A comprehensive technical breakdown of how SynapseBot handles, secures, and audits your data flow.
We categorize processed data into three distinct layers to ensure appropriate security measures are applied:
| Category | Data Types | Encryption Level |
|---|---|---|
| Operational Data | API Keys, Account Metadata, System Config | AES-256 (At Rest) |
| Conversation Logs | Message Content, Media URLs, Intent Scores | AES-256 + HMAC |
| Integration Data | CRM Tokens, Shopify Order Data, Webhooks | Hardware Security Module (HSM) |
SynapseBot is built on a "Secure-by-Design" philosophy. Our infrastructure includes:
Virtual Private Cloud (VPC) isolation with strictly controlled ingress/egress via Web Application Firewalls (WAF).
OAuth 2.0 and OpenID Connect protocols for all authentication. Mandatory MFA for all internal system access.
TLS 1.3 for all data in transit. Perfect Forward Secrecy (PFS) enabled to prevent retroactive decryption.
We adhere to global standards to ensure your business remains compliant across all jurisdictions:
We only partner with infrastructure providers who maintain SOC2 Type II and ISO 27001 certifications. Major subprocessors include:
Continuous security monitoring is conducted via automated vulnerability scanners and annual third-party penetration tests. All system changes are logged and audited via immutable trails.
For DPA requests or security whitepapers, please reach out to our team:
security_ops@synapsebotnz.com