1. Purpose
This statement describes how Synphoria protects user data and infrastructure and complements the Privacy and Safeguarding policies.
2. Security governance
- Security-by-design product development.
- Least-privilege access and separation-of-duties controls.
- Security and confidentiality guidance for personnel.
3. Encryption and transport
Synphoria uses encryption in transit and evidence-bound at-rest protections for sensitive systems. Private message-content encryption claims are tied to the current private-content encryption rollout, key governance, and verification evidence.
4. Key management and controlled decryption
Private Sofia/Mark conversation and Memory content is not treated as routine admin-readable material. Non-owner raw access is restricted to the documented break-glass security-root path, requires fresh MFA/passkey step-up, reason, scope, retention, and audit evidence, and is not available to employer, company, reseller, content, or normal admin roles.
5. Access controls
- Role-based access for internal/admin tooling.
- MFA for privileged operations where appropriate.
- Prompt onboarding/offboarding access lifecycle controls.
6. Monitoring and auditability
Security and safeguarding events are logged with minimization principles to support detection, investigation, and compliance accountability.
7. Secure development and vulnerabilities
Synphoria applies code review, dependency hygiene, environment separation, and periodic security testing to reduce risk.
8. Data minimization and retention
We collect and retain only what is necessary for operations, security, and legal obligations, with deletion/anonymization controls where feasible.
9. Third-party risk and incident response
Providers are vetted and contractually governed. Incident response includes triage, containment, remediation, notifications where required, and post-incident review.
10. User account safety guidance
- Use a strong unique password.
- Keep device security and updates enabled.
- Report suspected unauthorized access immediately.
Security contact: security@synphoria.app