Compliance hub
Enterprise compliance, startup speed
Audit-ready security controls for SOC 2, PCI DSS 4.0, ISO 27001 and GDPR — generated automatically from the protection already running on your sites.
SOC 2 Type II
GDPR
PCI DSS
OWASP Top 10
Compliance hub
Enterprise compliance, startup speed
Audit-ready security controls for SOC 2, PCI DSS 4.0, ISO 27001 and GDPR — generated automatically from the protection already running on your sites.
SOC 2 Type II
GDPR
PCI DSS
OWASP Top 10
Compliance hub
Enterprise compliance, startup speed
Audit-ready security controls for SOC 2, PCI DSS 4.0, ISO 27001 and GDPR — generated automatically from the protection already running on your sites.
SOC 2 Type II
GDPR
PCI DSS
OWASP Top 10
Compliance hub
Enterprise compliance, startup speed
Audit-ready security controls for SOC 2, PCI DSS 4.0, ISO 27001 and GDPR — generated automatically from the protection already running on your sites.
SOC 2 Type II
GDPR
PCI DSS
OWASP Top 10
Trust service criteria, mapped to real controls
Every Lyrie control maps to a named SOC 2 trust principle. Logs, evidence, and timestamps are exported in the format auditors expect.
Access control
Role-based permissions, MFA enforcement, and session management across dashboard and API access.
Audit logging
Every authentication event, configuration change, and security action logged with timestamps and actor identity.
Encryption in transit
TLS 1.2+ enforced across all connections. WAF proxy, API endpoints, and agent communication — no exceptions.
Encryption at rest
Database encryption, scan result storage, and backup volumes protected with AES-256.
Incident response
Real-time alerting, correlated findings, and guided remediation workflows for rapid containment.
Change management
Version-tracked policy changes, configuration history, and rollback capability for every security control.
Availability monitoring
Uptime monitoring, health checks, and redundancy across platform components.
Vendor management
Minimal third-party dependencies. No data sharing with external model training pipelines.
Trust service criteria, mapped to real controls
Every Lyrie control maps to a named SOC 2 trust principle. Logs, evidence, and timestamps are exported in the format auditors expect.
Access control
Role-based permissions, MFA enforcement, and session management across dashboard and API access.
Audit logging
Every authentication event, configuration change, and security action logged with timestamps and actor identity.
Encryption in transit
TLS 1.2+ enforced across all connections. WAF proxy, API endpoints, and agent communication — no exceptions.
Encryption at rest
Database encryption, scan result storage, and backup volumes protected with AES-256.
Incident response
Real-time alerting, correlated findings, and guided remediation workflows for rapid containment.
Change management
Version-tracked policy changes, configuration history, and rollback capability for every security control.
Availability monitoring
Uptime monitoring, health checks, and redundancy across platform components.
Vendor management
Minimal third-party dependencies. No data sharing with external model training pipelines.
Trust service criteria, mapped to real controls
Every Lyrie control maps to a named SOC 2 trust principle. Logs, evidence, and timestamps are exported in the format auditors expect.
Access control
Role-based permissions, MFA enforcement, and session management across dashboard and API access.
Audit logging
Every authentication event, configuration change, and security action logged with timestamps and actor identity.
Encryption in transit
TLS 1.2+ enforced across all connections. WAF proxy, API endpoints, and agent communication — no exceptions.
Encryption at rest
Database encryption, scan result storage, and backup volumes protected with AES-256.
Incident response
Real-time alerting, correlated findings, and guided remediation workflows for rapid containment.
Change management
Version-tracked policy changes, configuration history, and rollback capability for every security control.
Availability monitoring
Uptime monitoring, health checks, and redundancy across platform components.
Vendor management
Minimal third-party dependencies. No data sharing with external model training pipelines.
Data subject
rights are not
a feature request
— they are built in
Access, deletion, portability, and consent management are native dashboard controls. Your users exercise their rights. You stay compliant. No engineering tickets required.
Right of access
Users can view and export all personal data stored by Lyrie through the dashboard Data Controls panel.
Right to deletion
Request account deletion from your profile. After email and 2FA verification, all data is permanently wiped within 7 days.
Data minimization
Configurable privacy controls for regulatory compliance.
Consent management
Granular opt-in controls for telemetry, notifications, and data processing — revocable at any time.
Data portability
Export your security data, scan reports, and audit logs in standard formats through the API or dashboard.
No-training guarantee
Contractual commitment: your data is never used to train AI models. Period.
Right of access
Users can view and export all personal data stored by Lyrie through the dashboard Data Controls panel.
Right to deletion
Request account deletion from your profile. After email and 2FA verification, all data is permanently wiped within 7 days.
Data minimization
IP truncation, configurable retention windows, and region lock ensure you collect only what you need.
Consent management
Granular opt-in controls for telemetry, notifications, and data processing — revocable at any time.
Data portability
Export your security data, scan reports, and audit logs in standard formats through the API or dashboard.
No-training guarantee
Contractual commitment: your data is never used to train AI models. Period.
