Security

The privacy and security of our customers’ data is our number one priority ⭐

System Architecture

To increase stability, performance and security, our system architecture is based on an n-tier architecture with multiple layers of protection, including encryption, network configuration, and application-level controls distributed across a scalable, secure infrastructure.

Application Security Testing

Our security team performs automated and manual application security testing on a regular basis to identify and patch potential security vulnerabilities and bugs on our application.

WAF

Aside from complex network level firewalls, we use AWS WAF web application firewalls (WAF) to protect the Synkwise web application against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. AWS WAF gives the control over how traffic reaches the application by creating security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site scripting.

HIPAA Compliance

We understand the sensitivities and the seriousness associated with keeping patient healthcare data private and secure and that’s why we have looked into details of all administrative, physical and technical safeguard specifications with fine precision, mitigating all HIPAA requirements to safeguard our customers’ data, individuals’ protected health information (PHI) and electronic protected health information (ePHI).

See our HIPAA Compliance Statement

PCI-DSS Compliance

The processing of our payments in our application rely on Stripe service which processes Credit Card payments and is PCI-DSS. We do not store any Credit Card information.

Advanced Security Controls

In addition to all the security measures we take to ensure the highest level of security and privacy for all our users and their data, we provide the administrators certain security tools and features to have more controls over the protection of their data.

  • Access Logging: Detailed access logs are available for administrators. We log every time an account signs in, noting the type of device used and the IP address of the connection.
  • Block Accounts: We make it easy to block an account in the event that they’re no longer part of your organization or in any kind of emergency situations or data breach.
  • Business Associate Agreement (BAA): We sign BAA with customers who need a BAA in order to comply with the Health Insurance Portability and Accountability Act (HIPAA).

Responsible Disclosure Policy

Our number one priority is the privacy and security of our customers’ data. To excel at this, we welcome the vital role that security researchers play in keeping systems and data safe. To encourage the responsible reporting of potential security vulnerabilities, the security team is committed to working with the community to verify, reproduce and respond to legitimate reports. If you believe you’ve identified a potential security vulnerability, please report it to us right away. We will investigate all legitimate reports and do our best to quickly address the problems.

Please email your report to security@synkwise.com