Security at Synapsi

All traffic between your devices and Synapsi is encrypted in transit with TLS 1.2+. Your Content and account data are encrypted at rest. Recordings are uploaded over encrypted connections directly to our storage layer.

Synapsi runs on managed cloud infrastructure with isolated environments for production and development. Our database is hosted on Supabase (managed Postgres) with row-level access scoped to each user. We do not run our own physical servers.

• Least-privilege access: engineers only get the access their role requires.
• Administrative access requires multi-factor authentication.
• Access to production data is logged and reviewed.

Accounts are protected by Supabase Auth. Sessions use short-lived access tokens with automatic refresh, so a leaked token has a small window of validity. We support email/password today and are adding passkeys and SSO for institutions.

Speech-to-text and language-model processing run through vetted providers under data-processing agreements that prohibit training on your data. Each provider sits behind an internal port so we can swap or remove one without changing how your data is handled.

If you find a vulnerability, please email security@synapsi.app with steps to reproduce. We'll acknowledge within two business days, keep you updated, and credit you once the issue is resolved. Please don't access other users' data or degrade the Service while testing.