Clyros TechEngineering Excellence. Delivered with Precision.

Data Privacy & Cross-Border Compliance

Clyros Tech structures data handling, security controls, and compliance practices to support client obligations under applicable regulatory frameworks including GDPR, HIPAA, and industry-specific data protection requirements.

Data Protection Principles

Clyros Tech approaches data protection as fundamental requirement, not optional enhancement. Our data handling practices are designed to support client compliance obligations while enabling effective service delivery.

Data Minimization

We collect and process only data necessary for delivering agreed services. Access to client systems and data is limited to personnel with legitimate business need. Unnecessary data collection or retention is avoided.

Purpose Limitation

Data accessed during engagements is used only for specified purposes defined in engagement agreements. We do not repurpose client data for internal analysis, training, or other uses without explicit authorization.

Confidentiality

All client data is treated as confidential. Non-disclosure agreements govern data handling. Team members sign confidentiality commitments as condition of employment. Data is not disclosed to unauthorized parties.

Data Retention

Client data is retained only as long as necessary for service delivery and any applicable legal obligations. At engagement conclusion, data is returned to client or securely destroyed per agreed procedures.

Cross-Border Data Handling

International engagements often involve data transfer across jurisdictional boundaries. Clyros Tech structures these arrangements to support client compliance with applicable data protection regulations.

Data Transfer Mechanisms

For engagements involving transfer of personal data from European Economic Area (EEA) to India or other jurisdictions, we implement appropriate safeguards which may include:

  • Standard Contractual Clauses (SCCs) as approved by European Commission
  • Data Processing Agreements (DPAs) defining roles and responsibilities
  • Technical and organizational measures to protect transferred data
  • Onward transfer restrictions and subprocessor governance

Specific mechanisms are determined based on client jurisdiction, data types, and regulatory context.

Data Residency Options

Where client requirements mandate data remain in specific geographic locations, we structure engagements accordingly:

  • Cloud Infrastructure: Configure client cloud environments (AWS, Azure, GCP) to store data in required regions
  • Remote Access: Engineers access client systems remotely without data egress from client-controlled infrastructure
  • Anonymization: Where feasible, work with anonymized or synthetic data that does not trigger data protection requirements
  • On-Site Work: For highly sensitive contexts, engineers work on-site at client facilities

Subprocessor Disclosure

If Clyros Tech engages subprocessors (cloud providers, specialized service providers) that may access client data, we disclose these relationships and ensure appropriate data protection agreements are in place.

Clients are notified of subprocessor arrangements and may object to specific subprocessors based on their risk assessment and compliance requirements.

Regulatory Awareness

Important Note: Clyros Tech is not certified under GDPR, HIPAA, SOC 2, or other specific regulatory frameworks. We design our practices to support client compliance obligations and can align our processes with regulatory requirements. Clients retain ultimate responsibility for their own compliance.

GDPR Awareness (Europe)

For engagements involving processing of personal data of EU/EEA residents, Clyros Tech acts as data processor on behalf of client (data controller). We implement measures aligned with GDPR requirements:

  • Process data only on documented instructions from client
  • Ensure personnel processing data are bound by confidentiality
  • Implement appropriate technical and organizational measures
  • Assist client with data subject rights requests where applicable
  • Support client with data breach notification obligations
  • Delete or return personal data at engagement conclusion

HIPAA Awareness (US Healthcare)

For US healthcare engagements involving Protected Health Information (PHI), Clyros Tech operates as Business Associate. We implement safeguards aligned with HIPAA requirements:

  • Execute Business Associate Agreement (BAA) before PHI access
  • Implement physical, technical, and administrative safeguards
  • Encrypt PHI at rest and in transit
  • Maintain audit logs of PHI access and modifications
  • Report security incidents per BAA requirements
  • Provide breach notification assistance where applicable

Other Regulatory Contexts

Clyros Tech structures delivery to align with various regulatory frameworks based on client context:

  • SOC 2: Security practices aligned with Trust Services Criteria
  • PCI-DSS: Controls for payment card data environments
  • FedRAMP: Security controls for US government cloud services
  • Industry Standards: ISO 27001, NIST frameworks, sector-specific requirements

Security & Access Controls

Access Management

  • • Principle of least privilege for all system access
  • • Multi-factor authentication enforced for sensitive systems
  • • Regular access reviews and recertification
  • • Immediate access revocation upon role change or separation

Data Encryption

  • • Encryption at rest using industry-standard algorithms
  • • TLS 1.2 or higher for data in transit
  • • Secure key management practices
  • • Full disk encryption on devices accessing client data

Network Security

  • • VPN or secure access methods for client system connectivity
  • • Network segmentation and firewall controls
  • • Intrusion detection and prevention where applicable
  • • Regular security assessments and vulnerability management

Logging & Monitoring

  • • Audit logs maintained for system access and modifications
  • • Security event monitoring and alerting
  • • Log retention per engagement requirements
  • • Incident detection and response procedures

Client Responsibilities & Shared Accountability

Data privacy and compliance operate under shared responsibility model. Clyros Tech implements agreed controls and follows client instructions. Clients retain ultimate accountability for their compliance obligations.

Client Responsibilities Include:

  • Determining applicable regulatory requirements and informing Clyros Tech of compliance obligations
  • Providing clear instructions regarding data handling and processing limitations
  • Establishing appropriate contracts (DPAs, BAAs, SCCs) before data transfer
  • Conducting own risk assessments and due diligence on vendor arrangements
  • Monitoring Clyros Tech compliance with agreed data protection terms
  • Responding to data subject requests, breach notifications, and regulatory inquiries

Clyros Tech Responsibilities Include:

  • Implementing security controls appropriate to data sensitivity
  • Processing data only per client instructions
  • Maintaining confidentiality and access restrictions
  • Assisting with compliance activities where specified in agreements
  • Reporting security incidents and potential breaches promptly
  • Cooperating with audits and assessments per engagement terms

Data Privacy Inquiries

Organizations with specific data protection or compliance questions are encouraged to discuss requirements during initial engagement conversations. We address data handling, regulatory alignment, and contractual frameworks before project commencement.

Contact us at info@clyrostech.com with information about your regulatory context and data protection requirements.

Related Information

Global Delivery & Presence →

International client support and distributed delivery approach.

Security Capabilities →

Security engineering practices and compliance frameworks we support.