Security
How Synthreo keeps your clients' data secure
The short version: model calls run with Zero Data Retention, Synthreo never trains models on your data, and every client lives in an isolated tenant on Azure. The rest of this page is what that means in practice, and why it holds up better than the consumer AI tools your clients already use.
Model Calls
What happens to a prompt after your client hits send?
Every model call runs with Zero Data Retention. The prompt goes to the model, the answer comes back, and the provider stores nothing. No prompt logs, no reuse, no training corpus quietly absorbing your clients' contracts and ticket histories.
Protection runs in two layers. The retrieval pipeline sends models only the relevant, structured slices of a document, never the whole file. The model layer then runs on Azure with Zero Data Retention, so even that slice is gone the moment the answer returns.
Training
Does Synthreo train AI models on your data?
No. Synthreo does not train or fine-tune AI models, on your data or anyone else's. The platform works through retrieval, prompting, and data transformation over publicly available models. Your data makes answers accurate in the moment; it never becomes part of a model.
That distinction matters in a compliance review: there is no derived model to audit, no training set to purge, and no question about where a client's data ended up.
The Comparison
Why the platform is safer than consumer AI tools
Your clients' teams already paste work into consumer AI chat tools on personal accounts. Those sessions run outside the environment you manage: unknown retention terms, no visibility, no offboarding, and knowledge work walking out the door one prompt at a time.
Synthreo replaces that with a workspace the administrator controls. You decide which models are available, who has access, and what each connected system is allowed to do. Sensitive agent actions wait for human approval instead of running unchecked. Usage is visible per tenant, so "who is using AI for what" has an answer.
Isolation
How client data stays isolated
-
Tenant isolation by design
The platform was built multi-tenant from day one, not adapted from a single-user product. Each client is a separate tenant with its own users, data, and configuration, enforced at the platform level.
-
Scoped sharing, traceable access
Agents, contexts, and sensitive data are shared by explicit rule, per client or per person, with a trace view that answers exactly why a given user can reach a given resource.
-
Per-tenant model control
Model availability is set per tenant. A client that must keep inference in country can be locked to in-country models with one audited setting.
Governance
The controls a compliance conversation asks about
-
Identity that holds
Multi-factor authentication is mandatory for every account, not optional. Single sign-on can be enforced per client, with automatic user provisioning tied to the client's own identity provider.
-
Human approval on risky actions
Agents pause and ask before sensitive actions run. Denying an action does not break the session; the agent works around it or asks what to do instead.
-
Boundaries you can show
Role-based access per application, per-run cost and step limits on agents, and audit logging on security-relevant changes give you a governance story you can hand to a compliance team instead of a promise.
Proof
Verify it yourself
Synthreo publishes its security posture, policies, and monitoring status in a live Trust Center. For anything a questionnaire needs that the Trust Center does not answer, ask us directly.
FAQ
Frequently asked questions about Synthreo platform security
Is Synthreo secure for client data?
Yes. The platform runs on Azure with Zero Data Retention on model calls, so prompts are never stored by the model provider. Tenant isolation is enforced at the platform level, multi-factor authentication is mandatory, and sensitive agent actions require human approval.
Does Synthreo train AI models on customer data?
No. Synthreo does not train or fine-tune models on customer data. The platform uses retrieval, prompting, and data transformation over publicly available models, so client data improves answers in the moment without ever entering a model.
What is Zero Data Retention on model calls?
Zero Data Retention means the model provider stores nothing after a call completes: no prompt logs, no responses, no reuse for training. Synthreo runs model calls on Azure with Zero Data Retention as the default, not an upgrade.
Why is a managed AI workspace safer than consumer AI tools?
Consumer AI tools run on personal accounts outside your control, with unknown retention and no offboarding. A managed workspace puts every session inside an environment the administrator controls: chosen models, scoped access, approval on sensitive actions, and per-tenant usage visibility.
Can a client require AI inference to stay in their country?
Yes. Canopy has a per-tenant country-lock setting for LLM inference. When it is on, only in-country model bindings are available to that client, cross-border models are hidden, and turning the lock off is an audited action.
Bring your security questionnaire.
30 minutes, your compliance questions, straight answers.