server is automatically transferred to a backup system when it fails or is temporarily shut down.
-
- With Point-in-time recovery (PITR), your database is continually archived. This can help you recover your database from unexpected data loss. With PITR, Cryptr can restore your database before the data loss occurred, up to 7 days ago.
Architecture for Security & Cryptography
Encryption and Signing
Data Encryption
Key Management
State-of-the-Art Secure Password
Trusted by
Security Experts
-
Jean-Baptiste Aviat
Staff Engineer for Security Products at Datadog - Ex-Head of Security at Apple
-
Enguerran Gillier
Senior Security Engineer at Meta (Facebook)