Our approach
CIA Development, LLC is a small, senior product studio. We keep our attack surface deliberately small: a hardened cloud footprint, modern TLS everywhere, least-privilege access, and a build pipeline that reviews and scans code before it ships. We are not currently SOC 2 or ISO 27001 certified — we believe in being straight about that — but the practices below reflect what we actually do today, and we're glad to complete security questionnaires and sign NDAs for client engagements.
Documentation
Security Practices
Encryption, access control, infrastructure, secure development, monitoring, and resilience.
Read →Privacy Policy
What personal data we collect, why, how long we keep it, and your rights over it.
Read →Subprocessors
The third-party services we rely on to deliver ours, and what each one handles.
Read →Vulnerability Disclosure
How to report a security issue to us, our commitments, and safe-harbor terms.
Read →Terms of Service
The terms that govern use of this website and our engagements.
Read →Data Processing Addendum
Our DPA for clients who need a signed agreement covering data we process for them.
Read →Compliance posture
We are transparent about where we stand so your assessment is accurate:
- Certifications: none held today (no SOC 2, ISO 27001, or PCI). We can discuss a roadmap if a certification is a requirement for your engagement.
- Privacy regulations: we align our handling of personal data with GDPR and CCPA/CPRA principles — see the Privacy Policy.
- Hosting: our production systems run on Google Cloud Platform, inheriting their physical and environmental security controls (Google holds SOC 2, ISO 27001, and more).
- Vendor reviews: we'll complete your security questionnaire and sign a mutual NDA — reach out to security@cia.dev.
Contact
- Security & disclosures
- security@cia.dev · security.txt
- Privacy requests
- security@cia.dev
- General / sales
- cia.dev/#contact