Privacy-first engineering
We design workflows to reduce unnecessary exposure of personal or sensitive data—separation of environments, clear boundaries, and documentation of what touches what.
Data handling
Security & data principles
Operational defaults for access, environments, and retention when we work with your systems.
Synaptic Four follows a practical and privacy-conscious approach designed to minimize unnecessary exposure to sensitive systems and data while enabling effective engineering collaboration.
Avoid direct personal data where possible
When the problem allows it, we work with pseudonymised, aggregated, or synthetic datasets rather than identifiable production copies.
Least privilege
Access is granted per role and per task. Shared credentials are avoided; service accounts are scoped narrowly and rotated when projects end.
Anonymised, synthetic, and test data
Development and demos prefer non-production data. If production-like data is required, that is explicit in scope and handling rules.
Customer-controlled infrastructure
We often work in your cloud, on-premise, or VPC—so data residency and operational control stay with you. Architecture choices are documented.
Operational security practices
MFA on critical accounts, patched tooling, and careful handling of secrets. We do not request broad admin access without a documented reason.
Minimal retention
Project artefacts and extracts are kept only as long as needed for delivery and agreed handover—then removed or returned per your policy.
Scoped and temporary access
Access is granted for defined tasks and periods—not standing broad production access by default. Credentials are rotated or revoked when work ends.
High-risk environments
Regulated health data, critical infrastructure, or strict isolation requirements may need additional technical and contractual safeguards. We scope these explicitly before work begins.
Sensitive data and additional agreements
Processing of personal data, health data, or regulated datasets may require a DPA, NDA, or project-specific security appendix. We align before work starts—not after.
These principles describe our working defaults—not a certification or legal compliance statement. Obligations depend on your jurisdiction and use case.
Related
Describe your environment—we outline a proportionate approach.