Security and compliance, built in from day one.
Trust isn't a feature we added — it's the foundation Symphia is built on. Here's how we protect your data, isolate your tenant, and keep every agent accountable.
Trust pillars
How we keep your data and customers safe
The controls below are on by default for every workspace — not premium add-ons.
Data protection
Data is encrypted in transit and at rest. Access is governed by least-privilege controls, and we never use your customers' conversation content to train shared foundation models.
Tenant isolation
Each workspace's data is logically isolated. Access is scoped per tenant so one customer's data is never reachable from another's session.
Scoped secrets
Credentials used to call your systems are stored encrypted and scoped to the workspace that owns them — never exposed to other tenants or to less-privileged sessions.
Content moderation
Every conversation passes through moderation and journey guardrails that keep the agent on-script, on-brand, and within the boundaries you set.
Audit logging
Configuration changes and agent actions are recorded as an auditable trail — who changed what, when — so operators always have answers.
Subprocessors
We work only with subprocessors necessary to run the service, each bound by contractual data-protection obligations. A current list is available on request.
Responsible disclosure
Found something? We want to hear it.
We believe security is a partnership. If you discover a vulnerability, report it to our team and we'll acknowledge it promptly, investigate, and keep you informed through resolution. We don't pursue researchers who act in good faith.
- Prompt acknowledgment of every report
- Clear scope and safe-harbor for good-faith research
- Coordinated, transparent remediation timelines
- Responsible incident disclosure to affected customers
Report vulnerabilities to security@symphia.ai
Sensitive details can be shared encrypted — request our key in your first message.