Skip to content
Experiencing a Breach?Blog
Get StartedContact Us
Decoyly

security

Security built in, not bolted on.

We practice what we preach. Our platform is built on the same principles we use to protect our customers.

compliance

Certified and audited.

SOC 2 Type II

Certified

ISO 27001

Certified

GDPR

Compliant

UK GDPR

Compliant

practices

How we secure the platform.

Zero Trust Architecture

Every request is verified, authenticated, and authorized before access is granted. We never trust, always verify.

End-to-End Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Encryption keys are managed with hardware security modules (HSMs).

Regular Penetration Testing

We conduct quarterly penetration tests by independent security firms and maintain a responsible disclosure program.

Security Operations Center

Our 24/7 SOC monitors platform security, responds to incidents, and ensures continuous threat detection.

Infrastructure Security

Multi-region redundancy, DDoS protection, and infrastructure-as-code with automated security scanning and compliance checks.

Access Controls

Role-based access control (RBAC), multi-factor authentication (MFA), and just-in-time privilege elevation for all team members.

incident response

When seconds matter.

Our incident response timeline ensures you're never left in the dark.

< 15 min

Security incident detected and triaged

< 1 hour

Customer notification for critical issues

< 4 hours

Incident contained and mitigated

< 48 hours

Post-incident report delivered

data protection

Your data stays yours.

We're a processor, not an owner. Your security data remains under your control at all times. We never sell or share your data with third parties.

  • Data residency options in UK, EU, and US regions
  • Customer-managed encryption keys (CMEK) available
  • Automated data deletion upon account closure
  • Granular data access logging and audit trails
  • GDPR and UK GDPR compliant data processing
security_architecture.json
{
  "encryption": {
    "transit": "TLS 1.3",
    "at_rest": "AES-256-GCM",
    "key_management": "HSM-backed"
  },
  "access": {
    "authentication": "SSO + MFA",
    "authorization": "RBAC + ABAC",
    "session": "short-lived tokens"
  },
  "infrastructure": {
    "isolation": "dedicated VPCs",
    "monitoring": "24/7 SOC",
    "backups": "encrypted, multi-region"
  },
  "compliance": {
    "certifications": ["SOC2", "ISO27001"],
    "frameworks": ["GDPR", "UK GDPR"]
  }
}

responsible disclosure

Found a vulnerability?

We welcome security researchers to responsibly disclose vulnerabilities. Our bug bounty program rewards valid findings based on severity and impact.

Report a vulnerabilityBug bounty program

PGP Key: security@decoyly.com

deploy

See an attacker walk into the trap.

Book a 30-minute live demo. We'll deploy a Decoyly grid in a sandbox and run a real intrusion against it — start to containment.

Request a demoExplore the platform