Your data stays on your infrastructure. Here's exactly how.
Self-hosted by design, with sensitive data anonymized before any AI analysis and every action written to an immutable audit trail.
Data flow
Architecture overview
Your Server
- Agent scans locally
- Code stays here
- Data anonymized before sending
syscyber Cloud
- No raw source code
- No IP addresses or hostnames
- No secrets or credentials
6-stage anonymization
Before anything leaves your environment.
IP addresses
Replaced with tokens
Hostnames
Replaced with generic identifiers
Email addresses
Stripped
API keys & secrets
Redacted
Custom patterns
Configurable per organization
PII scan
Final validation pass before transmission
The anonymization engine has 34 dedicated tests. It's not an afterthought — it's the foundation.
What happens to your data in the cloud?
Only anonymized findings are ever sent for AI analysis.
The AI processing layer retains data for a maximum of 7 days, then permanently deletes it.
Your data is never used to train any model.
Enterprise-grade data protections apply to all AI processing.
What runs on your servers?
A single self-contained binary — no heavy runtimes or interpreters to install.
CPU throttled to <5% of available resources.
Offline-capable: results are queued locally and sync when connectivity returns.
Runs as an unprivileged service. No root required for scanning.
Verified on: Ubuntu 20.04/22.04/24.04, Debian 12, RHEL/Rocky 9, Amazon Linux 2023.
Compliance readiness
syscyber is designed with security-first principles. We are working toward:
SOC 2 Type II audit (in progress)
GDPR compliance (data minimization by design)
ISO 27001 alignment
Questions about our security practices?