Trust Center
How we keep your data and team safe
Privacy, security, compliance, and contract artifacts in one place. For procurement teams reviewing CymBytes — or anyone who wants to know how we operate. Last updated May 28, 2026.
Published policies
Public documents that govern your use of CymBytes and our handling of your data. No login required.
Terms of Service
The agreement that governs use of the platform, including acceptable use, intellectual property, liability, export controls, and sanctions.
Read the Terms→Privacy Policy
How CymBytes collects, uses, shares, and protects personal data. Aligned with GDPR principles and the Indian Digital Personal Data Protection Act.
Read the Privacy Policy→Subprocessors list
Third-party providers we engage to deliver the platform — hosting, identity, AI providers, and more — with a 30-day change-notice commitment.
View subprocessors→Security and operations
Architecture, controls, and operational practices that protect your data and your lab environments.
Security Overview
Hosting architecture (Microsoft Azure, multi-region), encryption in transit and at rest, identity and access controls, monitoring, incident response, and personnel practices.
Request the Security Overview→Security questionnaires
We return completed CAIQ Lite or SIG Lite questionnaires (or your own template) within five business days of request.
Send us your questionnaire→Vulnerability disclosure
Report suspected vulnerabilities directly to the security team. We acknowledge in one business day and work with researchers to validate and remediate.
security@cymbytes.com→Contracts and data processing
Signable artifacts your legal and procurement teams need to close a deal.
Master Services Agreement
Enterprise MSA with order-form template, service-level commitment (Schedule B), and the same substantive terms as our public Terms of Service.
Request the MSA→Data Processing Agreement
Processor DPA incorporating the EU Standard Contractual Clauses (2021, Module 2) and UK IDTA for transfers, and aligned with the Indian DPDP Act.
Request the DPA→Mutual NDA
A standard mutual non-disclosure agreement for pre-contract evaluation, proofs of concept, and security reviews.
Request an NDA→Compliance posture
An honest snapshot of where we are. We do not claim certifications we have not achieved — see Security Overview §11 for the full table.
GDPR / UK GDPR
Privacy Policy and DPA reflect GDPR principles. EU representative will be appointed before active EU outreach. Transfers from EU/UK to India are governed by SCCs 2021 Module 2 and the UK IDTA.
See Privacy Policy→India DPDP Act, 2023
Privacy Policy aligned. Grievance contact is privacy@cymbytes.com. Data Protection Officer not yet required at our scale.
See Privacy Policy→SOC 2 Type 2
Not yet started. On our 2026 roadmap as customer demand justifies. We are happy to discuss our timeline.
Discuss timeline→Talk to a human
Doing a security review, drafting a procurement requirement, or just need a specific artifact in a specific format? Email the team that owns the answer.