How we protect the service and data — concise, without exposing operational details.
CYBER3 is exclusively defensive: detection, analysis, triage, remediation and hardening. We do not build or provide offensive tooling.
Account and usage data are hosted in the European Union, on EU-resident infrastructure.
Traffic encrypted in transit (TLS) and encryption at rest for stored data.
Key/role-based access with least-privilege and environment separation.
Sensitive actions go through human approval. Automation never touches the client's critical data paths.
A client's data is never displayed or used in demos, materials or toward other clients. Discretion is a core principle.
Ask CYBER3 runs with multi-layer guardrails and a strictly defensive scope; answers are grounded in evidence, with source citation.
We rely on the CYBER3 DATABASE — our proprietary threat-intel, continuously updated.
GDPR-aligned; NIS2-ready; ISO 27001-aligned controls (certification in progress). We do not claim certifications we do not hold.
External scanning is performed only on client-owned assets with verified ownership and authorization.
Report a security issue to [email protected]. We respond promptly and in a coordinated way.
Strictly necessary infrastructure/AI providers under a data processing agreement (DPA); backup and failover for continuity.