Security Statement

Security at Chrysalis

Security is foundational to how we build. Everything we design begins with the same premise: individuals deserve technology that protects their identity, honors their consent, and safeguards the context they choose to share.

Perimeter protections

Chrysalis is hosted on Google Cloud Platform (GCP) within a private VPC. All public traffic to the frontend and backend (API) Cloud Run services is terminated at a Google Cloud external HTTPS load balancer protected by Cloud Armor Web Application Firewall (WAF), which enforces rules against common web exploits (e.g., SQL injection, XSS) and abusive traffic patterns. Application services (frontend and API) run on Cloud Run behind this edge, while backend data stores (e.g., Cloud SQL) are only accessible via private network paths and have no public IP exposure. Network‑level access is controlled through GCP VPC firewalls and IAM, secrets (e.g., database credentials, API keys, JWT secrets) are managed in Google Cloud Secret Manager, and all services are continuously monitored using Cloud Logging and Cloud Monitoring for anomalous or suspicious activity.

Independent security reviews and penetration testing

Independent security reviews and penetration tests are conducted on a regular basis to validate the security posture of Chrysalis. Penetration testing of internet‑facing applications and supporting infrastructure is performed by a combination of internal security engineers and qualified third‑party providers, at least annually and following any major architectural or feature change. Identified findings are triaged, prioritized by risk, tracked to remediation, and re‑validated where appropriate to ensure effective resolution.

Vulnerability Management

Chrysalis maintains an active vulnerability management program that includes:

  • Continuous dependency monitoring (e.g., Dependabot)

  • Monthly internal vulnerability scans

  • Annual third-party penetration tests

  • Remediation timelines:

    • Critical: within 7 days

    • High: within 30 days

    • Medium: within 90 days

    • Low: as prioritized

All findings are tracked to closure.

Zero-Access Architecture

Chrysalis is designed so that Vault contents and identity context remain unreadable to Chrysalis unless a user explicitly grants temporary permission.
Our architecture ensures:

  • All personal content is encrypted client-side or at the application boundary

  • Chrysalis cannot view or derive the meaning of stored content

  • The C-Key consent model governs any access, movement, or sharing of data

This structural protection is foundational to the platform.

Reliable, Resilient Infrastructure

Chrysalis is hosted on Google Cloud Platform (GCP) in the us-central1 region, using managed services including Cloud Run for application workloads and Cloud SQL for PostgreSQL for data storage. Cloud Run provides multi‑zone redundancy and automatic scaling, while Cloud SQL is configured with regional high availability, automated daily backups, and point‑in‑time recovery to mitigate the risk of downtime or data loss.

Our environments are continuously monitored using Cloud Logging and Cloud Monitoring for centralized logs, metrics, and alerts, with Query Insights enabled on Cloud SQL to detect and diagnose performance issues. Infrastructure changes are managed via Terraform and GitHub Actions, enabling controlled, auditable deployments and rapid rollback capabilities to help maintain service reliability and availability.

Business Continuity & Disaster Recovery

Chrysalis maintains a documented business continuity and disaster recovery program, including:

  • RPO (Recovery Point Objective): < 24 hours

  • RTO (Recovery Time Objective): < 24 hours

  • Multi-zone redundancy via GCP Cloud Run and Cloud SQL

  • Automated backups with point-in-time recovery

  • Regular testing of restore procedures and infrastructure-as-code redeployment

These controls support service reliability and resilience.

Security by Design

We develop Chrysalis using intentional, security‑first design principles across our infrastructure and application lifecycle. All changes are made via infrastructure‑as‑code in Terraform, go through pull‑request–based code review with branch protection rules on main, and are applied only by automated CI/CD workflows, ensuring changes are peer‑reviewed, auditable, and consistently deployed. Secrets such as database credentials, API keys, and JWT secrets are never committed to source control; they are managed centrally in Google Cloud Secret Manager and accessed at runtime via dedicated service accounts with least‑privilege IAM.

Our CI pipeline runs automated tests and static checks on each change and integrates with dependency and vulnerability scanning (e.g., Dependabot and similar tooling) to keep libraries and infrastructure components up to date and reduce exposure to known issues. These practices, combined with documented runbooks and controlled rollout/rollback procedures, help ensure that new features are introduced in a disciplined, secure, and reliable manner.

Personnel Security

Chrysalis requires all employees and contractors with potential access to systems or infrastructure to:

  • Complete annual security and privacy training

  • Sign confidentiality and intellectual-property agreements

  • Undergo background checks where permitted by law

  • Use MFA for all privileged systems

  • Pass periodic access reviews and least-privilege audits

Only authorized personnel may access production systems, and access is logged and monitored.

Your Data, Protected

Chrysalis data is encrypted and stored in secure, access‑controlled environments on Google Cloud Platform (GCP). Application data resides in Cloud SQL for PostgreSQL and secrets (such as database credentials, API keys, and JWT secrets) are held in Google Cloud Secret Manager; both are encrypted at rest using Google‑managed keys, and access is restricted via least‑privilege IAM and dedicated service accounts. Logical isolation is enforced through separate projects, private VPC networking, and non‑public data stores, so only explicitly authorized services and identities can reach sensitive data paths.

Cloud SQL is configured with automated daily backups and point‑in‑time recovery to protect against data loss or corruption, and these backups are subject to the same encryption and access controls as primary data. All employees and contractors are bound by strict confidentiality obligations, and our platform is designed to support alignment with global data protection expectations (including GDPR), under the principle that your data is yours and its access and movement are governed by your explicit consent.

Breach Notification

If Chrysalis becomes aware of a data breach that affects your personal data, we will notify you without unreasonable delay and in accordance with applicable laws.

This includes:

  • Within 72 hours for incidents requiring notification under GDPR

  • Notification to individuals as required under U.S. state breach laws

  • Notification to applicable regulators or enterprise partners when legally required

Chrysalis will provide details of the nature of the breach, the data impacted (if determinable within our zero-access architecture), mitigation steps, and actions you may take.

More Information

For additional details, please review our privacy policy and terms of use. Security-related inquiries can be directed to security@chrysalis.

Chrysalis maintains an up-to-date list of authorized Subprocessors at: https://chrysalis.inc/subprocessors