Protecting the data of our customers is our utmost priority at Hypatos. We have implemented a comprehensive set of security best practices to meet the highest industry standards and ensure the confidentiality, integrity, and availability of our platform
Demonstrating commitment to prioritizing and investing in robust security measures, Hypatos has established an independent security team, reporting directly to the CEO, to develop, implement, and maintain our security program. The team also collaborates closely with our customers, ensuring their specific security requirements are met, and provides guidance and best practices to our engineering and product teams.
Hypatos is independently certified to SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, and BSI C5, and is compliant with HIPAA and GDPR.
In addition, our cloud services are part of the Security, Trust, Assurance, and Risk (STAR) Level 1 Registry, developed by the Cloud Security Alliance (CSA), and Hypatos maintains its own version of the Consensus Assessments Initiative Questionnaire (CAIQ). The CAIQ is an industry-accepted format to document implemented security controls in cloud services, thereby promoting transparency and helping prospects and customers evaluate the security posture of SaaS providers.
All audit reports and certificates are available in our Trust Report.
All customer data is encrypted through industry-accepted standards: AES 256 for data at rest and TLS 1.2 or higher for data in transit.
We perform third-party penetration testing at least on an annual basis, which covers the top 10 security risks listed by the Open Web Application Security Project® (OWASP). Summary penetration test reports are available via our Trust Report.
At Hypatos, we prioritize security in AI development by aligning with the OWASP Top 10 Risks for LLM Applications 2025 guidelines. Our approach ensures robust protection against emerging threats, safeguarding data integrity and user privacy.
