◆ For enterprise

Run zyan on your terms.

Holding groups, in-house digital teams, and regulated agencies run zyan on dedicated infrastructure with contract-grade controls. Here’s what that looks like.

Talk to sales →See security posture

// enterprise.ledgerwhat’s included, negotiated, or dedicated

regionus-east-1 default · eu / apac on request

compute_poolsingle-tenant · pinned to your region

audit_logimmutable · 30d · 1y · custom retention

sso_samlOkta · Azure AD · Google · OneLogin · JumpCloud · Auth0

scimuser + group provisioning via SCIM 2.0

data_residencyat-rest encryption per-tenant · TLS 1.3 in transit

contractMSA + DPA + SCCs on request

support_sla4-hour response · named success engineer

◆ What’s dedicated

Three surfaces. Tuned per contract.

Everything below is contract-negotiable. Start with the defaults; tighten to what your procurement and security teams need.

Identity

SAML SSO day one, SCIM day ninety. Role-based workspace scopes per team. JIT user provisioning so onboarding keeps pace with hiring.

SAML SSO (Okta, Azure AD, Google Workspace, OneLogin, JumpCloud, Auth0)
SCIM 2.0 provisioning with groups
Role-based workspace and project scopes

Infrastructure

Single-tenant compute pools pinned to your region. Dedicated subnets. No noisy neighbours on the workspace that ships your brand work.

Dedicated AWS region (US, EU, APAC on request)
Single-tenant container pools
Custom compute ceilings and reserved burst

Governance

Audit retention that matches your regulator, a trust packet that matches your security committee, and a DPA your legal team will sign.

Immutable audit log · custom retention
SOC 2 Type II · target Q3 2026
HIPAA BAA + DPA + SCCs on request

◆ SSO providers

Day-one identity providers.

Configure SSO from workspace admin. SCIM provisioning included on Enterprise — user and group sync, JIT provisioning, deprovisioning on offboarding.

Okta

Azure AD

Google Workspace

OneLogin

JumpCloud

Auth0

Using a different IdP? Email security@heckofawebsite.com and we’ll confirm SAML / OIDC compatibility.

◆ Procurement bundle

One PDF. Everything procurement asks for.

We pre-bundle the documents your security committee, legal team, and CISO will request on day one — so the security review starts on the same day as the call, not three weeks later.

zyan-procurement-bundle.pdfPDF · ~1.4 MB · last updated 2026-04 · NDA requiredRequest bundle

// what's inside

MSA + DPA + SCCs (Word, ready for redline)
SOC 2 Type I report (Q1 2026, NDA-gated)
SIG-lite + CAIQ — pre-filled
Subprocessor list with current DPAs on file
Insurance certificate (Cyber + E&O)
Penetration test executive summary (2026-02)
Incident response runbook
Architecture overview + data-flow diagram

◆ Security questionnaire pre-fills

SIG-lite + CAIQ, answered.

Common rows from SIG-lite and the Cloud Security Alliance CAIQ, with our standard answers. Copy them straight in — they match what your reviewer will get on the full questionnaire under NDA.

request CSV

ACCESS3 answered

IAM-08

Multi-factor authentication required for admins?

Yes — TOTP or hardware key, enforced for all workspace admins.

IAM-12

SAML SSO supported?

Yes — Agency+. Okta, Azure AD, Google Workspace, OneLogin, JumpCloud, Auth0.

IAM-14

SCIM provisioning supported?

Yes — Enterprise. SCIM 2.0 with group sync and JIT provisioning.

DATA3 answered

EKM-01

Customer data encrypted at rest?

AES-256 with per-tenant keys. Keys rotated annually.

EKM-04

Encrypted in transit?

TLS 1.3 externally. Internal service mesh uses mTLS.

DSI-07

Data deletion on contract termination?

30-day soft delete, then permanent purge. Confirmation email on completion.

COMPLIANCE3 answered

AAC-02

SOC 2 status?

Type I — completed Q1 2026. Type II — target Q3 2026.

AAC-04

HIPAA BAA available?

On request — Enterprise only. BAA template ready for signature.

GRM-09

GDPR compliance?

DPA + SCCs available. EU data residency on request.

OPERATIONS3 answered

BCR-01

Backup frequency and retention?

Daily encrypted backups, 30-day retention, immutable storage.

BCR-04

Disaster recovery RTO / RPO?

RTO 4 hours, RPO 1 hour for production workspaces.

SEF-04

24/7 incident response?

Yes — paged on P0 / P1 events. Customer notification within 72 hours per GDPR.

APP SECURITY3 answered

TVM-02

Penetration test cadence?

Annual third-party test. Last: 2026-02. Executive summary on request.

TVM-04

Vulnerability disclosure program?

security@heckofawebsite.com. Public PGP key on request.

AIS-01

Secure SDLC and code review?

Mandatory peer review. SAST + dependency scans on every PR.

VENDOR1 answered

STA-04

Subprocessors documented and DPA-bound?

Yes — public list at /security#subprocessors. Annual vendor review.

Need a row that’s not here, or your team uses a different framework (ISO 27001 Annex A, NIST 800-53)? Email security@heckofawebsite.com — we’ll route the question to whoever owns the answer.

◆ Service-level commitments

Targets in writing. Credits when we miss.

Rolling 30-day measurements. SLA credits paid in workspace-month equivalents on the next invoice. Custom SLAs on Enterprise contracts.

Workspace + API uptime: 99.95%; Pro-rated credits at 99.9 / 99.5 / 99.0 bands
Critical incident response (P0): 1 hour; 24/7 — paging on contract
High-priority response (P1): 4 hours; Business hours — extended on contract
Standard response (P2 / P3): Next business day; Email + Slack
Recovery — RTO / RPO: 4 hr / 1 hr; Production workspaces

◆ Region availability

Where your dedicated compute can land.

Pick a region during your contract conversation. Live regions are always-on. Soon and roadmap regions can be reserved in advance — we’ll honour your timeline.

Liveus-east-1N. VirginiaDefault region · always-on
Liveus-west-2OregonAvailable for west-coast latency
Liveeu-west-1IrelandEU data residency on request
Sooneu-central-1FrankfurtQ3 2026 · DACH-region requests
Soonap-southeast-1SingaporeQ4 2026 · APAC rollout
Roadmapap-northeast-1TokyoTargeting 2027 · talk to sales for pilot
Roadmapca-central-1Canada CentralTargeting 2027
On requestus-gov-west-1AWS GovCloud (US)For federal & regulated U.S. workloads
On requeston-premOn-prem / private cloudCustom deployment · 50+ seat contracts

◆ Compliance roadmap

A calendar, not a wish list.

If a milestone slips, this page moves. Everywhere else we talk about enterprise compliance points back here.

Q1 2026
SOC 2 Type I
Report available on request.
Q2 2026
Public launch + SSO hardened
Shipping June 1st.
Q3 2026
SOC 2 Type II
Full Type II report.
Q4 2026
ISO 27001 roadmap + HIPAA BAA
Gap analysis + BAA available.

◆ Talk to sales

Procurement-friendly. Security-signable.

Tell us about your org and what your procurement team needs. We’ll send over the right bundle — MSA, DPA, SOC 2 posture, subprocessor list, or a full trust packet — within one business day.

MSA + DPA + SCCs ready for signature
SOC 2 Type I report available on request
Named success engineer assigned on contract
Custom pilot for teams >200 seats

Already know what you need? Email sales@heckofawebsite.com.