Cypherz.
Start free

United States · SOC 2

SOC 2 controls for AI workloads

SOC 2 isn't a regulation — it's an attestation framework based on five trust criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy). For AI workloads, the Confidentiality and Privacy criteria are the hard ones to map. Cypherz is the missing puzzle piece: it gives auditors something concrete to point to under 'how do you protect customer data sent to AI vendors.'

Start freeTry the free PII detector

  • 01

    Audit log export

    Pull a structured audit trail for any project and hand it to your assessor.

  • 02

    Encryption by design

    Per-project vault keys, master-key envelope encryption, argon2id password hashes.

  • 03

    Subprocessor list

    We publish ours; LLM providers you choose are upstream subprocessors disclosed on a project basis.

What SOC 2 requires you to do

• CC6.1 — Logical access — Restrict logical access to data based on roles. Cypherz's per-project keys, API keys, and admin RBAC map cleanly.

• CC6.7 — Data in transit — Cypherz proxy uses TLS 1.3 between you and us, and onward to the AI provider.

• CC7.2 — Logging and monitoring — Every tokenize, detokenize, and proxy call is logged with action type, project, and metadata.

• C1.1 — Confidentiality — Sensitive data tokenized before transit. AES-256-GCM with envelope encryption at rest.

How Cypherz helps

• Audit log export — Pull a structured audit trail for any project and hand it to your assessor.

• Encryption by design — Per-project vault keys, master-key envelope encryption, argon2id password hashes.

• Subprocessor list — We publish ours; LLM providers you choose are upstream subprocessors disclosed on a project basis.

Important caveat

SOC 2 attestation is your auditor's call. Cypherz provides controls; your CPA assesses them.

Common questions

Frequently asked.

Does Cypherz make my app SOC 2-compliant by itself?

No tool can — compliance is a posture across people, process, and technology. Cypherz handles a critical technical layer (pseudonymization, encryption, audit logging) but you still need policy, training, and assessment.

Where is Cypherz hosted?

EU (Hetzner — Helsinki and Falkenstein) by default for the managed product. Self-host anywhere with one docker-compose command if your compliance posture requires it.

Do you sign formal agreements?

Yes — Business and Enterprise tiers include DPAs and BAAs. We're working through SOC 2 Type II audit; ask for our latest report.

Can I get an audit log export?

Yes — every action is logged with structured metadata, exportable via the API. Common formats supported for SIEM ingestion.

Get started

Bring your AI features into SOC 2 scope cleanly.

Sign up free. Create a project. The audit trail starts logging from request one.

Start freeTry the free PII detector

Other compliance topics