Klyrix/platform
Home

Built on a foundation of trust

Klyrix is the management layer for your VDI and RDP estate. You bring your own cloud; we bring the controls, the telemetry, and the compliance posture your auditors expect — without the lock-in.

Security

  • ·MFA (TOTP) and enterprise SSO (SAML, OIDC)
  • ·SCIM 2.0 provisioning with sha256-fingerprinted tokens
  • ·AES-256 at rest, TLS 1.2+ in transit
  • ·Append-only, partitioned audit logging
  • ·Postgres row-level security (RLS Phase 2)
  • ·Circuit breakers, rate limits, per-tenant quotas
  • ·Sanctions screening and 451 edge enforcement

Privacy

  • ·GDPR baseline, UAE PDPL primary, UK GDPR / KVKK / CCPA mapped
  • ·DPA available on request (GDPR Art. 28)
  • ·Cookie-less analytics; no advertising trackers
  • ·Self-service DSR portal at /legal/policies/data-rights
  • ·Subprocessor list published publicly

Compliance

  • ·SOC 2 Type I readiness — target 9-12 months
  • ·ISO 27001 readiness — target 18 months
  • ·UAE PDPL compliance program in flight
  • ·UAE Economic Substance Regulation (ESR) filings on time
  • ·VAT-registered in the UAE

Transparency

  • ·Public subprocessor list with 30-day change notice
  • ·Public status page at /status
  • ·Public SLA at /legal/policies/sla
  • ·Incident comms within 72 hours per GDPR / PDPL
  • ·Open security disclosure inbox at security@klyrix.com

Quick links

Legal CenterPrivacy NoticeDPASubprocessorsData RightsSLAAcceptable UseTermsStatus PageControl CoverageData Flowsecurity.txt

Certifications & attestations

Klyrix is not yet certified to ISO 27001 or SOC 2. Rather than claim what we don’t hold, we publish a transparent roadmap and live coverage data so you can evaluate where we stand today.

In preparation
ISO 27001:2022
Stage 1 target: 2027 Q1 · Stage 2 target: 2027 Q3
~85% of applicable controls implemented
In preparation
SOC 2 Type 2
Type 1 target: 2027 Q2 · Type 2 close: 2027–2028 cycle
~96% of applicable criteria implemented
Aligned with
UAE PDPL · GDPR · UK GDPR · KVKK · CCPA
Live data subject rights at /legal/policies/data-rights
Evidence pipeline

Klyrix runs continuous evidence collection (monthly snapshots, quarterly access reviews, append-only audit logs) since 2026-05. This is the foundation auditors need for SOC 2 Type 2 observation periods. View our live control coverage at /legal/trust/controls or the data flow at /legal/trust/data-flow.

Transparency surface

Read-only public artifacts you can fetch, audit, and reference in your vendor risk assessment.

Control Coverage

93 ISO 27001 Annex A controls + SOC 2 Trust Services Criteria with per-control implementation status and evidence references.

Data Flow

Where customer data lives, which sub-processors touch it, and the cross-border transfer mechanisms used (SCCs, DPF).

security.txt

RFC 9116 vulnerability disclosure contact, PGP encryption preference, and policy reference.

Recent readiness audits

Internal readiness audits — ISO 27001 readiness and SOC 2 readiness — are maintained as living documents in our compliance repository. Auditor and enterprise-customer copies are available on request from security@klyrix.com.

Top subprocessors

Full list
NameServiceRegion
Vercel Inc.Hosting, CDN, Edge runtimeUSA + EU
Supabase Inc.Database, Auth, Storageeu-central-1 (EU)
Stripe Payments Europe Ltd.Payments, invoicingEU (Ireland)
Resend Inc.Transactional emailUSA
Cloudflare Inc.DNS, WAF, bot managementGlobal edge

Security or privacy question?

Our security team replies within two business days.

security@klyrix.comprivacy@klyrix.com