Skip to main content

Regulatory Compliance at CyberSanctus

Effective Date: 2nd December 2024

At CyberSanctus (operating under CST NETWORK SECURITY SERVICES LTD. in the UK), we are committed to maintaining the highest standards of compliance with applicable laws, regulations, and industry standards. This ensures that our services, including our SaaS solution CodeHound, meet rigorous security and privacy requirements while protecting our clients' data.

1. GDPR Compliance

CyberSanctus adheres to the General Data Protection Regulation (GDPR) for the protection of personal data of individuals within the European Union (EU) and the European Economic Area (EEA).

Key GDPR Principles We Follow:

  • Lawfulness, Fairness, and Transparency: We ensure that personal data is collected and processed transparently and only for legitimate purposes.
  • Data Minimization: We collect only the data necessary to provide our services.
  • Right to Access and Deletion: Users can access their data, request corrections, or permanently delete their account and associated data at any time.
  • Security: We implement robust technical and organizational measures to protect data from unauthorized access, alteration, or destruction.

For questions related to GDPR compliance, please contact us at info@cybersanctus.com.

2. PCI DSS Compliance

We use Stripe as our payment processor, which is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). This ensures that all payment transactions are handled securely and meet stringent security standards.

What This Means for You:

  • Your payment details are encrypted and processed securely.
  • CyberSanctus does not store sensitive payment information on its servers.

For more information about Stripe’s compliance, visit Stripe PCI DSS Compliance.

3. Confidentiality and Data Handling

a. Code Submission and Scanning

  • Code submitted for scans is processed in isolated Docker instances, which are destroyed immediately after the scan is completed.
  • Snippets of submitted code may be sent to OpenAI for generating findings and remediation descriptions. OpenAI adheres to strict confidentiality standards.

b. Data Protection Measures

  • Encryption: All data in transit and at rest is encrypted using industry best practices.
  • Access Control: Access to user data is restricted to authorized personnel only.
  • Incident Response: We have a robust incident response plan to address potential security threats promptly.

4. Cybersecurity Standards

As a cybersecurity company, we comply with globally recognized security frameworks to protect our infrastructure and services:

  • ISO/IEC 27001: While not certified, our internal processes align with the principles of this international standard for information security management.
  • OWASP Top 10: Our platform is regularly assessed to mitigate risks associated with common vulnerabilities outlined by OWASP.

CyberSanctus complies with valid legal requests, such as court orders or warrants, and cooperates with law enforcement agencies as required by law. We ensure that such disclosures are lawful, limited to the data explicitly requested, and conducted in a secure manner.

6. User Rights

We recognize the following rights of our users, in accordance with GDPR and other applicable regulations:

  • Right to Access: You can request access to your personal data.
  • Right to Rectification: Update or correct inaccuracies in your personal data.
  • Right to Deletion: Permanently delete your account and associated data.
  • Right to Restrict Processing: Limit the processing of your data under certain circumstances.
  • Right to Object: Object to the processing of your data for specific purposes.

To exercise any of these rights, contact us at info@cybersanctus.com.

7. Third-Party Compliance

We work with trusted third-party providers, each of which adheres to relevant regulatory and security standards:

  • Intercom: GDPR-compliant help desk services.
  • Stripe: PCI DSS-compliant payment processing.
  • OpenAI: Confidentiality obligations for AI-powered findings generation.

We carefully evaluate all third-party providers to ensure compliance with applicable laws and regulations.

8. Updates to This Page

We may update this Regulatory Compliance page periodically to reflect changes in laws, regulations, or our practices. Updates will be communicated through our website. Continued use of our services constitutes acceptance of the updated policy.

9. Contact Us

For questions or concerns about our compliance efforts, please contact us:

CyberSanctus is dedicated to upholding trust and transparency while delivering industry-leading cybersecurity solutions.