Security & Trust

• Encryption. Data is encrypted in transit (TLS) and at rest.
• Access control. Least-privilege, role- and attribute-based access (RBAC/ABAC) with access reviews.
• Architecture. A zero-trust approach with network segmentation, secrets management, and audit logging.
• Monitoring. Continuous monitoring with alerting and a defined incident-response process.
• Data minimization. We collect and retain only what is needed to deliver the service.

Our products and processes are designed to support customer compliance with frameworks including India's Digital Personal Data Protection Act (DPDP), GDPR, HIPAA, and PCI-DSS. Where a framework requires a formal certification or attestation, we will say so explicitly and provide the report on request; we do not claim certifications we do not hold.

For incidents that fall under India's CERT-In directions, we maintain processes to report qualifying cyber incidents within the required timelines (currently 6 hours of becoming aware).

We welcome responsible disclosure. If you believe you have found a security vulnerability in any SyloxLabs site or product, please email us at [email protected] with details and steps to reproduce. Please give us a reasonable window to investigate and remediate before any public disclosure. We will not pursue legal action for good-faith, non-disruptive research that respects user privacy and our systems.

A machine-readable contact is also published at /.well-known/security.txt.

How we collect, use, and share data is described in our Privacy Policy and Terms & Conditions. For privacy-specific questions, contact [email protected].