Security at Pyq

‍

Security at Pyq

‍

Security and privacy at Pyq
We are committed to delivering a safe, reliable and privacy-conscious AI product development experience. As stewards of your data, we undertake several steps to ensure the security of our platform and solutions.

‍

Governance
We adhere to the highest standards available to us, monitor compliance with these standards, and transparently communicate our security and compliance metrics to independent auditors.
Our guiding principles include:
‍

1. Access to all of our systems must abide by the principle of least privilege.
2. Security standards are uniformly executed across all of our offerings.
4. Our security efforts must evolve frequently to improve efficiency, verifiability, and user-friendliness.

‍

Security and Compliance at Pyq
Pyq is actively pursuing several compliance certifications, including SOC2, HIPAA, GDPR and ISO.

‍

Data Protection

1. All data storage, including GCS buckets, is encrypted. Database tables containing sensitive information are also encrypted at the row-level, which means even database access doesn’t compromise important customer data.

2. Pyq uses HTTPS for all data transmission over the internet. We use GCP for certificates and load balancing.

3. Passwords are never stored in our system. Rather, we use Auth0, a leading authentication vendor, to store that information.

4. You can always request access to, or deletion of, your data by emailing us at team@pyqai.com

‍

Product security

1. Annually, Pyq undergoes a penetration test via well known consultants. Every aspect of Pyq's product and cloud infrastructure undergoes rigorous testing, and the complete source code is available to testers to ensure thorough examination.
2. Pyq undergoes vulnerability scans regularly‍

Enterprise security
All organizational devices undergo central management, equipped with mobile device management software and advanced anti-malware tools. We utilize the solution provided by Agency for this.

‍

Vendor security
Pyq adopts a risk-centric vendor security approach, factoring in:
- Access to corporate and client data.
- Integration capabilities with production setups.
- Potential implications for the Pyq brand.

After assessing the inherent risks, vendor security is gauged to finalize a risk profile and make an informed decision regarding the partnership.

We primarily use GCP and Microsoft Azure as our cloud providers, and Auth0 as our authentication provider. We are happy to provide a full list of our vendors upon request, along with a detailed description of how we ensure secure integrations with them.

‍

Security education
Every Pyq employee undergoes extensive security training upon joining and then annually.

We are committed to remaining continuously informed about potential threats and security updates.

‍

Identity and access management
Pyq trusts Auth0 for identity and access management. Role-based access is the norm, and any employee departure triggers automatic access revocation. Specific application access follows predefined policies.

‍

Data privacy
Pyq places unparalleled emphasis on data privacy, aiming to be the epitome of data guardianship.

‍‍

Regulatory compliance
We continuously monitor regulatory updates, adapting our program as needed.

‍

Privacy Policy
View Pyq’s Privacy Policy‍ here

‍