Trust & Security Center page
Security and privacy are at the center of how Anyo is built and operated. This page summarizes the controls we use to protect data and keep systems reliable.
Security Overview
Information Security Management
Internationally recognized security standards for data protection
Annual Independent VAPT
Third-party vulnerability assessment and penetration testing
End-to-End Encryption
Your data is encrypted before transmission with keys only you hold
Encryption in Transit
TLS 1.3 encryption protects data moving between systems
Encryption at Rest
AES-256 encryption secures stored data in our infrastructure
Monitoring & Incident Response
24/7 security monitoring with rapid incident response protocols
Scope of certificate
Design, development, deployment, and management of digital wellness platforms and mobile applications under the brand Anyo, including storage, processing, and protection of user data, analytics, and associated IT operations.
ISO 27001:2022 Certification
Information Security Management System- Standard: ISO 27001:2022 certified ISMS
- Certification Body: CDC Standards Certifications
- Certificate Number: 10252700101
- Date Of Initial Registration: 25/10/2025
- Registration validity: October 24, 2026
- Recertification date: October 24, 2026
Encryption
We protect data with encryption during transfer and storage, and we use end-to-end encryption for user content across Anyo.
End-to-end encryption
User content is end-to-end encrypted. Only intended participants can access the content.
In transit
Data is encrypted while moving between devices and our services.
At rest
Data is encrypted when stored in our systems and backups.
Metadata
Some operational metadata (such as timestamps, delivery status, device/app signals) may be processed to run and secure the service.
Independent Security Testing
We conduct an annual Vulnerability Assessment & Penetration Test through an independent security vendor. Findings are prioritized by severity and tracked through remediation to closure.
Frequency
Annual
Coverage:
Web, mobile, and API testing as applicable
Remediation
High and critical issues prioritized first
Evidence
Sanitized attestation letter available on request
Access Control
Access to systems and data is restricted and reviewed using least-privilege principles.
- Role-based access control
- Limited production access for authorized personnel
- Regular access reviews
- Audit logs for sensitive actions
Secure development
Security is built into how we develop and ship software.
- Code review for production changes
- Secure coding practices
- Dependency and vulnerability checks
- Change tracking for releases
Infrastructure and reliability
We protect platform reliability with layered controls.
- Monitoring and alerting
- Backups and recovery processes
- Controlled network access and isolation
- Availability design for critical systems
People and process
Security is supported by training and clear operational processes
- Confidentiality obligations for employees and contractors
- Security awareness training
- Incident response process with escalation
- Audit logs for sensitive actions
Report a security concern
We take security seriously. Help us keep our platform safe.
