Security & Disclosure
The security of our users' data is a top priority. We implement industry best practices to protect your information and maintain the integrity of our services.
Security Measures
- Encryption: All data transmitted over HTTPS/TLS 1.3
- Secure Infrastructure: Hosted on security-hardened servers
- Regular Updates: Automatic security patches and dependency updates
- Access Control: Principle of least privilege for all systems
- Monitoring: 24/7 security monitoring and intrusion detection
- Backups: Encrypted, daily backups with geographic redundancy
Data Protection
- Minimal data collection (privacy-first approach)
- No sale or sharing of user data
- Anonymized analytics data
- Secure session management
- GDPR and CCPA compliant
Responsible Disclosure Policy
We welcome reports from security researchers and the security community. If you discover a security vulnerability, please report it responsibly.
How to Report
- Email: security@syntelligo.com
- Include detailed information about the vulnerability
- Provide steps to reproduce (if applicable)
- Allow us reasonable time to respond before public disclosure
What to Expect
- Acknowledgment within 48 hours
- Regular updates on our progress
- Credit in our security advisories (if desired)
- Recognition in our Hall of Fame
Scope
In-scope vulnerabilities:
- SQL injection, XSS, CSRF
- Authentication/authorization bypasses
- Remote code execution
- Sensitive data exposure
- Server-side request forgery (SSRF)
Out-of-scope:
- Social engineering attacks
- Physical attacks
- DDoS attacks
- Reports from automated scanners without verification
- Issues in third-party services
Security Best Practices for Users
- Use strong, unique passwords
- Enable two-factor authentication (if available)
- Keep your browser up to date
- Be cautious of phishing attempts
- Report suspicious activity
Compliance
- GDPR (EU General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- ISO 27001 principles
Last updated: January 28, 2026