Data Privacy and Security

Secure by design. Contained within AWS.

Why it matters

All customer data lives exclusively inside the AWS ecosystem with encryption at every layer, tenant isolation at the database, and zero third-party services in the data path, including AI inference.

AES-256

Encryption standard

0

Third-party SaaS in data path

100%

Infrastructure as code

Deny

Default access model

  • Encrypted at rest & in transit

    • At rest: Aurora PostgreSQL, S3, ElastiCache, and Secrets Manager all use AES-256 via AWS KMS with configurable customer-managed keys.
    • In transit: TLS 1.2+ at the ALB; internal traffic stays within a private VPC via VPC Endpoints. No data traverses the public internet.

  • AI inference stays in AWS

    • LLM inference runs via AWS Bedrock (Anthropic Claude), entirely within the customer's AWS account. No external API calls, no API keys, IAM-authenticated only. Every invocation is logged to CloudWatch and S3 for a complete audit trail.

  • Schema-per-tenant isolation

    • Each customer receives a dedicated PostgreSQL schema. No shared tables. Access is enforced by a JWT claim (custom:schemas) verified by the ALB before reaching the application. No claim = zero access (deny-by-default).

  • Network isolation & least privilege

    • Compute and databases run in private subnets with no public IPs. AWS services reached via VPC Endpoints (Private Link). All IAM roles are Terraform-provisioned with scoped permissions. No standing admin access for workloads.

  • SSO-ready & OIDC / SAML 2.0

    • Built on Keycloak (OIDC + SAML 2.0 broker). Federate with Microsoft Entra ID, Okta, Google Workspace, or any standards-compliant IdP. Configuration only, no code change. Operator access via AWS IAM Identity Center.

  • IAC & compliance alignment

    • 100% Terraform-managed. All infrastructure is version-controlled and peer-reviewed. CI/CD uses OIDC federation (no long-lived AWS credentials). Architecture aligns with SOC 2 and ISO 27001 controls.

Ready to Get Started?

See how Sygnal One can transform your logistics visibility. Schedule a personalised demo with our team.

Contact us