Trust & Security

Trust Center

How ZyncSpace protects your data - infrastructure, privacy, encryption, and AI practices for the chat product and our consulting delivery.

Last updated: March 2026

Trust is earned through transparency. As a startup building ZyncSpace Chat and enterprise consulting services, we publish our security posture openly - what we implement today, the standards we align with, and how we handle your data.

Infrastructure you can verify

Hosted on AWS with ISO 27001 and SOC 2 Type II certified facilities for physical security and redundancy.

Privacy by design

GDPR and India DPDP-aligned practices with Standard Contractual Clauses for cross-border data handling.

Your data stays yours

Zero training on customer content for LLMs, encryption in transit and at rest, and E2EE for real-time communication.

Security blueprint

Controls & standards

Baseline infrastructure and privacy policies, plus feature-specific protections for chat, AI, and encryption.

CategorySecurity policyTech standardDescription
BaselineAWS Cloud InfrastructureISO 27001 / SOC 2 Type II Data CentersPhysical security and infrastructure redundancy provided by AWS.
BaselineGDPR / DPDP ComplianceStandard Contractual Clauses (SCCs)End-to-end data privacy framework for global operations.
Feature-SpecificZero Data Training PolicyModel Isolation & Opt-outCustomer data is never used to train global LLM parameters.
Feature-SpecificEnd-to-End Encryption (E2EE)Signal / WebRTC ProtocolKeys are generated on-device; provider cannot access stream content.
Feature-SpecificEncryption at Rest & TransitAES-256 / TLS 1.3All objects encrypted before being written to disk.
Baseline

AWS Cloud Infrastructure

Tech standard ISO 27001 / SOC 2 Type II Data Centers

Physical security and infrastructure redundancy provided by AWS.

Baseline

GDPR / DPDP Compliance

Tech standard Standard Contractual Clauses (SCCs)

End-to-end data privacy framework for global operations.

Feature-Specific

Zero Data Training Policy

Tech standard Model Isolation & Opt-out

Customer data is never used to train global LLM parameters.

Feature-Specific

End-to-End Encryption (E2EE)

Tech standard Signal / WebRTC Protocol

Keys are generated on-device; provider cannot access stream content.

Feature-Specific

Encryption at Rest & Transit

Tech standard AES-256 / TLS 1.3

All objects encrypted before being written to disk.

Our commitments

  • We do not sell customer data to third parties.
  • We contractually prohibit using client prompts or documents to train public foundation models.
  • Security reviews and dependency scanning run in our CI/CD pipeline.
  • Data retention and deletion requests are honored per our Privacy Policy.