Trust you can check.
Security claims are easy to make. Here's one you can verify yourself in seconds, plus the resources and review materials for everything else.
Proof, not promises
Don't take our security on faith.
Basirah ships evidence packages with SHA-256 manifests and ed25519 signatures. Here's a synthetic one. Open the report, then check every hash and signature yourself, in your browser.
Resources
Security
How we protect the platform, our infrastructure practices, and how to report vulnerabilities.
Privacy Policy
What data we collect, how we use it, your rights under GDPR and CCPA, and our data retention practices.
Terms of Service
The legal agreement governing use of Synodician services and the Basirah platform.
Cookie Policy
Which cookies and storage mechanisms this site uses, and how to control them.
Where we are today
Current controls, stated plainly.
Security reviews go better when the facts are easy to inspect. Here is what is in place now and how to ask for deeper review materials.
Tenant isolation
Per-tenant isolation with independent encryption keys, described in more detail on the security page.
Encryption
Encryption at rest with managed key controls, plus TLS for data in transit.
Evidence integrity
Basirah evidence packages include SHA-256 hashes, integrity manifests, and optional signed manifests for later verification. Managed deployments can use customer-controlled signing keys when that option is enabled. Check a sample yourself.
Disclosure channel
security.txt is published, and security reports go to security@synodician.com.
Review materials
Security review materials are available on request for qualified Basirah evaluations.
Questions or concerns?
If you have questions about our security practices, need to report a vulnerability, or want to discuss data protection, we're here to help.