Skip to content

Trust Center

Trust is an engineering discipline.

How we approach security, availability, and data protection — stated plainly, without badges we haven't earned.

Security by architecture

Least-privilege access, encrypted transit and rest, secrets in managed vaults, and dependency policies enforced in CI. Security controls live in the request path, not in a PDF.

Availability, published

Client platforms carry contractual SLAs with published error budgets. Incidents get a public post-mortem within five business days — cause, impact, and the fix that shipped.

Data protection

Data residency honored per jurisdiction, retention limited to stated purpose, and subject-access requests answered within 30 days. We collect the minimum and can prove it.

Honest posture

No compliance badges we haven't earned, no fabricated uptime numbers. Certification programs in progress are listed as exactly that.

Practices

  • Access control

    SSO + hardware-key MFA internally; role-scoped, time-bound production access with full audit trail

  • Encryption

    TLS 1.3 in transit; AES-256 at rest; customer-managed keys supported on enterprise engagements

  • Development

    Signed commits, mandatory review, CI gates for tests, types, and dependency audit on every merge

  • Incident response

    24×7 on-call, rehearsed runbooks, client notification within contractual windows

  • Business continuity

    Tested backups, documented RPO/RTO per system, annual disaster-recovery drills

  • Vendor management

    Subprocessors reviewed annually and listed in engagement DPAs

Security questionnaires, DPAs, and subprocessor lists are available under NDA — write to security@algoryq.tech.

Ask us the hard questions.