Safer with us than where it leaked from
Soryx exists to remove your personal data from the open market. So the data we do hold is protected by the strongest controls we know how to build - encrypted, EU-resident, and minimised by design.
Encrypted · EU-hosted · Never sold · Delete anytime
Security controls
The measures that keep your personal data safe while it's in our care - and minimal by the time it isn't.
Encryption at rest & in transit
Every byte is encrypted in transit with TLS 1.2+ and at rest with AES-256. The personal data we hold - the identifiers we use to assert your erasure rights - is additionally encrypted at the field level.
EU data residency
Your data lives in AWS eu-west-1 (Ireland) and never leaves the EU. Hosting, database, backups and AI inference all run inside European regions - no transfers outside the bloc.
Least-privilege access
Access is role-based and scoped to what each function strictly needs. Production access is short-lived, individually attributed, and protected with mandatory multi-factor authentication.
Audit logging
Every access to personal data and every removal action is recorded to an append-only audit trail. We can show you who touched what, when, and why - and so can you.
Secrets management
Credentials and keys are held in a managed secrets vault, rotated on a schedule, and never committed to source or exposed to client code. Encryption keys are managed through AWS KMS.
No model training on your data
Your data is yours. We do not - and contractually cannot - use it to train AI models, ours or a vendor's. The assistant runs on EU-hosted inference scoped to your own footprint only.
Principles we build on
Three commitments that shape every technical and product decision at Soryx.
Data minimisation
We collect only the identifiers needed to find and erase your exposure - and we delete them when you ask. Less data held is less data at risk.
EU-established
Soryx is built and operated in the European Union, under EU law, by a team accountable to EU regulators. GDPR isn't a compliance overlay - it's the architecture.
Encrypted by default
There is no unencrypted path for your personal data. Encryption is on everywhere, all the time, with no setting to switch it off.
Standards & certifications
GDPR is in our foundations today. SOC 2 and ISO 27001 are underway - we'll mark them live here the moment they're certified.
GDPR-native
Built around Article 17 erasure from day one, operated inside the EU.
SOC 2 Type II
Controls implemented; independent audit underway.
ISO/IEC 27001
Information-security management system being formalised for certification.