Security Policy

Synoviq is committed to protecting your data and maintaining the highest standards of information security. Learn about our security measures, compliance certifications, and data protection practices.

Report Security IssuePrivacy Policy

Last Updated: January 15, 2024

At Synoviq, security is fundamental to everything we do. We understand that protecting your data and maintaining your trust is critical. This Security Policy outlines our comprehensive approach to information security, data protection, and cybersecurity.

We implement industry-leading security measures, maintain compliance with international security standards, and continuously monitor and improve our security posture to protect against evolving threats.

Our Security Principles

The fundamental principles that guide our security practices

Defense in Depth

Multiple layers of security controls to protect against various attack vectors and ensure comprehensive protection.

Encryption Everywhere

Data encryption in transit and at rest using industry-standard protocols to protect sensitive information.

Continuous Monitoring

24/7 security monitoring and threat detection to identify and respond to security incidents promptly.

Least Privilege

Access controls ensuring users and systems have only the minimum permissions necessary to perform their functions.

Compliance First

Adherence to international security standards and regulations to ensure consistent security practices.

Incident Response

Rapid response procedures and recovery plans to minimize impact and restore services quickly.

Compliance & Certifications

We maintain compliance with internationally recognized security standards and certifications:

SOC 2 Type II

We are SOC 2 Type II certified, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy of customer data.

Our SOC 2 audit is conducted annually by independent auditors and verifies that our security controls are operating effectively.

ISO 27001:2013

We are certified under ISO 27001:2013, the international standard for information security management systems.

This certification demonstrates our systematic approach to managing sensitive company and customer information.

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR), ensuring the protection of personal data of individuals in the European Union.

Our data processing practices align with GDPR requirements, including data minimization, purpose limitation, and data subject rights.

CCPA Compliance

We comply with the California Consumer Privacy Act (CCPA), protecting the privacy rights of California residents.

We respect consumer rights under CCPA, including the right to know, delete, and opt-out of the sale of personal information.

Security Measures

Data Encryption

Encryption in Transit

All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher protocols.

  • HTTPS for all web communications
  • Secure API connections
  • Encrypted email communications

Encryption at Rest

All stored data is encrypted using AES-256 encryption, the industry standard for data protection.

  • Database encryption
  • File system encryption
  • Backup encryption

Access Controls

  • Multi-Factor Authentication (MFA): Required for all administrative and privileged accounts
  • Role-Based Access Control (RBAC): Users are granted access based on their job function and responsibilities
  • Principle of Least Privilege: Users receive only the minimum access necessary to perform their duties
  • Regular Access Reviews: Access permissions are reviewed and updated regularly
  • Session Management: Automatic session timeout and secure session handling

Network Security

Firewalls

Advanced firewall systems protect our network perimeter and filter incoming and outgoing traffic.

Intrusion Detection

Intrusion detection and prevention systems monitor network traffic for suspicious activities.

DDoS Protection

Distributed Denial of Service (DDoS) protection to ensure service availability.

Network Segmentation

Network segmentation to isolate critical systems and limit the impact of potential breaches.

Application Security

  • Secure Development Lifecycle: Security considerations integrated throughout the development process
  • Code Reviews: Regular security code reviews and static analysis
  • Penetration Testing: Regular penetration testing by independent security firms
  • Vulnerability Management: Proactive identification and remediation of security vulnerabilities
  • Dependency Scanning: Automated scanning of third-party dependencies for known vulnerabilities

Data Protection

Data Classification

We classify data based on sensitivity and apply appropriate security controls. Personal and sensitive data receive the highest level of protection.

Data Minimization

We collect and process only the data necessary for providing our services and fulfilling our legal obligations.

Data Retention

We retain data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy or as required by law. Data is securely deleted when no longer needed.

Backup and Recovery

Regular encrypted backups are performed to ensure data availability and recovery in case of incidents. Backup systems are tested regularly to ensure reliability.

Incident Response

We have established incident response procedures to quickly identify, contain, and remediate security incidents:

Detection

24/7 security monitoring and automated threat detection systems identify potential security incidents.

Response

Our security team responds immediately to contain threats and prevent further damage.

Investigation

Thorough investigation to understand the scope and impact of security incidents.

Remediation

Swift remediation actions to eliminate threats and restore normal operations.

Notification

Timely notification to affected parties and relevant authorities as required by law.

Post-Incident Review

Comprehensive review to identify lessons learned and improve our security posture.

Security Training

Security is everyone's responsibility. We provide comprehensive security training to all employees:

Employee Training

  • Security awareness training
  • Phishing prevention
  • Password security
  • Data handling procedures

Developer Training

  • Secure coding practices
  • OWASP Top 10 awareness
  • Security testing techniques
  • Vulnerability management

Reporting Security Issues

If you discover a security vulnerability or have concerns about our security practices, please report it to us immediately:

How to Report

Email

Send security reports to [email protected]

Please include "Security Vulnerability" in the subject line and provide detailed information about the issue.

Responsible Disclosure

We appreciate responsible disclosure of security vulnerabilities. Please:

  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • Do not access or modify data that does not belong to you
  • Do not disrupt our services or compromise user privacy

Response Time: We aim to acknowledge security reports within 24 hours and provide updates on our progress. We take all security reports seriously and will work to address them promptly.

Updates to This Policy

We may update this Security Policy from time to time to reflect changes in our security practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Posting a notice on our website
  • Sending an email notification (for significant changes)

Your continued use of our services after any changes to this Security Policy constitutes your acceptance of the updated policy. We encourage you to review this policy periodically to stay informed about our security practices.

Have Security Concerns?

If you have discovered a security vulnerability or have questions about our security practices, please contact our security team immediately.

Report Security Issue