Cynapto

Industry-leading Security

Explore our measures to safeguard our customers and their data. Should you have further inquiries or seek additional details on our cutting-edge data security protocols, do not hesitate to contact us

Cynapto

Compliance and certifications

ISO 27001

ISO 27001 is an international standard for information security management systems. We have been certified according to this standard, since August 2017. This assures that our security practices, data safeguards, and risk management processes meet the highest standards and comply with industry best practices.

Data Privacy Practices

Cynapto complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the processing and transfer of personal data.

GDPR Compliance​

We know the role we have in protecting our customers’ privacy and personal data. That’s why we’ve appointed a Data Protection Officer to monitor our own compliance. Our DPO is available to our customers to discuss data privacy issues at [email protected]

Cynapto and HIPAA

There is no HIPAA certification for cloud service providers such as Cynapto. To meet HIPAA requirements, we align our HIPAA risk management program with ISO certification. Any customer who qualifies as a “Covered Entity” or “Business Associate” under HIPAA may use our platform without signing a Business Associate Addendum. We do not knowingly process, store, or transmit any protected health information (PHI) of our customers and users. If you would like to process, store, or transmit any PHI through our platform, you should contact us at [email protected]

Cynapto

Modern and secure infrastructure

Location

Cynapto uses ISO 27001-certified data center facilities.

Our services are provided from the Amazon Web Services infrastructure where we are hosting the data in EU Regions.

• AWS ISO27001 certification
• AWS Compliance

Physical Security

Cynapto uses ISO 27001-certified data center facilities and relies on the data center providers for physical access control matters.

Application audit logs

From the application layer perspective there is a detailed audit log of all activities which are performed in the system. The log is available via the application GUI and can be exported to csv/excel. By default audit logs are retained for a minimum of 6 months with the exception of deleted projects and/or teams. For deleted projects and/or teams the audit data is wiped off the face of the earth after 30 days.

Internal audit logs

Internally the audit logs from internal system components are collected in a separate environment with limited access only to authorized users. Depending on the log type, logs are retained from 6 months to several years.

Development environment

Our development and testing environments are hosted separately, with separate access control, completely isolated from the production environment.

We do have automatic integration tests, which check for system errors and bugs before making changes to the production environment. Integration tests are also used to identify security issues.

Session management

Sessions are managed server-side. Session management is implemented in core application code.

Reliability

Cynapto platform is built using a modern technology stack that embraces business continuity in multiple layers.

Current system availability is more than 99.9% and the reports on the system availability are available by visiting our Status page.

Cynapto

Data security

PI processing

Cynapto processes and stores a limited set of PI only to provide the user authentication and authorization process.
• Name
• Surname
• Email address
• IP address

Data handling

Removable media is prohibited and as all laptop and server hard drives are encrypted, data disposal is automatic in case the server or a laptop is not in use anymore. 99% of data is maintained in electronic formats and usage of removable media is not allowed in the company. Data is destroyed by physical means (old laptop HDDs) or with secure erasure procedures.

Data anonymization

Except for specific cases of advanced troubleshooting where we might need the actual data, all customer data is anonymized using a custom solution developed internally.

Data backups

Backups are created daily and the backup data is automatically used for full backup testing and restore, so we are always sure that in case of a disaster, it will be possible to restore the system to a running state from the backup. All backup procedures are documented and kept up-to-date.

HTTPS and HSTS for secure connections

Customers access Cynapto services through the Internet using the SSL functionality of their web browser. Communication is encrypted using up-to-date algorithms such as TLS1.2. Additionally, we use HSTS to ensure that users are allowed to interact with our application only over HTTPS.

Data integrity

Data integrity is ensured by built-in mechanisms in the core of the application and by the lower layers of infrastructure like database integrity checks and file system integrity. Regular snapshot and backup processes ensure that in the case of data corruption data can be restored to its original version.

Collected information

We collect information represented by authorized individuals who are registered or permitted by a Customer to access a Team’s Workspace and/or use the Services (the “Authorized Users”). For example, localization managers, CTOs, CPOs or external translators working on a translation project in the Team’s Workspace. Detailed and up-to-date information about collected data and types can be retrieved in our Privacy Policy

Cynapto access to customer data

Customer support and a limited number of members from our DevOps team might be able to get access to customer data for support and troubleshooting reasons.

Termination of contract

Upon termination of the agreement all customer data except parts which are required by law are deleted from our systems and databases. The process is automatic and documented in our internal procedures.

Data subject requests

Requests are handled manually. They can be submitted using in-application chat or directed to [email protected].

Cynapto

Corporate Security

Security team

Employee equipment is protected by an enterprise-grade antivirus solution.

Security Policies

Our security operations are aligned with ISO27001 principles and recommended processes. We have several processes in place and an extensive set of cybersecurity-related policies which help monitor security risks. Technical ones like log management, access management, and vulnerability scans, as well as continuous user education and assessment. 

Systems hardening

We use CIS guidelines for server/device and service hardening.

Malware protection

Cynapto has an internal Security team that covers all aspects related to IT Security. The Security team works closely together with the Legal department on compliance and data protection matters.

Performance and monitoring

We have several internal solutions in place that are used for monitoring our systems, application availability, and other critical parameters. We also have in place a solution that allows us to manage and monitor the performance of our application.

In addition to the above, we have implemented a log management tool and we are currently increasing our visibility by making sure that all critical logs are forwarded to the central tool.

Vulnerability management

There is an ongoing vulnerability and patch management process in place. Server operating systems are regularly patched and updated and we have multiple internal processes in place that help identify any potential vulnerabilities.

Internal risk management

Cynapto has implemented risk management as an ongoing process in its key business processes so it organically aligns with day-to-day operations. This approach is intended to align the entity’s strategy more closely with its key stakeholders, assist the organizational units with managing uncertainty more effectively, minimize threats to the business, and maximize its opportunities in the rapidly changing market environment.
Cynapto identifies the underlying sources of risk, measures the impact on organizations, establishes acceptable risk tolerance levels, and implements appropriate measures to monitor and manage the risks.

Third party risk management

To support the delivery of our services, Cynapto may engage and use data processors with access to certain Customer Data. This sub-processors page provides important information about the identity, location, and role of each Sub-processor.

We evaluate every third party with which we are going into a business relationship. Evaluation includes – such points as Ownership, country of residence, security attestations, data protection measures, previous incidents, etc.

Incident response

Cynapto has an established Incident Response policy.

If we identify that customer data was affected as the result of an incident we will inform the affected customers within 48 hours. The provided information will depend on a case-by-case basis.

All incidents can be reported to support at [email protected] or using the in-application chat functionality.

Human resources security

Cynapto has sound business ethics, which we maintain by hiring and retaining high-quality personnel. All employees know their responsibilities and roles in connection with information security and undergo regular security awareness training. That way, we minimize the risk of human error such as theft, fraud, and misuse of information assets.

Do you have a security concern you’d like to discuss with us, or do you want to report a vulnerability in Cynapto’s services? Please don’t hesitate to contact us at [email protected].

Generative AI Platform for high accuracy, rapid language localisation of video content.

Stay up to date and subscribe
to our newsletter