Security
Security is not a feature. It is the foundation.
SynthVault was architected for environments where a single exposed record is a reportable event. Every layer — infrastructure, data handling, and privacy math — is built to that standard.
Audited. Certified. Contractual.
SOC 2 Type II
Certified
HIPAA BAA
Available
GDPR DPA
Available
ISO 27001
In Progress
Your data is never our data.
SynthVault's architecture makes retention impossible by default. Source data flows through ephemeral compute and is gone the moment the job completes.
- ✓Zero persistence — source data never persists in SynthVault infrastructure; cloud deployments use ephemeral containers.
- ✓On-premise deployment — SynthVault runs entirely within your VPC or data center.
- ✓Zero-training policy — customer data is never used to improve base models. Contractually guaranteed.
- ✓Audit logs — immutable, exportable, with 7-year retention.
Privacy you can prove, not just promise.
Differential Privacy
Configurable epsilon-delta budgets applied during training, with per-dataset accounting and spend tracking.
K-Anonymity & L-Diversity
Automated testing against anonymity thresholds, with failures flagged before export is permitted.
Membership Inference Resistance
Every dataset is attacked before release. If an adversary can tell who was in the training set, it doesn't ship.
Attribute Disclosure Testing
We measure whether sensitive attributes can be inferred from synthetic records — and report the bounds.
Automated Privacy Reports
Every generation job produces an exportable privacy report your compliance team can file directly.
Full Lineage
Synthetic-to-source mapping and reproducibility logs for every record batch ever generated.
Enterprise-grade from the metal up.
AWS / GCP / Azure
Deploy in your preferred cloud region, or bring SynthVault fully on-premise behind your own firewall.
VPC Peering & Private Link
Traffic never touches the public internet. Private connectivity between your VPC and SynthVault control plane.
AES-256 + TLS 1.3
Encryption at rest and in transit, with customer-managed keys available on Enterprise plans.
Quarterly Penetration Testing
Independent third-party firms test the platform every quarter. Executive summaries available under NDA.
Read the full security whitepaper.
Architecture, threat model, DP implementation, and audit methodology — 24 pages, written for CISOs.
Security inquiries: security@synthvault.io