Get Synapse, Inc. (the “Company”),
410 Adelaide Street West, Suite 610, Toronto ON, M5V 1S8
Your trust is our most important asset. All customer data stored by the Company is protected by rigorous infrastructure and administrative procedures. To achieve the high levels of physical and data protection that today’s businesses require, the Company maintains a security environment that meets the requirements of most security-sensitive organizations as described herein.
The Services are hosted in accordance with industry best practices in secure data centers governed by Amazon Web Services (“AWS”) cloud hosting facilities. The data centers are highly secure and provide 24-hour physical security.
Data at rest is encrypted using industry-standard encryption and are protected with HTTPS using transport layer security (TLS) technology to encrypt data transmissions.
Customer Data Separation
We offer two options. Private and Multi-Tenant. The default is for Multi-Tenant which means data is managed in a shared platform, but each customer has a unique tenant ID that prevents access to other tenants. The private option separates the data from all other clients.
Operations and Support
The Company systems are backed up regularly with backups stored off-site, using AWS services. Databases are backed up daily meaning that our Recovery Point Objective (RPO) is a maximum of 24 hours.
Integration with Other Services
The Services typically integrate with other vendor offerings; for example, we use the Filestack API to process and convert media assets; this data is treated the same way as any data directly processed by the Company’s Services. The Company also facilitates an API that enables a Customer to connect and/or integrate with third-party vendors at their own discretion.
We offer two options. The default is that each user in the Company’s Service environment has a unique username (i.e., their email address) with form-based authentication (username and password) and/or Google Authentication for example. At special request, a Customer can also request SAML2.0 SSO integration for compliance with and corporate authentication or identity management policies. In this case, the Company only issues a session cookie to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the username, password, or other confidential user and session information.
AWS has been certified by third-party organizations, and manages many compliance programs to comply with laws and regulations. A list of such certifications and compliance statements can be found at: https://aws.amazon.com/compliance.
If a Customer finds a security issue with the Services or if a Customer is concerned or suspects that his or her account has been compromised, please contact us immediately at: firstname.lastname@example.org.
If we introduce what we consider is a significant change to this Security Statement, we will use reasonable efforts to notify you of that change by posting a notification to that effect within the Services. Also, when such a change occurs, we will amend the effective date as amended by such a change and the new version date at the bottom of this for this Security Statement..
© 2017 Get Synapse, Inc.
Last Updated: June 19, 2017