Eurora Group

Information & Data Security

As guardians of your data, security is at the forefront of everything we do. We have taken steps to ensure your data remains private and secure and that we are fully compliant with the General Data Protection Regulation (GDPR).

Your Data & What We Do

We do not hold any personal information beyond that which is necessary for billing, through a third-party service Unless agreed separately in writing, your subscription will be managed via a Direct Debit service with your information being used to process payments. Any information is only kept for the duration of your subscription and is removed from our system upon termination.

All other information held within the Cyrus Software system remains your property and is securely held within our cloud services (see Servers / Infrastructure below). Processing is carried out on all data as part of the normal operation of the Cyrus Software system. This can include, but not limited to, generating automated alerts based on the results of submitted data, generating and processing "job" related information as per user allocations and performing automated analytics for dashboard and static reporting. We also maintain several services which monitor our systems for errors and flaws to flag up to us areas in need of attention.

Upon termination of contract, we offer a 30-day period to retrieve any and all data from our systems. Any data on our system after the 30-day period is automatically removed from our systems.

If you would like to make a subject access request (SAR) then please send an e-mail to and we will be more than happy to assist (Please Note: for larger requests please allow up to 7 days for processing)

Servers / Infrastructure

Eurora Group Limited provides the Cyrus suite of software in a SaaS (Software as a Service) architecture and utilises Microsoft Azure for its cloud services. Microsoft Azure provides a security-hardened infrastructure used by some of the world’s largest companies such as Samsung, GE Healthcare and Boeing, and provides rapid, managed, up-to-date patches for security vulnerabilities as they are discovered and provides continuous security-health monitoring on all areas of the infrastructure.

Resilience and redundancy is at the heart of cloud services and the Microsoft Azure platform provides for failover to one of many data centres around the world in the event of any problems and active data replication allows for rapid disaster recovery with minimal downtime and/or loss.

In addition to the robust security provided by Microsoft Azure cloud services, the Cyrus Software suite has built within its core additional security layers to ensure the maximum protection for all of our client data. In the unlikely event of a security breach of the cloud services, our added layers ensure that no information accessed of a sensitive nature would be readable without the relevant authentication tokens.

For further reading, please see:

Systems / Data

The Cyrus Software utilises secure end-to-end encryption on all data during transit to and from mobile devices, the web-based control panel and via the API systems

Data within the Cyrus Software system is held in a secure SQL database where all data is encrypted at rest using Transparent Data Encryption. All connections to the database are encrypted and direct access is severely restricted through firewall rules and authentication mechanisms requiring proof of identity and internal authorisation. Any and all activity within the Cyrus Software system is logged and actively monitored for unusual activity.

Passwords and account data are additionally hash encrypted within the database with unique, account level salt ensuring that the data is unreadable (even to us) without the user’s authentication token.

For further reading, please see:

GDPR & Data Protection

We have adopted a personal data and privacy protection policy, in line with the Data Protection Act 2018, to establish and maintain an adequate level of data privacy protection. This policy is applicable to all records collected on the site domain electronically that contain personal and sensitive data. Our data servers are secure and closely monitored for intrusions and additional security measures have been enacted to ensure any data held is kept safely and securely.

We will never make available or supply any personal, sensitive or otherwise compromising information to any third party unless legally requested to do so. All data held on servers licensed and operated by us remain our client’s sole property and upon terminations of contract we will make all data held by us available in a secure, compressed format for up to 30 days, after which time any and all data will be removed from our systems.

To make a request for more information, or to enquire about our data and privacy protection policies, contact us at: