Skip to main content
Back to Home

Security

How we protect your data and maintain trust

Security is foundational to SynthCaaS. We handle sensitive, personal data that powers your AI experiences, and we take that responsibility seriously. This page outlines our security posture.

Encryption at Rest

All data stored in our systems is encrypted using AES-256, the same standard used by banks and government agencies.

Encryption in Transit

All network traffic uses TLS 1.3 with perfect forward secrecy. We enforce HTTPS everywhere, no exceptions.

Secret Management

OAuth tokens and credentials are stored in dedicated secrets managers with automatic rotation and access auditing.

Infrastructure Security

We run on hardened infrastructure with network isolation, intrusion detection, and continuous monitoring.

Access Controls

Role-based access control with principle of least privilege. Multi-factor authentication required for all team members.

Audit Logging

Comprehensive audit logs for all data access and administrative actions, retained for compliance and incident investigation.

Architecture Overview

SynthCaaS uses a defense-in-depth approach with multiple security layers:

  • Network layer: Private VPCs, WAF protection, DDoS mitigation, IP allowlisting for admin functions
  • Application layer: Input validation, output encoding, parameterized queries, rate limiting
  • Data layer: Encryption, access controls, data isolation between tenants
  • Identity layer: OAuth 2.0 + OIDC, JWT with short expiry, secure session management

Multi-Tenant Isolation

Your data is cryptographically isolated from other users. We implement:

  • Unique encryption keys per tenant
  • Logical database separation with row-level security
  • Namespace isolation in vector stores
  • Request-level tenant validation

Compliance

We are actively pursuing the following certifications:

  • SOC 2 Type II — In progress, expected Q2 2025
  • GDPR — Compliant by design, with DPA available
  • CCPA — California privacy compliance implemented

Incident Response

We maintain a documented incident response plan that includes:

  • 24/7 monitoring and alerting
  • Defined severity levels and response procedures
  • Communication templates for customer notification
  • Post-incident review and improvement process

Vulnerability Disclosure

Report a Security Issue

If you discover a security vulnerability, please report it responsibly. We appreciate security researchers who help keep our users safe.

Email: security@synthcaas.com

We aim to respond within 24 hours and will work with you to understand and address the issue.

Third-Party Security

We carefully vet all third-party services and require:

  • SOC 2 Type II certification or equivalent
  • Data processing agreements (DPAs)
  • Regular security assessments
  • Contractual security obligations

Employee Security

  • Background checks for all employees
  • Security awareness training
  • Hardware security keys for authentication
  • Principle of least privilege access

Questions?

For security-related questions or to request our security documentation, contact security@synthcaas.com.