Security.
Carriyo's security controls at a glance, authentication, data protection, network ingress, tenant isolation, plus how to obtain detailed trust documents.
Updated May 31, 20261 min read
Standard controls
Network
TLS-only ingress, WAF, DDoS protection, internal segmentation.
Encryption at rest
All tenant data is encrypted on storage.
Tenant isolation
Per-tenant data scoping, hybrid isolation model, cross-tenant controls.
RBAC
Role-based access control for API clients and Dashboard users.
Privacy and data protection
Carriyo supports GDPR right-to-erasure through the data redaction endpoint, see Data redaction.
Trust documents
SOC 2 reports, the ISO 27001 certificate, our Data Processing
Agreement, completed security questionnaires, and pen-testing
rights are available on request. Contact your account manager,
or email security@carriyo.com.
Reporting a vulnerability
Report suspected vulnerabilities to security@carriyo.com. Do
not test against production tenant data without prior written
authorization.