/ INFRASTRUCTURE — SECURITY
Our security posture is adversarial by default. Every layer of the Synapse.AI stack was designed assuming a nation-state-level threat model.
01
Our inference layer operates in an air-gapped environment with no direct public internet access. All external communication is mediated through hardened API gateways with rate-limiting, request signing, and anomaly detection. We segment our networks using a zero-trust architecture — no implicit trust based on network location.
02
Internal access to production systems follows strict principle-of-least-privilege. All privileged access requires hardware MFA and is logged immutably. Access reviews are conducted quarterly by an independent security team. No individual engineer can unilaterally access user data.
03
We maintain a public responsible disclosure policy and an active bug bounty program. Our internal security team conducts continuous penetration testing and threat modeling. Critical patches are deployed within 24 hours of confirmation. Third-party audits conducted biannually.
04
In the event of a confirmed security incident affecting user data, we commit to notifying affected users within 72 hours of confirmation, consistent with GDPR Article 33 requirements. Our incident response team operates 24/7 with defined escalation paths and pre-approved communication templates.
05
If you believe you've discovered a security vulnerability in our systems, please disclose it responsibly by emailing security@synapse.ai. We commit to acknowledging your report within 24 hours and will not pursue legal action against good-faith researchers who follow our disclosure guidelines.