Security.
The full operational security posture lives at the Trust Center. This page is the engineering view.
Trust Center · Talk to a security solutions engineer
Defence in depth.
| Layer | Controls |
|---|---|
| Identity + access | SAML / OIDC / SCIM federation; MFA; per-request RBAC + ABAC; HSPD-12 / FIPS 201 / PIV for federal; just-in-time provisioning |
| Data — at rest | AES-256-GCM with FIPS 140-2/3 validated cryptographic modules; per-tenant envelope encryption with per-class DEKs |
| Data — in transit | TLS 1.3 with strong cipher suites only |
| Key management | TeamSync-managed by default; customer-controlled HSM-backed key custody for sovereignty workloads |
| Crypto-shred | Per-data-subject + per-class DEK destruction; NIST SP 800-88 cryptographic erase |
| Audit | Merkle hash chain on every event; per-day root cross-attested across regions and witness nodes |
| Network | Private networking by default; bastion-only admin; segregated network zones |
| Application | Memory-safe languages where possible; secure-by-default configurations; static + dynamic + dependency scanning in CI |
| Operations | Continuous monitoring; SIEM integration; documented incident response with target 24-hour notification |
| Personnel | Background screening per regulator; least-privilege admin; separation of duties |
Certifications + attestations.
See Trust Center / Certifications for the live list. Active certifications include SOC 2 Type II, ISO/IEC 27001:2022, ISO 27017, ISO 27018, HITRUST CSF, FedRAMP High, CSA STAR.
AI safety.
| Property | How it is engineered |
|---|---|
| Permissions-aware AI | RBAC + ABAC scoping every retrieval at request time; the model never sees what the user cannot see |
| Per-AI-event evidence | Every AI request emits a structured evidence card (model, prompt, retrieved chunks, reasoning trace, output, human-checkpoint outcome, anchored hash) |
| Bounded-autonomy agents | Agentic AI Workflow constrains agent tool surface via business rules; human-checkpoint gates per workflow design |
| No training on customer content | Customer corpus stays in tenant; models call at inference; contractual + architectural commitment |
| Cryptographic audit on AI | Merkle ledger anchors every AI event; replayable per request |
Responsible disclosure.
Email security@teamsync.example.com to report vulnerabilities. We acknowledge within 24 hours and communicate fix or mitigation timeline per the responsible-disclosure policy in Privacy.