Security
How CyberFence Is Built
CyberFence was engineered by professionals who have secured enterprise and government networks. This page describes the security decisions behind the platform — from the wire to the app to how we handle reports.
Encryption in Transit
TLS 1.3 and AES-256-GCM on the Wire
Traffic between your device and CyberFence is protected with modern transport encryption. The VPN tunnel uses AES-256 — the same standard trusted by the US government and military — so intercepted data is unreadable to anyone in between.
Connections to CyberFence web services are served over TLS 1.3, the current standard for secure transport, with older and weaker protocols disabled.
Encryption at Rest
Payment Data We Never Touch
CyberFence does not store your card details. Billing is handled through RC Billing on top of Stripe, so sensitive payment data is processed and stored by Stripe under its own PCI-compliant security controls — never on our servers.
The limited account data we do hold — your email and subscription status — is stored on US infrastructure with access restricted to what's required to run the service.
Infrastructure
US-Based, Hardened, and Minimal
CyberFence runs on US-based server infrastructure architected for both privacy and performance. The zero-logs design means the servers handling your traffic keep no browsing history, IP addresses, DNS queries, or session records.
Collecting less data is itself a security control: what isn't stored can't be leaked, subpoenaed, or stolen.
Application Security
Native Apps on Every Platform
CyberFence ships native applications built with each platform's first-party tooling, so security updates and OS-level protections apply directly:
- iOS and iPadOS — built in Swift
- Android — built in Kotlin with Jetpack Compose
- Windows and Mac — built on .NET
- Web app — built in Angular, served over TLS 1.3
Vulnerability Disclosure
Found Something? Tell Us.
We welcome reports from security researchers. If you believe you've found a vulnerability, email security@cyberfenceplatform.com with enough detail for us to reproduce the issue.
We ask that you give us a reasonable window — up to 90 days — to investigate and remediate before any public disclosure, and that you avoid accessing or modifying other users' data while testing. We'll acknowledge your report and keep you updated on our progress.
Incident Response
A Clear Path When Something Goes Wrong
Security reports and suspected incidents route to a dedicated inbox monitored by our security team at security@cyberfenceplatform.com. Reports are triaged by severity, investigated, and remediated.
Because CyberFence stores so little user data by design, the blast radius of any incident is architected to be as small as possible.
Compliance-Ready Documentation
Paperwork Your Auditor Will Ask For
CyberFence is built for regulated teams — healthcare practices, law firms, financial advisors, and defense contractors — that need documented security to satisfy their frameworks.
- HIPAA Business Associate Agreement (BAA) available for eligible teams
- Data Processing Addendum (DPA) — see /legal/dpa
- Documentation to support HIPAA, NIST, CMMC, and SEC requirements