Security practices · Updated February 2026
Security at Synodician
We handle vulnerability data, remediation evidence, and risk calculations. Our security program has to be at least as serious as what we build for yours.
Security controls
How we protect your data.
Deny by Default
Access starts at no. ABAC checks user, resource, environment, and action including IP ranges, time windows, and pattern rules.
Per-Tenant Isolation
Each tenant gets independent encryption keys and enforced data residency. Cross-tenant access blocked at the architecture level.
Tamper-Evident Audit Trail
Every record carries a SHA-256 hash over its immutable fields. Exportable for independent verification.
Minimal Footprint
Automated redaction strips secrets from logs and API responses. No third-party analytics, no tracking pixels.
Private Networking
Network segmentation with private endpoints. Databases, caches, and message queues not reachable from the public internet.
Encryption Everywhere
AES-256 at rest with hardware-backed KMS. TLS in transit. Sensitive fields get per-tenant field-level encryption.
Edge Protection
WAF with OWASP-based rule sets. Geographic restrictions scope traffic to expected regions.
Field-Level Encryption
Sensitive fields encrypted individually with per-tenant key derivation. One tenant's key can't decrypt another's data.
Responsible disclosure
Responsible Disclosure
Report a Vulnerability
Found something? Report vulnerabilities to security@synodician.com. We'll acknowledge your report within 48 hours.
View security.txtGuidelines
- Provide clear reproduction steps
- Don't access or modify data belonging to other users
- No denial-of-service or disruptive testing
- Allow reasonable time for investigation and remediation
Questions about security
Questions About Our Security?
Going through a vendor assessment? Need specifics beyond what's on this page? Our security team is here.