Security
Discover how Hyra prioritises security. Learn about our security measures and how to report potential vulnerabilities.
For inquiries about Hyra’s architecture, data handling practices, or any specific questions regarding our data processing methods, please contact us at [email protected].
We are always available to address your queries.
Maintaining Data Security
- Our infrastructure is hosted on Railway, which is powered by Google Cloud.
- Our database is hosted on Hetzner.
- Our marketing website is hosted on Vercel.
- We utilise Cloudflare for DDoS attack protection.
- Data storage and compute locations are exclusively within the European Union or United Kingdom.
- All data is encrypted both at rest and during transmission.
- Daily encrypted backups of data are performed, retained for 30 days, and stored across three different locations.
Reporting Vulnerabilities
At Hyra, we hold security as a fundamental principle and appreciate contributions from external security experts who assist us in safeguarding the privacy and security of our users and systems.
Please report any security vulnerabilities or suspicions to the contact details provided below.
Guidelines for External Security Researchers
We expect all security researchers to:
- Conduct their research responsibly, ensuring no privacy breaches, service degradation, production system disruptions, or data destruction (including denial of service).
- Provide clear, concise reports, and include a proof-of-concept if possible.
- Limit interactions to personal or designated test accounts. Do not access or alter our or our users’ data without our express permission.
- Maintain confidentiality of any discovered vulnerabilities until we have had a 30-day period to address the issue.
In response to your adherence to these guidelines, we pledge to:
- Refrain from legal action related to your research.
- Collaborate with you for a swift resolution (including acknowledging your report within 72 hours).
While we don’t have a formal bug bounty or security program, we may choose to reward researchers who adhere to our policy and uncover a confirmed high-severity vulnerability, on a case-by-case basis.
Contact Information for Security Concerns
To report a security vulnerability, please email [email protected].
Sam will address security-related inquiries within 48 hours.