Security Statement

Get Synapse, Inc. (the “Company”),

701 Brazos St, Suite 1616 Austin, TX 78701O, USA,

General

Your trust is our most important asset. All customer data stored by the Company is protected by rigorous infrastructure and administrative procedures. To achieve the high levels of physical and data protection that today’s businesses require, the Company maintains a security environment that meets the requirements of most security-sensitive organizations as described herein.

PLEASE NOTE THAT THIS SECURITY STATEMENT APPLIES TO THE SERVICES AND INCORPORATES BY REFERENCE THE COMPANY’S TERMS OF USE.

Physical Security

The Services are hosted in accordance with industry best practices in secure data centers governed by Amazon Web Services (“AWS”) cloud hosting facilities. The data centers are highly secure and provide 24-hour physical security.

Data Encryption

Data at rest is encrypted using industry-standard encryption and are protected with HTTPS using transport layer security (TLS) technology to encrypt data transmissions.

Customer Data Separation

We offer two options. Private and Multi-Tenant. The default is for Multi-Tenant which means data is managed in a shared platform, but each customer has a unique tenant ID that prevents access to other tenants. The private option separates the data from all other clients.

Operations and Support

The Company has implemented policies and procedures designed to ensure that Customer Data is secure. Customer Data is accessed to the extent necessary to serve a customer support request. Only authorized members of the Company have access to Customer Data, and only with prior customer approval. From time-to-time, the Company may contract third-party security professionals to conduct network and application penetration testing to proactively find new attack vectors and security weakness. For more information please see our Terms of Use and Privacy Policy.

Backups

The Company systems are backed up regularly with backups stored off-site, using AWS services. Databases are backed up daily meaning that our Recovery Point Objective (RPO) is a maximum of 24 hours.

Integration with Other Services

The Services typically integrate with other vendor offerings; for example, we use the Filestack API to process and convert media assets; this data is treated the same way as any data directly processed by the Company’s Services. The Company also facilitates an API that enables a Customer to connect and/or integrate with third-party vendors at their own discretion.

User Authentication

We offer two options. The default is that each user in the Company’s Service environment has a unique username (i.e., their email address) with form-based authentication (username and password) and/or Google Authentication for example. At special request, a Customer can also request SAML2.0 SSO integration for compliance with and corporate authentication or identity management policies. In this case, the Company only issues a session cookie to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the username, password, or other confidential user and session information.

Certification

AWS has been certified by third-party organizations, and manages many compliance programs to comply with laws and regulations. A list of such certifications and compliance statements can be found at: https://aws.amazon.com/compliance.

Engagement

If a Customer finds a security issue with the Services or if a Customer is concerned or suspects that his or her account has been compromised, please contact us immediately at: security@getsynapse.com.

If we introduce what we consider is a significant change to this Security Statement, we will use reasonable efforts to notify you of that change by posting a notification to that effect within the Services. Also, when such a change occurs, we will amend the effective date as amended by such a change and the new version date at the bottom of this for this Security Statement..

© 2017 Get Synapse, Inc.

Last Updated: June 19, 2017