This page covers platform security
Everything here is about how we protect your data and run the platform — infrastructure, compliance, access and resilience.
Security & data protection
Synap is ISO/IEC 27001:2022 certified, GDPR compliant, and built on hardened, resilient infrastructure. Your data stays yours — never sold, shared, or used to train AI.
Independently verified
ISO 27001
Certified to the 2022 standard
GDPR
Compliant, plus global privacy laws
99.9%
Uptime SLA
EU & US
Regional AWS hosting
Certifications
Synap holds ISO/IEC 27001:2022 certification for our Information Security Management System, independently audited with annual surveillance audits. We use Vanta to monitor our security controls continuously, not just at audit time.
“The development, operation and support of the delivery of the Synap online assessment platform.”
Request our ISO certificate, penetration test summary, policies and more from the Trust Center.
Data ownership
You keep full control of your content and candidate data. Synap is a processor acting on your instructions — nothing more.
All content and candidate data on your portal belongs to you, and never to Synap.
We never sell or share your data, and we never use it to train AI models.
Keep data in the EU or US, export it at any time, and request erasure on demand.
Compliance & privacy
GDPR is our primary framework, and our data-protection practices are designed to meet its equivalents worldwide. For education customers, we support FERPA obligations.
A Data Processing Agreement is available on request, and we keep a deliberately limited, vetted list of subprocessors.
Infrastructure & resilience
Synap runs on AWS with a security-first architecture and the resilience to handle exam-day peaks.
Hosted on Amazon Web Services with regional options in the EU and US.
Private VPCs and NAT gateways keep systems off the public internet, on minimal, regularly patched runtimes.
TLS 1.2+ in transit and AES-256 at rest.
A 99.9% SLA as standard, with automated scaling for high concurrency and enhanced SLAs for critical periods.
Continuous backups with tested restores, across multiple availability zones and regions.
Round-the-clock automated monitoring, backed by worldwide business and cyber insurance.
Track live availability on our status page. View status
Security practices
The controls behind the platform. Full detail is available in our Trust Center.
Everything your security and procurement teams need, in one place.
Request our ISO certificate, penetration test summary, policies and security controls.
Open Trust CenterOur DPA for compliant processing of personal data.
View DPAOur current list of vetted third-party subprocessors and how we manage them.
View subprocessorsHow we handle personal data across the platform.
Read policyOur security measures: encryption, access controls and ongoing assessment.
Read policyLive platform availability and incident history.
View statusLooking for exam security?
Everything here is about how we protect your data and run the platform — infrastructure, compliance, access and resilience.
For the controls that keep a specific exam fair and cheating-free — lockdown, proctoring, randomisation, passcodes and more — see assessment security.
Security review
Send us your security questionnaire, or book a call and we will walk your IT and compliance teams through our certifications, hosting and controls.
FAQs
Find quick answers or browse our academy .
Can't find your answer?
Book a security review, or explore our Trust Center for certifications, policies and controls.