Security Statement

1. Data Protection

• Encryption: All data handled by Sync Stream is encrypted in transit using secure protocols (e.g., TLS 1.2/1.3) and, where applicable, encrypted at rest.
• Minimal Storage: Our philosophy is to store the absolute minimum client data necessary for operations. We temporarily log automation execution data for debugging and service reliability, which is securely deleted after a short retention period. We actively avoid storing sensitive client data wherever possible.
• Secure Backups: We maintain daily encrypted backups of essential data using AWS, with all data stored exclusively within Australia to ensure data sovereignty.

2. Secure Access Management

• Role-Based Access Control (RBAC): Access to client data and internal systems is strictly limited to authorised personnel based on their roles.
• Multi-Factor Authentication (MFA): All accounts accessing our infrastructure are secured with MFA to prevent unauthorised access.
• Client Access: We ensure that clients have control over their own credentials and data access, using token-based authentication whenever possible.

3. Infrastructure and Monitoring

• Tech Stack Security: We use a carefully selected stack, including
  • Coolify and Beszel for server and application control, with restricted access and regular updates.
  • Vultr for server hosting located in Australia. The environment is protected by firewalls that enforce strict access control rules to prevent unauthorised network traffic.
• Monitoring and Alerts: Tools like Beszel for server and PostHog for web applications to ensure continuous monitoring of server health and uptime.
• Automated Alerts: We maintain automated alerts to flag anomalies or downtime, enabling rapid response to potential threats.

4. Third-Party Integrations

• We use reputable third-party apps like Google Workspace (e.g., Drive, Sheets) and Outlook, all of which comply with industry security standards.
• We use services from industry-leading, reputable providers. Our AI capabilities are powered by enterprise-grade models from Microsoft Azure and Google Cloud Platform (GCP), including their Gemini models and open-source offerings.
• All third-party services are vetted for compliance with GDPR, Australian Privacy Act, and other relevant frameworks to protect client data.
• Some ancillary services, such as authentication logs, monitoring, or encrypted credential storage, may be processed by industry-leading third-party providers outside Australia.

5. Employee Training and Awareness

• Cybersecurity Training: All team members undergo regular training on secure data handling, recognising phishing attempts, and other cyber threats.
• Role-Based Access Control (RBAC): Access to our internal systems is governed by the principle of least privilege. Team members, including engineers and delivery managers, are only granted the specific access required to perform their roles.
• Mandatory MFA: To prevent unauthorised access, all internal accounts and infrastructure controls are secured with mandatory Multi-Factor Authentication (MFA).
• Clear Protocols: Internal protocols are in place for securely managing client information and responding to security incidents.

6. Incident Response

• Proactive Monitoring: Our systems are designed to detect and report suspicious activity in real-time.
• Incident Handling: In the unlikely event of a breach, we follow a structured incident response plan
  • Immediate containment and resolution.
  • Transparent communication with affected clients.
  • Root cause analysis and preventive measures.

7. Continuous Improvement

• Regular Audits: We conduct internal security reviews and update our practices in response to evolving threats.
• Client Feedback: We welcome client input on security practices and incorporate suggestions to enhance our approach.
• Secure Development Practices: Our automations and workflows follow OWASP guidelines to ensure a secure codebase.

At Sync Stream, we strive to build trust through transparency and a strong commitment to security. If you have any questions or require specific details about our practices, please contact us at hello@syncstream.com.au