End-to-End Encryption
TLS 1.3 in transit and AES-256 at rest for platform data stores and secrets.
Security
Security
TLS 1.3 in transit, AES-256 at rest, SOC 2 Type II, and RBAC on workspace APIs.
SOC 2 Type II
Annual third-party audits with controls for availability, confidentiality, and processing integrity.
Audit & Access Logs
Workspace audit events with export, plus RBAC-gated access to security settings and API keys.
Gateway-Enforced Auth
Kong introspects API keys via Identity and forwards signed tenant context to every service.
GDPR & CCPA
Privacy-by-design data handling with configurable retention and data subject request workflows.
Role-Based Access
Owner, Admin, Developer, Operator, Viewer, and Billing Manager roles with scoped API keys and teams.
Data Protection
Encryption Standards
All customer data is protected using industry-standard encryption:
- In Transit: TLS 1.3 for all data transmission between clients and servers
- At Rest: AES-256 encryption for all stored data and backups
- Key Management: HSM-backed key management with automatic rotation
Infrastructure Security
Our infrastructure is designed with security and reliability in mind:
- Cloud Provider: Hosted on AWS and GCP with enterprise support agreements
- Network Security: DDoS protection, WAF, and network segmentation
- Monitoring: 24/7 security monitoring and automated threat detection
- Backup & Recovery: Automated daily backups with point-in-time recovery
Application Security
Application security practices:
- Development: Code review, dependency scanning, and staged rollouts
- Vulnerability Scanning: Automated security scanning and dependency audits
- Penetration Testing: Annual third-party penetration testing
- Bug Bounty: Active bug bounty program with responsible disclosure
Access Management
Access controls:
- Authentication: Multi-factor authentication (MFA) for all users
- SSO Integration: Support for SAML 2.0 and OAuth 2.0 single sign-on
- RBAC: Role-based access control with custom permission policies
- Audit logs: Workspace event export for compliance review
Compliance & Certifications
Syntra maintains compliance with major regulatory frameworks:
- SOC 2 Type II: Annual audits verifying security, availability, and confidentiality controls
- GDPR: Full compliance with EU General Data Protection Regulation
- CCPA: Compliance with California Consumer Privacy Act
- HIPAA: HIPAA-compliant infrastructure for healthcare customers
- ISO 27001: Information security management certification (in progress)
Incident Response
Incident response:
- Monitoring: Gateway and service log alerts with on-call rotation
- Incident Response Team: Dedicated team with defined escalation procedures
- Breach Notification: Timely notification to affected customers per regulatory requirements
- Post-Incident Review: Thorough analysis and remediation of all security events
Employee Security
Our team follows strict security protocols:
- Background Checks: All employees undergo background verification
- Security Training: Regular security awareness and training programs
- Least Privilege: Access to customer data limited to authorized personnel only
- NDAs: Confidentiality agreements for staff with production access
Security Vulnerability Reporting
If you discover a security vulnerability, please report it to our security team immediately:
Email: security@smecloud.app
We appreciate responsible disclosure and will work with you to address any vulnerabilities promptly.
Security questions
Email security@smecloud.app for questionnaires, pen-test summaries, or DPA requests.