Enterprise-grade security by design.
Syntact protects customer data through layered security controls, encrypted communications, strict tenant isolation, and enterprise authentication standards.
Identity & Access Management
Enterprise Single Sign-On (SSO)
Syntact supports enterprise-grade Single Sign-On using OpenID Connect (OIDC), enabling centralized identity management across the platform and integrated services.
- OIDC-compliant authentication flows
- PKCE protection for frontend authorization flows
- Centralized identity and session management
- Single Logout (SLO) across connected services
Role-Based Access Control (RBAC)
Access to platform functionality is governed through fine-grained, role-based permissions.
- Hierarchical roles and delegated administration
- Feature-level access controls
- Policy-based authorization
- Default-deny access posture for protected resources
Multi-Tenant Security
Strict Tenant Isolation
Customer environments are logically isolated using a tenant-aware architecture designed to prevent cross-tenant data access.
- Dedicated tenant context validation on every request
- Tenant-aware caching and session handling
- Isolated data boundaries between organizations
- Environment separation across production, staging, and testing
Encryption & Secrets Management
Encryption & Key Protection
Layered encryption controls protect sensitive operations and communications.
- HTTPS/TLS encryption for all public endpoints
- Application-level encryption workflows
- Managed cryptographic key protection via cloud KMS
- Secure service-to-service communication
Secrets Management
Secrets and credentials are centrally managed using industry-standard secret management systems.
- Centralized secret storage
- Dynamic secret handling for integrations
- No hardcoded long-lived credentials in application code
- Controlled access to sensitive configuration data
Secure Infrastructure
Hardened Infrastructure & Network Security
Platform services are deployed using isolated, containerized infrastructure with authenticated access controls.
- Authenticated access to internal platform services
- Disabled anonymous access on protected systems
- Mutual trust validation between internal services
- Secure ingress with managed TLS certificates
- Controlled administrative access policies
Secure Service-to-Service Communication
Internal platform communication uses authenticated and encrypted service identities rather than shared static credentials.
- Token-based service authentication
- Identity propagation using OIDC
- TLS-secured internal communication
- Managed trust relationships between services
Session & Application Security
Secure Session Handling
User sessions are protected using secure cookie policies and centralized session lifecycle management.
- Secure and HTTP-only cookies
- SameSite protections against CSRF
- Automatic token renewal
- Session invalidation on logout
Application Security Best Practices
The platform follows secure-by-default application security principles.
- CSRF protection for state-changing operations
- Explicit allow-listing of public endpoints
- Default authentication requirements
- Controlled handling of authorization failures
- Security-focused event logging and monitoring
AI Security & Privacy
Secure AI Gateway Controls
Access to AI gateway functionality is protected through authenticated and controlled access policies.
- Authenticated model proxy access
- Centralized API access controls
- Tenant-scoped credential management
- Controlled downstream model access
Privacy-Conscious AI Operations
Retention of sensitive AI interaction data is minimized by default.
- Reduced prompt retention in operational logs
- Controlled access to AI request metadata
- Centralized credential management for AI providers
Monitoring & Operational Security
Centralized Logging & Monitoring
Syntact maintains centralized logging and operational monitoring for security-relevant events and infrastructure health.
- Authentication and authorization event logging
- Tenant isolation monitoring
- Secure operational auditing
- Environment-specific deployment controls
Security Principles
How the platform is designed
The platform is designed around a small set of guiding principles applied across architecture, implementation, and operations.
- Least privilege access
- Defense in depth
- Secure-by-default configurations
- Strong tenant isolation
- Centralized identity management
- Encrypted communications
- Minimized secret exposure
GDPR Compliance & Data Residency
EU-Based Infrastructure
All Syntact services are hosted within the European Union. Customer data is processed and stored exclusively on EU-based infrastructure with strict data residency guarantees.
- All application services running in EU data centers
- Customer data never leaves European jurisdiction
- EU-based backup and disaster recovery
- Contractual data processing agreements aligned with GDPR Article 28
AI Data Residency
The large language models used within Syntact are configured with data residency in Europe. No customer data is processed by AI providers outside EU boundaries.
- LLM inference with EU data residency guarantees
- No data retention by AI providers for model training
- Processing agreements with AI vendors covering GDPR obligations
- Customer prompts and responses remain within EU jurisdiction
Privacy by Design
Syntact is built with privacy-first principles aligned with GDPR requirements.
- Data minimization across all features
- Right to access and data portability supported
- Right to erasure implemented with automated workflows
- Privacy impact assessments for new features
Reviewing Syntact for your organization?
Share your security questionnaire or compliance checklist. We respond with detailed, written answers from our security team.