Synap Security Policy

You can also view our Privacy Policy, Terms of Service, and API Terms of Service.

Updated: September 21, 2016

We understand how important the security, privacy and confidentiality of your data is to you and your teams and work to the best of our abilities to ensure your expectations are met. Please make a point to review the information below regarding our current policies and practices, along with our Privacy Policy and Terms of Service. This is a living document and we will update it as our service evolves and industry practices change.

Security

As a company, we use the Synap service for managing all of our customer communication. Ensuring that the Synap service remains secure is vital to protecting our own data. The security of your information is required for our success as a business. Below are some details on our security practices.

Encryption

By default, all traffic is encrypted in both directions. Synap uses 256-bit AES, supports TLS 1.2 for all of your messages, and uses the ECDHE_RSA Key Exchange Algorithm. Additionally, all data is encrypted at rest in Synap's data stores.

We use a third-party, industry-accepted Payment Provider to securely process credit card transactions and store payment credentials.

We monitor the security community's output closely and work promptly to upgrade the service to respond to new vulnerabilities as they are discovered.

Secure Physical Location

Our servers are located in Amazon's AWS data centers. They've devoted an entire portion of their site to explaining their security measures, which you can find here: https://aws.amazon.com/compliance/

Availability

We understand that you rely on Synap to work. We're committed to making Synap a highly-available, ultra-reliable service that you can always count on. We build systems that tolerate the failure of individual computers or whole datacenters, keep many copies of your data online for redundancy, practice disaster-recovery measures often, and always have staff on-call to quickly resolve unexpected incidents.

Security Features for all users

The highest security risk to any system is usually the behavior of its users. We want to provide you with the tools you need to protect your own data. To that end, Synap employs authentication schemes that support two-factor authentication provided by our integration partners.

Additionally, Synap includes administrative controls over who can access your Synap team and modify permissions. We will continue to roll out additional features which give you more control over the security of your Synap team.

Confidentiality

We regard the information you share within your Synap team as private and confidential to your team. We place strict controls over our employees’ access to internal data and are committed to ensuring that your data is never seen by anyone who should not see it.

While the operation of the Synap service would not be possible unless there were some technical employees with sufficient system permissions to enable them to access and control software that stores and indexes the content you add to your instance of the Synap service, this team is kept purposefully small and are prohibited from using these permissions to view customer data unless it is necessary to do so.

All of our employees and contractors are bound to our policies regarding customer data and we treat these issues as matters of the highest importance within our company. If, in order to diagnose a problem you are having with the service, we would need to do something that would expose your personal communications to one of our employees in a readable form, we will ask for your consent prior to taking action.

There are limited circumstances when we ever share customer content without first obtaining permission. These are clearly outlined in our Privacy Policy.

Privacy

A fundamental privacy principle we abide by is that by default, anything you post to Synap is private to your team. That is, viewing the messages and files shared within a specific team requires authentication as a member of that team. Synap has a comprehensive Privacy Policy that lays out our approach to privacy. Please read it.

If you are using Synap in a workplace or on a device or account issued to you by your employer or another organization, they will almost certainly have their own policies in place regarding storage, access, modification, deletion and retention of communications and content. Please check with your employer or team administrator about what policies they have in place regarding your communications and related content.

Experienced Team

Even before Synap, our team has been putting services on the internet for a long time. We're not perfect but we’re pretty good at it. Our product engineering and technical operations team members are experienced and keep their skills up to date as industry best practices evolve. We’ve coded, tested and administered services running on thousands of physical servers in data centers around the world and we bring the collective wisdom that comes with many decades of secure practice to the operation of the Synap service.

We know how important these issues are to you and can honestly tell you they are equally important to us. The security, privacy and confidentiality of your information are core to our success as a business. Rest assured that we will continue to be proactive and diligent in ensuring its safety.

If you have additional questions regarding data privacy, security or confidentiality, we’d be happy to discuss them with you. Email us at support@getsynap.com and we will respond as quickly as we can.

If you believe you have found a security vulnerability on Synap, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to fix any problems quickly.

You can also view our Privacy Policy, Terms of Service, and API Terms of Service.