Legal

Security Policy

Last updated: January 2025

1. Our Commitment to Security

At Syntax & Sense, security is foundational to everything we build. We implement industry-standard security practices to protect your data, applications, and infrastructure from threats.

2. Infrastructure Security

All production environments hosted on AWS / Google Cloud with SOC 2 compliance
Data encrypted at rest (AES-256) and in transit (TLS 1.3)
Regular infrastructure vulnerability scanning and patching
DDoS protection and Web Application Firewall (WAF) in place
Automated backups with geo-redundant storage

3. Application Security

Secure Software Development Lifecycle (SSDLC) practices
OWASP Top 10 vulnerability prevention in all applications
Code reviews and static analysis on every pull request
Dependency vulnerability scanning (Snyk / Dependabot)
Input validation, output encoding, and parameterized queries
Regular penetration testing by third-party security firms

4. Access Control

Role-based access control (RBAC) enforced across all systems
Multi-factor authentication (MFA) required for all team members
Principle of least privilege for system and data access
Regular access reviews and immediate revocation upon offboarding
Audit logging for all administrative and data access actions

5. Data Protection

Personal data processed in compliance with GDPR and applicable privacy laws
Data classification and handling procedures in place
Secure data deletion upon project completion or client request
Non-disclosure agreements with all team members and contractors

6. Incident Response

We maintain a documented incident response plan that includes:

24/7 monitoring and alerting for security events
Defined escalation procedures and response team
Client notification within 72 hours of confirmed data breaches
Post-incident analysis and remediation tracking

7. Employee Security

Background checks for all employees handling sensitive data
Mandatory security awareness training upon onboarding and annually
Secure development training for engineering team
Clean desk and screen-lock policies enforced

8. Vulnerability Disclosure

If you discover a security vulnerability in our systems, please report it responsibly to security@syntaxsense.com. We appreciate the security community's help in keeping our systems safe and will acknowledge valid reports promptly.

9. Contact

For security-related inquiries, contact our security team at security@syntaxsense.com.

3. Application Security

Secure Software Development Lifecycle (SSDLC) practices

OWASP Top 10 vulnerability prevention in all applications

Code reviews and static analysis on every pull request

Dependency vulnerability scanning (Snyk / Dependabot)

Input validation, output encoding, and parameterized queries

Regular penetration testing by third-party security firms

4. Access Control

Role-based access control (RBAC) enforced across all systems

Multi-factor authentication (MFA) required for all team members

Principle of least privilege for system and data access

Regular access reviews and immediate revocation upon offboarding

Audit logging for all administrative and data access actions