1. Purpose
This statement describes how Synphoria protects user data and infrastructure and complements the Privacy and Safeguarding policies.
2. Security governance
- Security-by-design product development.
- Least-privilege access and separation-of-duties controls.
- Security and confidentiality guidance for personnel.
3. Encryption and transport
Synphoria uses strong encryption for data in transit and at rest, including authenticated protections for sensitive message content.
4. Key management and controlled decryption
Chat content is not routinely accessible in plaintext. Decryption-capable actions require role-restricted governance, a recorded reason, and audit logging.
5. Access controls
- Role-based access for internal/admin tooling.
- MFA for privileged operations where appropriate.
- Prompt onboarding/offboarding access lifecycle controls.
6. Monitoring and auditability
Security and safeguarding events are logged with minimization principles to support detection, investigation, and compliance accountability.
7. Secure development and vulnerabilities
Synphoria applies code review, dependency hygiene, environment separation, and periodic security testing to reduce risk.
8. Data minimization and retention
We collect and retain only what is necessary for operations, security, and legal obligations, with deletion/anonymization controls where feasible.
9. Third-party risk and incident response
Providers are vetted and contractually governed. Incident response includes triage, containment, remediation, notifications where required, and post-incident review.
10. User account safety guidance
- Use a strong unique password.
- Keep device security and updates enabled.
- Report suspected unauthorized access immediately.
Security contact: security@synphoria.app