Security & Privacy

Trust & Compliance

Your data security is our priority. Learn how we protect your information and maintain the highest compliance standards.

GDPR Compliant

Full compliance with EU data protection regulations

CCPA Compliant

California Consumer Privacy Act compliance

SOC 2 Type II

Annual third-party security audits

256-bit Encryption

Bank-grade encryption for all data

GDPR Compliance

Soryxa is fully compliant with the General Data Protection Regulation (GDPR). We process data under the lawful basis of legitimate interest and offer Data Processing Agreements to all customers.

  • Lawful basis for processing (Legitimate Interest)
  • Data Processing Agreement (DPA) available on request
  • Right to access, rectify, and delete your data
  • 30-day data retention policy for validation logs
  • No data selling or sharing with third parties
Request DPA

EU GDPR

General Data Protection Regulation

CCPA

California Consumer Privacy Act

CCPA Compliance

We comply with the California Consumer Privacy Act (CCPA), ensuring California residents have full control over their personal information.

  • We do not sell personal information
  • Right to Know what data we collect
  • Right to Delete your data
  • Right to Opt-Out of data collection
  • Non-discrimination for exercising rights

Data Processing & Retention

We are transparent about how we handle your data and for how long.

Data Type Purpose Retention
Email addresses Validation processing 30 days
API logs Service improvement 90 days
Account data Service provision Account lifetime
Billing data Payment processing As required by law

Your Data Rights

You have control over your data. Exercise your rights at any time.

Right to Access

Request a copy of all data we hold about you

Request Data →

Right to Deletion

Request deletion of your personal data

Request Deletion →

Right to Rectification

Update or correct your personal information

Update Data →

Right to Restrict

Limit how we process your data

Contact Us →

Security Practices

How we protect your data at every level.

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are hashed and never stored in plain text.

Infrastructure

Hosted on SOC 2 compliant cloud infrastructure. Regular penetration testing and vulnerability assessments.

Access Control

Role-based access control. All access logged and monitored. Multi-factor authentication required.

Questions About Compliance?

Our team is here to help.

Privacy Inquiries
privacy@elvesora.com
DPO Contact
dpo@elvesora.com
Security Issues
security@elvesora.com
Request DPA Download Privacy Policy