Security Practices

SINAI Security Practices

Data security is our top priority at SINAI. We employ strict architectural concepts, practices, and controls to protect customer data and the integrity of SINAI’s Decarbonization Intelligence Platform. If you have any questions, please contact us at security@sinai.com.

SINAI has completed a SOC 2 Type 2 audit, confirming our adherence to one of the most stringent, industry-accepted compliance frameworks for service organizations.

This framework provides additional assurance to our customers, through an independent auditor, that our business process, information technology, and risk management controls are properly designed.

Data Privacy and Processing

SINAI's data privacy and processing practices are detailed in separate policies for our public website and our Decarbonization Intelligence Platform

Audits

SINAI services undergo periodic and targeted security assessments by internal staff and external security firms who perform regular audits of the platform to verify that our security practices are sound.

Security Controls

SINAI actively maintains strict technical and organizational measures to protect customer data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure. These measures include, but are not limited to:

Access logging. All access to SINAI systems is logged and monitored for unauthorized activity.

Access Management. Access to SINAI systems is granted on a least-privilege basis and regularly monitored by automated systems and manual reviews.

Host Management. We perform automated vulnerability scans on our production hosts and remediate any findings that present a risk to our environment. We enforce screen locks and the use of full disk encryption for company laptops.

Network Protection. In addition to system monitoring and logging, we have implemented two-factor authentication for all server access across our production environment. Firewalls are configured according to industry best practices, using AWS security groups.

Product security practices. All new features and significant changes in functionality go through a security review process. All code is audited with automated static analysis software, tested, and peer-reviewed prior to being deployed to production.

Intrusion Detection

The SINAI platform employs automated detection measures and immediately alerts our security team to any potentially unauthorized intrusions.

Security Logs

All SINAI systems log activity in order to enable security reviews and analysis. These logs are analyzed for security events via automated monitoring software and any anomalies are promptly investigated by engineering security staff.

Incident Management

SINAI maintains security incident management policies and procedures with periodic tests and staff training exercises. SINAI will notify impacted customers without undue delay of any unauthorized disclosure of their respective Customer Data by SINAI or its agents of which SINAI becomes aware to the extent permitted by law. 

Data Encryption

The SINAI platform uses industry-standard encryption products to protect Customer Data in transit and at rest. 

Reliability, Backup, and Business Continuity

SINAI is committed to providing a highly available and reliable service. Our staff tests disaster recovery measures regularly and has a 24-hour on-call team to quickly resolve unexpected incidents. SINAI performs regular backups, facilitates rollbacks of software and system changes when necessary, and replication of data as needed.

Deletion of Customer Data

SINAI will, following a contractual termination, delete, and ensure that all of its Affiliates and applicable third party hosting providers delete, all copies of customer data.

Confidentiality

SINAI maintains strict controls over employee access to customer data. The operation of the platform requires that some employees have access to the systems which store and process customer data, in cases such as customer service or troubleshooting requests. These employees are prohibited from using these permissions to view customer data unless it is necessary to do so. We have technical controls and audit policies in place to ensure that employee access to customer data is logged and limited to strict job function requirements. All of our employees and contract personnel are bound to our policies regarding customer data.

Personnel Practices

SINAI carefully conducts reference checks and character assessments for all employees before employment, and employees receive privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering security, availability, and confidentiality.

Infrastructure

SINAI uses infrastructure provided by Amazon Web Services, Inc. (“AWS”) to host or process Customer Data submitted to the SINAI platform. Information about security provided by AWS is available from the AWS Security website. Information about security and privacy-related audits and certifications received by AWS, including information on ISO 27001 certification and SOC reports, is available from the AWS Compliance website.

Disclosure Policy

If you think you’ve found a potential vulnerability, please let us know by emailing security@sinai.com and we will work with you to resolve the issue promptly. Please provide us with a reasonable amount of time to respond and resolve the issue before any further disclosure to outside parties. We also request that you make a good faith effort to avoid violating privacy, destroying data, or degrading SINAI services. Thank you for helping us to keep SINAI and our customers safe!

Request Demo