Trust

Security

How we protect your data and run analysis code safely.

Last updated: 18 July 2026

A sandboxed, private analysis

Security is central to KyroStat because we run analysis code on data you upload. This page describes the measures we take. We do not claim formal certifications (such as SOC 2 or ISO 27001); we describe here only what we actually do.

Encryption in transit

All traffic between your browser and KyroStat is encrypted with HTTPS (TLS). Authentication tokens are stored in HttpOnly, SameSite cookies so they are not accessible to page scripts.

Account isolation

Each account's projects and data are logically separated. A request can only access the data belonging to the authenticated account that owns it.

Sandboxed code execution

AI-generated Python and R runs in a locked-down, ephemeral container that is created for a single job and destroyed afterwards. Each sandbox:

  • has no network access at all;
  • runs as a non-root user with every Linux capability dropped and no privilege escalation;
  • uses a read-only root filesystem with only a small temporary work area;
  • mounts only that one job's data, read-only;
  • is bounded by strict memory, CPU, process, and time limits; and
  • runs under a restrictive system-call filter.

Minimal data to the AI provider

Our AI provider receives only column summaries and descriptive statistics to recommend tests and generate code, never your raw data rows. The generated code is executed by us in the sandbox described above. See the Privacy Policy for details on data sharing.

Access and operations

Access to production systems is restricted to the people who operate the Service and is protected by key-based authentication. We keep our dependencies and server software updated.

Your part

Use a strong, unique password, keep your login credentials private, and only upload data you are permitted to use. If you believe your account has been compromised, contact us immediately.

Reporting a vulnerability

We welcome responsible disclosure. If you find a security issue, please email support@kyrostat.com with details and steps to reproduce, and give us a reasonable opportunity to fix it before public disclosure. Please do not access or modify other users' data, degrade the Service, or run automated scans that could disrupt it.