Answers to everything CISOs actually ask.

No. Cyfriq layers on top of your existing email and productivity provider. Your mailboxes, users and calendars remain with M365, Google Workspace or Zoho. Cyfriq becomes the Identity Provider, DLP engine and audit layer — without requiring E5, Google Enterprise or Zoho One upgrades.

Cyfriq is a unified Enterprise Security Intelligence Platform. It covers the functional scope of a CASB (cloud app controls), an SSE proxy-less DLP layer, an IAM/IdP/SSO platform, and a UEBA tool — in one product. It is not a network-proxy solution; we enforce at the endpoint, the email API and the browser, not at a forwarded gateway.

Native agents for Windows 10/11, macOS 12+ and Ubuntu LTS (other Linux distros on request). Browser extensions for Chrome, Edge and Chromium-based browsers. Mobile enforcement via the Cyfriq Secure Mail app on iOS and Android.

Every successful authentication requires a live heartbeat from the Cyfriq agent within a configurable window (default 15 minutes). If the agent is uninstalled, crashed or deliberately disabled, the IdP denies the login — even if credentials and MFA are valid. This closes the classic "disable the endpoint agent, then exfiltrate via web" attack path.

Yes. During onboarding we run a parser against Forcepoint, Symantec and Microsoft Purview policy exports and translate them to Cyfriq rule syntax. Policies run in monitor-only mode for 7–14 days before enforcement, so you can tune false positives before cutting over.

Fourteen days end-to-end for enterprise tenants — a contracted SLA, not a marketing figure. Day 1 connects the provider. Days 2–7 deploy silent agents via GPO or config profile. Days 7–10 validate policies in monitor mode. Days 10–14 cut over department by department. A 30-day rollback window is retained after go-live.

Zero. Old and new authentication run in parallel until the final department has moved. DLP policies run in monitor mode first — no blocked emails or blocked uploads until you explicitly flip enforcement on, department by department.

Enforcement continues using the cached policy set for up to 14 days of offline operation. Audit events are buffered locally and synced on reconnection. The agent is fail-closed for DLP (blocked by default) and fail-open for authentication (cached credentials allow login) — both behaviours are configurable.

Yes. Native integrations for Splunk, Microsoft Sentinel, IBM QRadar, ServiceNow, Jira and PagerDuty. Everything is also available via a REST API and webhooks, so bespoke integrations are straightforward.

Yes. Pre-built connectors for Workday, SAP SuccessFactors, Darwinbox, Keka and Zoho People. Custom HRMS integration via webhook or SCIM. Leaver actions execute across all connected systems within seconds of the HRMS signal.

All customer data is stored on AWS ap-south-1 (Mumbai) by default. Each tenant has a dedicated AES-256 encryption key held in AWS KMS. US-East and EU-West regions are available on request for global deployments — customer data never traverses regions without explicit customer action.

Cyfriq directly addresses the two highest-penalty DPDP obligations — security safeguards (₹250 Cr) and breach notification (₹200 Cr) — on day one, out of the box. Data minimisation, storage limitation, data principal rights and cross-border transfer are supported via configurable tooling. Consent management remains the customer's legal obligation — we provide supporting evidence only. Full section-by-section mapping on our DPDP page.

Yes — every enterprise customer signs a DPDP- and GDPR-aligned Data Processing Agreement covering processing scope, sub-processor disclosure, 6-hour breach notification, data residency, audit rights and return/deletion. Available for redline review before signature.

Enterprise customers in regulated sectors can request a dedicated single-tenant deployment in AWS India, with customer-managed KMS keys (BYOK), VPC peering and optional air-gapped connectivity. This supports SEBI, RBI, IRDAI, CERT-In, NHA and STQC-gated deployments.

You can export every tenant record via our API at any point during the contract. On termination, we grant a 60-day export window. At T+90 days, all customer data is cryptographically erased (key destruction) with an attested certificate of deletion provided.

SOC 2 Type II (annual), ISO/IEC 27001:2022, ISO/IEC 27701 (privacy information management), HIPAA BAA-ready, GDPR Article 28. Current reports are available on request under NDA via the Cyfriq admin portal.

24×7 on-call rotation. Public status-page update within 15 minutes of SEV1 detection. Customer notifications within 1 hour. DPA-mandated breach notification within 6 hours of a confirmed incident affecting customer data. Full RCA within 72 hours. Public post-mortem within 5 business days for SEV1/SEV2.

Yes — quarterly third-party penetration tests by reputable independent security firms. Attestation letters shared annually with customers. Continuous automated scanning (SAST, DAST, SCA, secrets) in CI. Public bug-bounty programme with safe-harbour disclosure policy.

They don't, by default. Every Cyfriq employee starts with zero access. Customer-tenant access is time-bounded (max 4 hours), justified against a specific support ticket, approved by a second engineer, and logged in an immutable audit trail that customers can review.

Yes. A 30-day, one-department pilot is available on request — no cancellation fee. Success criteria are defined together before signing.

Per seat, billed annually — one unified Enterprise plan, no tiers, no minimum seat count. Every seat includes all five products. Volume discounts apply automatically as seat counts grow. Full detail on our pricing page.

14-day guided onboarding at no extra cost for every customer. This includes provider connection, SCIM user import, IdP setup, agent deployment, policy template configuration, parallel-run validation, department-wise cutover and post-live rollback coverage.

Yes. Indian customers default to INR invoicing from Cyfriq. Multi-currency and group-entity invoicing is available for multinational customers.

24×7 ticketing + phone, 1-hour P1 SLA, dedicated Customer Success Manager included. Customers on dedicated single-tenant deployments also get named on-call engineering and quarterly executive reviews.

Yes — once we've had a scoping call and you're serious about moving forward. We'll put you in touch with a customer in a similar industry and size band.

In April 2026 we rebranded from Sentriq to Cyfriq. Same company, same team, same product, same contracts — new name and a unified brand identity that better reflects the depth of our platform. All existing agreements, pricing and SLAs remain unchanged.

No. Your existing Sentriq Master Services Agreement, DPA and Order Forms continue to be valid — Cyfriq is a continuation of the same legal entity. You will receive a single notice of renaming under separate cover.

Yes, seamlessly. The agent auto-updates to reflect the new brand identity on the next policy sync. No action required from your side. All URLs will redirect permanently from sentriq.io to cyfriq.com.