Trust Center
Security
Access Management
Sylvan Labs adheres to the principles of least privilege and role-based permissions when provisioning access; employees are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities.
Sylvan Labs employs multi-factor authentication for access to internal systems, including VPN requirements for engineers connecting to the application environment
Encryption
Sylvan Labs encrypts data using industry standard protocols
Data in transit is encrypted using TLS 1.2 or higher
Data at rest is encrypted using AES-256.
Key management is in place for production services
Endpoint Security
All workstations issued to Sylvan Labs personnel are configured by Sylvan to comply with our standards for security.
These standards require all workstations to be properly configured, updated, and tracked and monitored by Sylvan Labs’ endpoint management solution.
Sylvan Labs' default configuration sets up workstations to encrypt data at rest, have strong passwords, and lock when idle.
Workstations run up-to-date monitoring software to report potential malware.
Network Security
Sylvan Labs uses Google Cloud Platform for its infrastructure hosting, and makes use of Google Cloud Armor to protect against web attacks
System Monitoring and Alerting
Sylvan Labs implements continuous monitoring of its infrastructure and application to ensure optimal availability. Issues are automatically identified and alerted to the appropriate team members, to ensure quick response and remediation.
Penetration Testing
Sylvan Labs engages independent entities to conduct application-level and infrastructure-level penetration tests annually
Results of these tests are prioritized and remediated in a timely manner
Disaster Recovery and Business Continuity Plan
Sylvan Labs utilizes services deployed by its hosting provider to distribute production operations across regions. These distributed areas protect Sylvan Labs' service from loss of connectivity, power infrastructure, and other common location-specific failures.
Sylvan Labs performs daily backups and replication for its core database and supports restore capability to protect the availability of Sylvan Labs' service in the event of a site disaster affecting any of these locations.
Incident Response Plan
Sylvan Labs has established policies and procedures for responding to potential security incidents.
All security incidents are managed by Sylvan Labs' dedicated Incident Response Team. The policies define the types of events that must be managed via the incident response process and classifies them based on severity.
In the event of an incident, affected customers will be informed in a timely manner. Incident response procedures are tested and updated at least annually.
Data Privacy
Data Sharing and Processing
Sylvan Labs follows GDPR and CCPA guidelines to ensure data protection obligations to its customers. This includes only collecting, processing, and storing customer data in compliance with these obligations and providing customers the right to access or delete it at any time.
Data Retention and Disposal
Sylvan Labs maintains a record retention schedule that complies with legal, regulatory, and operational requirements.
Sylvan Labs performs safe and secure disposal of electronic and paper records, taking into consideration the confidential and sensitive nature of any customer data.
Third-party Vendor Management
Sylvan Labs has established agreements that require sub processors to adhere to confidentiality commitments and take appropriate steps to ensure a proper security posture is maintained.
Sylvan Labs monitors these sub processing vendors by conducting reviews of their controls before use and at least annually.
