Enterprise-grade security & compliance

The security of your data is our top priority at all times.

Encryption & Infrastructure

Encryption of all data in transit (using TLS 1.2 or higher) and at rest (through AES-256). Canyon leverages EU-hosted AWS servers and operates in multiple zones to create robustness against downtimes.

Cybersecurity & Operational Security

Canyon complies with an annual penetration and vulnerability testing by the leading infosec company Bishop Fox (full details here). Tests allows Canyon to proactively identify and remediate any security vulnerabilities.

Information Security Policies

Canyon's standard operating policies include policies governing IT assets, access controls, internet access policies, antivirus policies, remote access policies, and other information security policies. We provide a copy of those policies upon request.

GDPR Compliance

As part of its formal commitment to comply with the EU General Data Protection Regulation, Canyon maintains a Data Processing Addendum (signed version available on request), Records of Processing Activities and a Personal Data Breach Detection & Reporting Policy.

User Permission Management

Canyon operates according to a strict need-to-know access basis and conducts regular checks to ensure that Canyon personnel are only granted the permissions they need to conduct their job functions. No Canyon personnel has ever access to contracts and documents.

Security is our top priority

For our Acceptable Use Policy, Business Continuity Plan, Vulnerability Disclosure Policy, Information Classification, Handling and Retention Policy, or other information security documentation, please reach out to your sales or customer success representative. Report any issues to security@canyonlegal.com.