Data subject
rights are not
a feature request
— they are built in
Access, deletion, portability, and consent management are native dashboard controls. Your users exercise their rights. You stay compliant. No engineering tickets required.
Right of access
Users can view and export all personal data stored by Lyrie through the dashboard Data Controls panel.
Right to deletion
Request account deletion from your profile. After email and 2FA verification, all data is permanently wiped within 7 days.
Data minimization
Configurable privacy controls for regulatory compliance.
Consent management
Granular opt-in controls for telemetry, notifications, and data processing — revocable at any time.
Data portability
Export your security data, scan reports, and audit logs in standard formats through the API or dashboard.
No-training guarantee
Contractual commitment: your data is never used to train AI models. Period.
Right of access
Users can view and export all personal data stored by Lyrie through the dashboard Data Controls panel.
Right to deletion
Request account deletion from your profile. After email and 2FA verification, all data is permanently wiped within 7 days.
Data minimization
IP truncation, configurable retention windows, and region lock ensure you collect only what you need.
Consent management
Granular opt-in controls for telemetry, notifications, and data processing — revocable at any time.
Data portability
Export your security data, scan reports, and audit logs in standard formats through the API or dashboard.
No-training guarantee
Contractual commitment: your data is never used to train AI models. Period.
PCI DSS
PCI DSS
Requirement mapping for payment security
Lyrie's WAF and scanner cover PCI DSS Requirement 6.6 and 11.3.2 without a separate scanning vendor or quarterly ASV add-on.
REQ
6.6
WAF Protection
One platform replaces your fragmented tool stack. Dedicated infrastructure, 24/7 monitoring, compliance controls, and premium engagement services — built for organizations where downtime is not an option.
REQ
10.1
Audit Trail
All access to system components logged with user identity, timestamps, and action details.
REQ
10.2
Event Logging
Security events, authentication attempts, and configuration changes recorded and searchable.
REQ
10.6
Log Review
Dashboard analytics and alerting enable daily review of security events and anomalies.
REQ
11.2
Vulnerability Scanning
Scheduled and on-demand scans with professional reports for quarterly ASV validation support.
REQ
12.10
Incident Response
Real-time detection, correlated findings, and remediation workflows for rapid response.
REQ
6.6
WAF Protection
One platform replaces your fragmented tool stack. Dedicated infrastructure, 24/7 monitoring, compliance controls, and premium engagement services — built for organizations where downtime is not an option.
REQ
10.1
Audit Trail
All access to system components logged with user identity, timestamps, and action details.
REQ
10.2
Event Logging
Security events, authentication attempts, and configuration changes recorded and searchable.
REQ
10.6
Log Review
Dashboard analytics and alerting enable daily review of security events and anomalies.
REQ
11.2
Vulnerability Scanning
Scheduled and on-demand scans with professional reports for quarterly ASV validation support.
REQ
12.10
Incident Response
Real-time detection, correlated findings, and remediation workflows for rapid response.
Our data handling commitment
Encryption everywhere
TLS 1.2+ in transit, AES-256 at rest. Every data path is encrypted — dashboard, API, agent sync, scan storage.
No model training
Your data protects you and only you. Contractual guarantee that no request data, scan results, or telemetry feeds any training pipeline.
Region awareness
Region lock controls keep your data in the geography your compliance framework requires.
Configurable retention
Set how long data lives — 7, 30, 90, 180, or 365 days. When the window closes, data is deleted permanently.
Exportable audit logs
Export your security data, scan reports, and audit logs in standard formats through the API or dashboard.
Least-privilege access
Role-based permissions, MFA enforcement, and session controls limit exposure surface inside the platform.
Our data handling commitment
Encryption everywhere
TLS 1.2+ in transit, AES-256 at rest. Every data path is encrypted — dashboard, API, agent sync, scan storage.
No model training
Your data protects you and only you. Contractual guarantee that no request data, scan results, or telemetry feeds any training pipeline.
Region awareness
Region lock controls keep your data in the geography your compliance framework requires.
Configurable retention
Set how long data lives — 7, 30, 90, 180, or 365 days. When the window closes, data is deleted permanently.
Exportable audit logs
Export your security data, scan reports, and audit logs in standard formats through the API or dashboard.
Least-privilege access
Role-based permissions, MFA enforcement, and session controls limit exposure surface inside the platform.
Ready to simplify your next audit?
Ready to simplify your next audit?": "Book a 20-minute walkthrough — bring your last audit's findings and we'll show you which ones Lyrie eliminates.
Ready to simplify your next audit?
Ready to simplify your next audit?": "Book a 20-minute walkthrough — bring your last audit's findings and we'll show you which ones Lyrie eliminates.
Ready to simplify your next audit?
Ready to simplify your next audit?": "Book a 20-minute walkthrough — bring your last audit's findings and we'll show you which ones Lyrie eliminates.
Ready to simplify your next audit?
Ready to simplify your next audit?": "Book a 20-minute walkthrough — bring your last audit's findings and we'll show you which ones Lyrie eliminates.