Security & trust

How YORYX protects your business data.

Security is not a feature we add later — it is how every YORYX product is built. Here is what that means in practice.

How we protect your data

Data is encrypted in transit (TLS) and at rest. Sensitive documents are encrypted per-organization with AES-256-GCM before they touch storage.

Every row is scoped to your organization and enforced by database row-level security. One database per country keeps data within its jurisdiction.

Every service runs on a minimal Wolfi container as a non-root user, with a read-only filesystem and all Linux capabilities dropped.

Authentication is handled by a dedicated identity provider with OpenID Connect and FIDO2 step-up for sensitive actions.

We build to Moroccan data-protection rules (CNDP) with data residency, declared purposes, and retention limits per document type.

Found a vulnerability? We welcome reports and respond quickly — no legal threats for good-faith research.

Email our security team. We acknowledge every report and keep you posted on the fix.