Governance & Security
Every AI action governed, audited, and approved. Zero black boxes, zero surprises.
Synorix 5-Layer Policy Engine
Policies cascade from global to twin level — lower layers can restrict but never override upper layers
Global Rules
6 immutable never-do rules that cannot be overridden by any tenant, admin, or configuration change.
Company Policy
Company-wide settings: max confidence levels, language restrictions, response length limits.
Department Policy
Department-specific allowed/restricted actions, confidentiality tiers, twin capabilities.
Twin Policy
Individual twin behavior rules: specific never-do additions, response templates, escalation triggers.
Session Policy
Runtime context-aware overrides: ephemeral rules applied per conversation session, auto-expire after session ends.
Security Architecture
Prompt Injection Defense
Multi-layer detection prevents LLM manipulation attempts
Cross-Tenant Isolation
RLS + JWT ensures Company A never sees Company B data
Confidentiality Tiers
5-level classification with automatic PII redaction
Adversarial Testing
15-category attack suite with nightly drift detection
Immutable Audit Trail
Every action logged in append-only tables — DELETE blocked at DB level
Human-in-the-Loop
Critical actions require human approval through multi-step workflow
Compliance
| Framework | Status | Detail |
|---|---|---|
| GDPR | Compliant | Data processing agreements, consent management, DSAR API |
| KVKK | Compliant | VERBİS registration, explicit consent, data localization |
| SOC 2 Framework | In Progress | Audit trail, access controls, encryption at rest |
| ISO 27001 Roadmap | Planned | Information security management system alignment |
See Governance in Action
Start a free demo and explore the full audit trail, restricted action pipeline, and policy engine.
Start Free Demo