Skip to main content
Security & Privacy

Trust & Compliance

Your data security is our priority. Learn how Soryxa protects validation workflows with provider-backed infrastructure, application-level controls, and clear retention practices.

GDPR Request Support

DPA and data subject request support for customer privacy workflows

CCPA Request Support

Support for California privacy access and deletion request workflows

DigitalOcean SOC Reports

Hosting provider SOC 2 Type II and SOC 3 Type II coverage

Encryption Controls

Encryption controls for data in transit and at rest

GDPR Request Support

Soryxa supports GDPR-related customer workflows with a DPA request path, data subject request intake, limited validation retention, and privacy contact routing. Customers remain responsible for applying these controls to their own obligations.

  • Lawful-basis documentation available for review
  • Data Processing Agreement (DPA) available on request
  • Request support for access, rectification, and deletion workflows
  • API log retention selectable at 7, 30, or 90 days; default 90 days
  • No data selling or sharing with third parties
Request DPA

EU GDPR

General Data Protection Regulation

CCPA

California Consumer Privacy Act

CCPA Request Support

Soryxa supports California privacy request workflows, including access and deletion intake, retention details, and privacy contact routing for customer requests.

  • No sale of personal information
  • Request intake for access and deletion workflows
  • Retention details for validation and API logs
  • Privacy contact routing for customer requests
  • Non-discrimination for exercising rights

Data Processing & Retention

We are transparent about how we handle your data and for how long.

Data Type Purpose Retention or handling
API request logs Validation evidence and operational troubleshooting Team selects 7, 30, or 90 days; default 90 days
Stored email identifiers Support, review, and batch workflows Plaintext, redacted, or hashed; hashed by default
Account data Service provision Account lifetime
Billing data Payment processing As required by law

Data handling report

Generate and audit a team report covering privacy settings and stored record counts.

Hash lookup preview

Preview matching logs, review items, and batch results from a SHA-256 email hash before acting.

Deletion by hash

Permanently remove matching email identifiers and scrub stored request evidence for the current team.

Retro-anonymization

Apply redacted or hashed handling to historical plaintext logs and batch results with an audit record.

Your Data Rights

You have control over your data. Exercise your rights at any time.

Right to Access

Request a copy of all data we hold about you

Request Data →

Right to Deletion

Request deletion of your personal data

Request Deletion →

Right to Rectification

Update or correct your personal information

Update Data →

Right to Restrict

Limit how we process your data

Contact Us →

Security Practices

How we protect your data at every level.

Encryption

Data is encrypted in transit with TLS and API keys are hashed before storage. At-rest encryption is handled through the configured infrastructure and storage services.

Infrastructure

Hosted on DigitalOcean infrastructure covered by DigitalOcean SOC 2 Type II and SOC 3 Type II reports. Soryxa applies application-level access controls, encryption, and retention practices on top of that infrastructure.

Access Control

Application access is limited by role-based controls, with administrative activity logged and reviewed.

Questions About Compliance?

Our team is here to help.

Privacy Inquiries
privacy@elvesora.com
DPO Contact
dpo@elvesora.com
Security Issues
security@elvesora.com