Security posture
We use a data-minimising website architecture, HTTPS, limited access, vendor review and project-specific controls for client work. The public website does not provide user accounts, checkout processing, file uploads or a customer portal.
No unsupported certification claims
We do not currently claim SOC 2, ISO 27001, PCI-DSS or similar certification on this website. If a certification is achieved later, this page should be updated with the scope, date and evidence available to clients under appropriate confidentiality terms.
Website data minimisation
- No user accounts on the public website.
- No card collection on the public website.
- No optional analytics or advertising vendor is currently configured.
- First-party consent storage is used to remember cookie and privacy choices.
- Website enquiry fields are limited to the information needed to review a brief.
Operational safeguards
- Access to client workspaces should be limited to people with a business need.
- Credentials and secrets should be shared through secure channels, not public chat.
- Client systems should use MFA where supported.
- Security-sensitive work should have a written scope and approval trail.
Incident response
Suspected security incidents should be reported to support@cyberonedigital.com. We aim to investigate promptly, contain impact, notify affected clients where appropriate, and support any legally required notifications.
Client responsibilities
Clients remain responsible for approving changes, maintaining account ownership, managing internal access, backing up critical data, and complying with laws that apply to their own operations. Project agreements may add more detailed security terms.
Security contact
To report a vulnerability or security concern, email support@cyberonedigital.com with enough detail for us to reproduce and investigate the issue.