Protecting the data of our customers is our utmost priority at Hypatos. We have implemented a comprehensive set of security best practices to meet the highest industry standards and ensure the confidentiality, integrity, and availability of our platform
Demonstrating commitment to prioritizing and investing in robust security measures, Hypatos has established an independent security team, reporting directly to the CEO, to develop, implement, and maintain our security program. The team also collaborates closely with our customers, ensuring their specific security requirements are met, and provides guidance and best practices to our engineering and product teams.
Hypatos maintains ISO 27001 certification and SOC 2 Type II attestation and we are also compliant with HIPAA, GDPR and CCPA. In addition, our cloud services are part of the Security, Trust, Assurance, and Risk (STAR) Level 1 Registry, developed by the Cloud Security Alliance (CSA), and Hypatos maintains its own version of the Consensus Assessments Initiative Questionnaire (CAIQ). The CAIQ is an industry-accepted format to document implemented security controls in cloud services, thereby promoting transparency and helping prospects and customers evaluate the security posture of SaaS providers.
Our compliance documentation, including SOC 2 report, ISO 27001 certificate and CSA CAIQ is available as part of our Trust Report.
All customer data is encrypted through industry-accepted standards: AES 256 for data at rest and TLS 1.2 or higher for data in transit.
We perform third-party penetration testing at least on an annual basis, which covers the top 10 security risks listed by the Open Web Application Security Project® (OWASP). Summary penetration test reports are available via our Trust Report.