Systems online. status: running()
WETYR
Where Energy Transforms Your Reality
Book a Call Start
Security

Security at WETYR

We protect customer data with layered controls across people, process, and technology. This page outlines our current practices and how we partner with clients under a shared responsibility model.

Security Posture

Defense in depth. Designed to exit.

Every layer of our security stack is built so that a breach of one layer does not compromise the whole. We maintain these controls as a baseline and adjust based on client environment requirements.

Security Principles

  • Least privilege by default for systems and personnel
  • Defense in depth across endpoints, network, and cloud
  • Secure by design for new services and automations
  • Privacy-first mindset for all data handling

Data Protection

  • Encryption in transit using TLS 1.2 or higher
  • Encryption at rest using provider managed keys or customer managed keys where supported
  • Data minimization and purpose-based access
  • Role-based access control and periodic entitlement reviews

Identity and Access

  • Single sign-on with MFA required for administrative access
  • Password standards aligned with NIST recommendations
  • Just-in-time elevation for sensitive operations
  • Automated offboarding and device revocation

Infrastructure and Network

  • Cloud-native security groups, private networking, and WAF where appropriate
  • Endpoint detection and response on managed devices
  • Regular configuration baselines and drift alerts
  • Backups with tested restore procedures

Application Security

  • Change management with peer review and CI validation
  • Dependency and container vulnerability scanning
  • Secrets management in vaulted services rather than code or repos
  • Environment separation for dev, staging, and production

Monitoring and Incident Response

  • Centralized logging with retention and alerting on high-risk events
  • Playbooks for escalation, containment, and recovery
  • Customer notification for incidents that impact their data
  • Post-incident reviews and corrective actions

Business Continuity and DR

  • Documented recovery objectives for critical services
  • Multi-region or provider-level redundancy where applicable
  • Periodic restore drills and tabletop exercises

Privacy and Compliance

Our privacy practices are described in our Privacy Policy. We align programs to recognized frameworks such as NIST CSF and ISO 27001 principles. Formal certifications may be pursued based on customer needs and scope.

Third Parties and Vendors

  • Security and compliance review during vendor onboarding
  • Least data necessary shared with subprocessors
  • Contractual commitments for confidentiality and breach notice

Customer Responsibilities

Security is shared. Customers control access to their environments, decide what data to share, and must configure their own systems securely. We will advise on best practices and can provide MSP and cybersecurity services to harden environments.

Responsible Disclosure

If you believe you have found a security issue affecting WETYR or a customer environment we manage, email security@wetyr.com with details and steps to reproduce. Do not publicly disclose until we confirm a fix. We will acknowledge valid reports and work quickly to remediate.

Outbound Communications Security

  • Opt out available for email and SMS. Reply STOP to SMS or email privacy@wetyr.com
  • Call campaigns follow applicable telemarketing and do-not-call requirements
  • Records of consent maintained where operationally required

Contact

General security questions: security@wetyr.com
Privacy requests: privacy@wetyr.com
Urgent incident reports: include "Security Incident" in the subject line.

Need a security review or MSP hardening.

Book a working session. We will assess your current posture and outline fast, practical upgrades that reduce risk without slowing growth.

Book Security Session Email Security