Maintaining Data Security
- Our infrastructure is hosted on Railway, which is powered by Google Cloud.
- Our database is hosted on Hetzner.
- Our marketing website is hosted on Vercel.
- We utilise Cloudflare for DDoS attack protection.
- Data storage and compute locations are exclusively within the European Union or United Kingdom.
- All data is encrypted both at rest and during transmission.
- Daily encrypted backups of data are performed, retained for 30 days, and stored across three different locations.
Reporting Vulnerabilities
At Hyra, we hold security as a fundamental principle and appreciate contributions from external security experts who assist us in safeguarding the privacy and security of our users and systems. Please report any security vulnerabilities or suspicions to the contact details provided below.Guidelines for External Security Researchers
We expect all security researchers to:- Conduct their research responsibly, ensuring no privacy breaches, service degradation, production system disruptions, or data destruction (including denial of service).
- Provide clear, concise reports, and include a proof-of-concept if possible.
- Limit interactions to personal or designated test accounts. Do not access or alter our or our users’ data without our express permission.
- Maintain confidentiality of any discovered vulnerabilities until we have had a 30-day period to address the issue.
- Refrain from legal action related to your research.
- Collaborate with you for a swift resolution (including acknowledging your report within 72 hours).