Security at

Enterprise-grade security features combined with
comprehensive audits of our applications, systems,
and networks ensure customer data is protected.

Cymulate’s Security Assurance

Our customers’ security is at the forefront of every
decision, every updated feature, and every new initiative
we take as a company.

Trust is never something we take for granted.

That’s why we’re rigorous about requiring Cymulate
employees to follow the latest in cyber hygiene. We
strive to be as informed and confident as possible in
every decision we make when it comes to our customers
data privacy.

Read the Brochure


Cymulate conducts a variety of audits to ensure continuous
compliance with industry standard best practices.

SOC2 Type II

Cymulate is certified and provides a third-party attestation report covering security, availability, confidentiality, and privacy.


An independent body has audited our compliance with these standard and issued our certificates. Cymulate’s compliance with these internationally recognized standards and code of practices is evidence that our security and privacy programs are in accordance with industry leading best practices.


  • ISO 27001:2013 – Information Security Management

A leading information security standard, detailing how an organization should manage its Information Security Management System (ISMS).


  • ISO 27701 – Security techniques

Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines.


  • ISO 27017- Information technology – Security Techniques

Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

CSA STAR Level 1

STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). This publishing allows Cymulate to show current and potential customers our security and compliance posture, including the regulations, standards, and frameworks we adhere to. See it on STAR based on ISO/IEC 27002 for cloud services.


We know that maintaining GDPR & privacy compliance is a top priority for your
business. That’s why Cymulate takes a holistic and personalized approach to
compliance, maintaining GDPR compliance ourselves, and enabling your
business to set its own compliance preferences, as a controller.

Cymulate employs data protection and privacy by design, combining
enterprise-grade security features with comprehensive audits of our policies,
applications, systems, and networks. Cymulate follows strict international
standards and regulations in order to keep your information safe and is SOC 2
Type II and ISO 27001 certified.

Cymulate’s privacy & security team includes a Data Protection Officer (DPO),
Chief Information Security Officer (CISO), who continuously ensure that
Cymulate’s practices and products comply with GDPR and similar regulations.
Our Terms and Conditions, Privacy Policy, and Data Processing Addendum
(DPA ) are up-to-date and reflect our GDPR readiness.

Data Center

Cymulate hosts all its software in Amazon Web Services (AWS) facilities. Amazon has an extensive list of compliance and regulatory assurances, including SOC II, and ISO 27001. See Amazon’s compliance and security documents for more detailed information.

All of Cymulate servers are located within Cymulate’s own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.

Cymulate conducts third-party network vulnerability scans and penetration tests at least annually.

By default, Cymulate encrypts data at rest and data in transit for all of our customers.


Does Cymulate have any security certifications?

Yes! Cymulate is certified as SOC2 Type II, many ISO certifications, and is CSA STAR Level 1. For a more detailed list, you can head to the certifications seciton.

Does Cymulate have an identify and access
management program?

Ensure that only the right people can access your company’s data in Cymulate with features like single sign-on (SSO) or two factor authentication (2FA).

Does Cymulate do any 3rd party audits?

We perform rigorous security testing including threat-modeling, automated scanning, and third-party audits. If an incident occurs, we resolve the issue quickly using our proven security incident response practices.

Does Cymulate do vulnerability scanning
or penetration testing?

Cymulate conducts third-party network vulnerability scans and penetration tests at least annually.

Does Cymulate have a dedicated security team?

Cymulate’s privacy & security team includes a Data Protection Officer (DPO), a Chief Information Security Officer (CISO), and an IT Manager.

How can I report a security issue?

Our Support team is here for any questions or issues. They are available at [email protected]

Data Center