Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models

Security

Last revised: March 2026

1. Zero Trust Architecture

Our platform is built on a complete Zero Trust architecture. Each service is isolated through network micro-segmentation. Inter-service communications use mutual authentication (mTLS). Each component only has access to strictly necessary resources (least privilege). Every request is authenticated and authorized, with no implicit trust.

2. Encryption

All stored data is encrypted with AES-256 at rest (databases, files, backups). All communications use TLS 1.3 in transit. Encryption key management is centralized with automatic rotation. Backups are encrypted with KMS envelope and stored following the 3-2-1 rule.

3. Data Sovereignty

Deployable entirely on-premise on your infrastructure. You maintain full control over your data and your AI models. No data leaves your perimeter. Zaxyr offers several hosting options: EU sovereign cloud (France, Germany), MENA cloud (Qatar, UAE), Sovereign Cloud (Morocco, Saudi Arabia), on-premise deployment (Docker, Kubernetes), hybrid mode, and air-gapped for the most sensitive environments. Clients choose their region. AI models are trained and deployed within your infrastructure.

4. Certifications

Certification processes in progress. ISO 27001 and SOC 2 Type II audits are planned for 2026. Our AI engines are designed to comply with the European AI regulation (EU AI Act). A complete security dossier is available upon request for Enterprise clients.

5. Security Testing

We perform quarterly internal security audits, annual penetration tests by independent firms, and SAST/DAST analysis integrated into our CI/CD pipeline. Automated vulnerability scans run daily on infrastructure, and dependencies are continuously checked (SCA).

6. Responsible Disclosure

If you discover a security vulnerability, we encourage you to report it responsibly to [email protected]. We will acknowledge receipt within 48h and work with you to understand and fix the vulnerability. We will not pursue researchers acting in good faith. We ask that you do not access third-party data, do not degrade performance, do not disclose before fix, and allow us reasonable time (90 days).

7. Data Residency

Europe (France): GDPR, NIS2, DORA compliance. Middle East (Qatar): PDPL, PDPPL, NCA compliance. North Africa (Morocco): Law 09-08, DNSSI compliance. On-premise (client infrastructure): per local requirements.

8. Contact

Vulnerabilities: [email protected]. General questions: [email protected]. This policy may be updated. Last revised: March 2026.

Zaxyr LLCQFC 04626
Tornado Tower, West Bay, Doha, Qatar
[email protected]