Security | Xynapse AI

Certifications & Compliance

SOC 2 Type II Certified

GDPR Compliant

HIPAA Ready

ISO 27001 In Progress

Data Encryption

At Rest: 256-bit AES encryption for all stored data
In Transit: TLS 1.3 for all network communications
Key Management: AWS KMS with customer-managed keys available

Infrastructure Security

Hosted on AWS with multi-region redundancy
Virtual Private Cloud (VPC) isolation
Web Application Firewall (WAF) protection
DDoS protection via AWS Shield
Regular infrastructure vulnerability scanning

Application Security

Secure development lifecycle (SDLC)
Code reviews for all changes
Static and dynamic application security testing
Annual third-party penetration testing
Bug bounty program

Access Controls

Role-based access control (RBAC)
Multi-factor authentication (MFA) required
SSO integration (SAML 2.0, OIDC)
Audit logging for all actions
Session timeout and IP whitelisting

Data Handling

Read-Only Access: We only require read-only credentials to your cloud accounts
Data Minimization: We only collect data necessary for cost analysis
Data Retention: Configurable retention periods with automatic deletion
Data Portability: Export your data at any time in standard formats

Incident Response

We maintain a comprehensive incident response plan:

24/7 security monitoring and alerting
Defined escalation procedures
Customer notification within 72 hours for relevant breaches
Post-incident analysis and remediation

Security Contact

Report security vulnerabilities responsibly:

Email: security@xynapse.ai

PGP Key: Available on request

Request Security Whitepaper