Security is the product.
Security is also the practice.
CYBEREYE is built by vCISOs. We hold ourselves to the same standard we audit our customers against.
Read-only by default. Zero-retention by design.
Every integration is OAuth, scoped to read-only. We never ingest source data we don’t need. All LLM calls run under a zero-retention contract — your prompts and responses are never used to train models.
Israel + EU regions. Your choice, your contract.
Pick il-central-1 (Israel) or eu-central-1 (Frankfurt) at signup. Data never crosses regions without your explicit configuration. US data residency available for enterprise tier.
In transit. At rest. Always.
TLS 1.3 in transit. AES-256-GCM at rest. Per-tenant data encryption keys, rotated automatically every 90 days. Customer-managed keys (CMK) available on enterprise.
Your EDR data stays in the EU.
Endpoint telemetry from the CYBEREYE Agent is received and processed on our EU-hosted EDR backend (a Wazuh manager + indexer running on DigitalOcean, Frankfurt). Each customer’s telemetry is kept under strict per-customer isolation, encrypted in transit (TLS) and at rest (AES-256), and never commingled across tenants. The full list of sub-processors lives in our privacy policy.
Zero trust. MFA. IP allowlists.
Every login requires MFA. Granular role-based access control with least-privilege defaults. Optional IP allowlists per workspace. SSO via Microsoft Entra, Google Workspace, and WorkOS coming Q3.
GDPR today. SOC 2 + ISO 27001 in flight.
GDPR compliant from day one. SOC 2 Type 1 audit scheduled Q4 2026. ISO 27001 certification in progress with target completion Q1 2027. DPA available on request.
The full list. Always current.
| Provider | Use | Region |
|---|---|---|
| Vercel | Application hosting | EU edge |
| Supabase | Database + authentication | Frankfurt (EU) |
| Anthropic | LLM inference (Claude) | US — zero-retention contract |
| DigitalOcean | CYBEREYE Agent / EDR backend (Wazuh manager + indexer) | Frankfurt (EU) |
| GitHub | Source control + CI | US |
Bug bounty program
Public bounty launching alongside SOC 2. Until then, responsible disclosure via security@cybereye.co.il earns recognition, swag, and our gratitude.
security@cybereye.co.il