At Ynput, we understand that in the creative industry, your intellectual property is your most valuable asset. Securing your pipeline is not an afterthought; it is the foundation of our architecture. We are committed to maintaining the highest standards of data protection, aiming for industry-leading certifications to ensure your studio’s data remains private, secure, and available.

1. Compliance & Certifications

SOC 2 Type 2 (In Progress)

AYON is currently undergoing the audit process for SOC 2 Type 2 compliance. We align our internal controls with the AICPA Trust Services Criteria:

• Security: Protecting system resources against unauthorized access.

• Availability: Ensuring the system is available for operation and use.

• Confidentiality: Protecting information designated as confidential.

ISO 27001 (In Progress)

We are implementing a rigorous Information Security Management System (ISMS) aligned with ISO/IEC 27001 standards. This ensures a systematic approach to managing sensitive company information, encompassing people, processes, and IT systems.

TTPN Alignment (Threat, Technology, Policy, Network)

We recognize that many of our clients operate within TTPN-certified environments. AYON is architected to integrate seamlessly into these high-security workflows. Our deployment models support the strict network segregation and policy enforcement required by major content owners.

2. Data Access & Support Protocols

Access to Client Data

We strictly enforce the principle of Least Privilege. AYON personnel do not have standing access to client production data.

• Consent-Based Access: AYON support engineers access customer data only when explicitly authorized by the client via a support ticket or formal request.

• Time-Bound Privileges: Access grants are temporary, strictly scoped to the issue at hand, and automatically revoked upon ticket resolution.

• Audit Trails: Every internal access event by AYON staff is logged, timestamped, and tied to a specific identity and support case ID.

Physical & Environmental Security

For our SaaS offering, AYON utilizes industry-leading cloud infrastructure providers (AWS/Hetzner) that maintain ISO 27001, SOC 2, and PCI DSS compliance.

• Data Center Security: Physical access to the underlying hardware is controlled by the cloud provider using biometric scanning, video surveillance, and 24/7 security guards.

• Shared Responsibility: While our providers secure the concrete, AYON secures the logical perimeter using strictly defined security groups, VPC peering, and encryption.

3. Infrastructure & Network Security

Secure Deployment Models

AYON offers flexible deployment options to match your risk profile:

• SaaS: Hosted on enterprise-grade cloud infrastructure with strict logical isolation.

• Self-Hosted / Hybrid: For studios with air-gapped requirements or strict on-premise mandates, AYON can be deployed within your private VPC or local hardware, giving you total control over the network perimeter.

Data Encryption

We employ a defense-in-depth encryption strategy:

• In Transit: All data transmitted between the client, the AYON server, and integrations is encrypted using TLS 1.2+ protocols (preventing downgrade attacks).

• At Rest: Data stored within the AYON ecosystem is encrypted using AES-256 standards. Key management procedures are strictly governed by our ISMS.

4. Product Security & Access Control

Identity and Access Management (IAM)

• Single Sign-On (SSO): AYON supports SAML 2.0 and OIDC, allowing you to enforce your own identity policies via Okta, Azure AD, or Google Workspace.

• Granular Permissions (RBAC): Our Role-Based Access Control allows you to define precise access levels for artists, producers, and admins.

Secure Software Development Life Cycle (SDLC)

Security is baked into our code, not bolted on.

• Code Review: All code changes require peer review and automated checks before merging.

• Vulnerability Scanning: Automated static (SAST) and dynamic (DAST) analysis tools run in our CI/CD pipeline.

• Remediation SLAs: We maintain strict Service Level Agreements for vulnerability remediation based on CVSS severity:

  • Critical (CVSS >= 9): Patched within 14 days.

  • High (CVSS 7-8.9): Patched within 30 days.

• Dependency Management: We continuously monitor third-party libraries for known CVEs using automated supply chain security tools.

5. Business Continuity & Disaster Recovery

We maintain a rigorous backup strategy designed to minimize data loss (RPO) and downtime (RTO). Retention policies are tiered based on the chosen service plan:

AYON Pro Plan

Designed for standard production cadences.

• Daily Backups: Retained for a minimum of 3 days.

• Weekly Backups: 1 snapshot retained from 7 days prior.

AYON Studio Plan

Designed for high-velocity environments requiring granular recovery points.

• High-Frequency Snapshots: 4 backups retained for the trailing 16 hours.

• Daily Backups: 3 daily snapshots retained.

• Weekly Backups: 2 weekly snapshots retained for extended rollback capability.

Recovery Testing: We test our recovery procedures annually to verify our RTO/RPO targets.

Incident Response: Our Security Incident Response Team (SIRT) maintains a 24/7 readiness posture. In the event of a confirmed data breach involving personal data, we are committed to notifying affected parties without undue delay, aligning with GDPR (72-hour) requirements.

6. Data Privacy (GDPR)

We are fully committed to data privacy. We act as a Data Processor for our clients:

• Data Residency: Options available for region-specific data storage (e.g., EU-only) to comply with local sovereignty laws.

• Right to Erasure: Automated workflows to handle data subject access requests (DSAR).

• Subprocessors: We maintain an up-to-date list of all third-party vendors, all of whom are vetted for SOC 2 or ISO 27001 compliance.

Report a Concern

Security is a community effort. If you believe you have found a vulnerability in AYON, please contact our security team immediately at [security-email-placeholder]. We operate a responsible disclosure program to recognize researchers who help keep our platform safe.

Last Updated: 10.12.2025