Trust Center

Security & privacy at Olyteck Cyber

How we protect your Microsoft 365 data, where it lives, who can touch it, and the documents you need for procurement. Updated continuously.

EU
Hosting region
France · European Union
🔒
Encryption
TLS 1.2+ · AES-256 at rest
M
Authentication
Microsoft Entra ID · MFA inherited
📄
Content scanned
Metadata only · no file contents

Our security posture in one paragraph

Olyteck Cyber is a Microsoft 365 security posture scanner hosted in the European Union. We authenticate users through your own Microsoft Entra ID tenant, read configuration and permission metadata through Microsoft Graph, and store only the aggregate findings on our servers — the detailed evidence behind each finding stays in your administrator's browser. We do not read message bodies, file contents, or attachments. Every transit uses TLS 1.2 or higher, every byte at rest is encrypted with AES-256, and access by Olyteck staff is restricted to a small set of named operators and logged.

Sales & security questionnaires
Need a vendor security questionnaire filled in, or a custom NDA-protected document pack? E-mail support@olyteck.com — typical turnaround is one to two business days.

Documents

Public documents are available below. Documents marked NDA are released to qualified prospects and customers after a mutual non-disclosure agreement.

Public

SEC
Security & Architecture Documentation
Full Word document · v1.0 · May 2026
DPA
Data Processing Agreement (DPA)
PDF · with EU SCCs annex · v1.0
GDPR
GDPR Compliance One-Pager
PDF · article-by-article mapping
SP
Sub-processor list
PDF · also listed below · last reviewed May 2026
MS
Microsoft Graph permissions one-pager
PDF · scope-by-scope justification
ISP
Information Security Policy — exec summary
PDF · 2 pages · signed
DAST
Latest production DAST scan CLEAN
PDF · 1 June 2026 · 0 High · 0 Medium · 0 Low · OWASP ZAP

Available under NDA

ISP
Information Security Policy — full NDA
Signed PDF · request via e-mail
SDL
Secure Software Development Lifecycle NDA
Full document · request via e-mail
PEN
External penetration test summary NDA
Redacted summary · most recent
BCP
Business Continuity exercise report NDA
Dated · with RTO/RPO achieved
ARC
Detailed architecture & network diagrams NDA
PDF · data flow, network topology
RR
Risk register — exec summary NDA
Sanitized · reviewed quarterly

Certifications & assurance

Where we are today and what we are working toward.

CSA STAR Level 1 — listed GDPR — compliant EU-only data residency Hosting provider: ISO 27001 + SOC 2 audited OWASP ZAP DAST — production scan clean (June 2026) External penetration test — annual SOC 2 Type II — on roadmap ISO 27001 — on roadmap

Verify our STAR listing directly at cloudsecurityalliance.org/star/registry/olyteck. Submitted CAIQ v4.0.3 available on request.

Frameworks our controls align to
ISO/IEC 27001 & 27002 · SOC 2 Trust Services Criteria · OWASP ASVS · CIS Critical Security Controls · GDPR · CSA Cloud Controls Matrix v4. Mapping documents available under NDA.

Sub-processors

Carefully selected, contractually bound. Last reviewed May 2026.

Sub-processorServiceRegion
Microsoft CorporationMicrosoft Entra ID authentication + Microsoft Graph (customer-controlled tenant)Customer-controlled
EU cloud hosting providerInfrastructure-as-a-service hosting of application, database, backupsEuropean Union (France)
Stripe Payments Europe, Ltd.Card payment processing & subscription billingEuropean Union / Ireland
Microsoft 365 (Exchange Online)Transactional & notification e-mail deliveryEuropean Union
Cloudflare, Inc.DNS & edge protection for the public marketing surfaceGlobal (with EU PoPs)

Subscribe to sub-processor change notifications to receive 30-day notice of any material change.

Status & incident response

Live system status is published at status.olyteck.com (going live in Phase 2). Customers are notified of personal-data incidents without undue delay and within 72 hours, in line with GDPR Article 33.

Report a security issue

Customers and third parties can report a suspected security issue to support@olyteck.com. We acknowledge receipt within one business day and engage a responder.

Talk to us

Need a vendor security questionnaire filled in?

We pre-write most answers. Send us your template and we usually return it inside two business days.

support@olyteck.com

Sign an NDA & get the full pack

Detailed S-SDLC, pentest summary, BCP exercise report, full architecture diagrams.

Request the pack