Skip to main content
Sylvara.ai
Sylvara.ai
AI Automation Services

Security Policy

SECTION 1 - OVERVIEW
  1. Last Updated: 2/3/2025
  2. At Sylvara.ai (“Company,” “we,” “our,” or “us”), we take data security and privacy seriously. Our AI automation services integrate multiple platforms to deliver customized automation solutions. We primarily store client data in Zoho CRM, while automation workflows are executed using Make.com and other third-party platforms based on each client’s unique requirements.
  3. This Security Policy outlines how we safeguard client information, maintain compliance with industry standards, and ensure the integrity of our AI-powered automation solutions.
SECTION 2 - COMPLIANCE & REGULATORY STANDARDS
  1. We align our security measures with industry-leading frameworks and regulations, including:
    • General Data Protection Regulation (GDPR)
    • California Consumer Privacy Act (CCPA)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • ISO/IEC 27001 & 27701 (Information Security & Privacy Management Standards)
    • SOC 2 & SOC 3 Compliance
    • NIST Cybersecurity Framework
  2. Since our solutions integrate multiple platforms, each third-party tool may have its own security and compliance measures. We only work with trusted software providers that meet industry security standards.
SECTION 3 - DATA SECURITY & ENCRYPTION
  1. Data Stored in Zoho CRM
    1. We use Zoho CRM as the primary customer relationship management system, where we securely store:
      • Client contact information
      • Project details
      • Automation workflow configurations
      • Business process documentation
    2. Zoho CRM provides:
      • AES-256 encryption for data at rest
      • TLS 1.2+ encryption for data in transit
      • Role-Based Access Control (RBAC) to limit access to sensitive data
      • Zoho Vault for credential and API key management
      • Multi-Factor Authentication (MFA) for all system logins
  2. Automation Execution via Make.com & Third-Party Platforms
    1. Automation workflows are executed via Make.com, which integrates with various platforms like:
      • Google Cloud / AWS / Microsoft Azure (for cloud processing)
      • Slack, Microsoft Teams, WhatsApp, Email APIs (for communication automation)
      • Zapier, Power Automate, and API-based tools (for workflow execution)
      • Accounting, HR, and ERP platforms (as required by each client)
    2. While we do not store client data on Make.com, the platform temporarily processes workflow-related data. Make.com applies:
      • Data encryption for API connections
      • GDPR and SOC 2-compliant security
      • Tokenized authentication for third-party software
      • Limited data retention policies to prevent long-term storage of sensitive information
  3. Client-Specific Security Configurations
    1. Since every project involves different software tools, we customize security configurations per client request, including:
      • OAuth 2.0 authentication for API integrations
      • Token expiration policies for session security
      • Encryption key management for sensitive transactions
      • Cloud-based access control for third-party systems
SECTION 4 - ACCESS CONTROL & AUTHENTICATION
  1. To prevent unauthorized access to client data:
    1. Role-Based Access Control (RBAC) is enforced across Zoho CRM, Make.com, and integrated platforms.
    2. Multi-Factor Authentication (MFA) is required for all admin and user logins.
    3. IP Whitelisting & Device Restriction: Sensitive automation flows can be accessed only from pre-approved locations and devices.
    4. Single Sign-On (SSO) & OAuth-Based Authentication: Used when integrating with third-party platforms for added security.
  2. Clients may request custom access control measures based on their security policies.
SECTION 5 - NETWORK & INFRASTRUCTURE SECURITY
  1. Protection Against Cyber Threats
    • Firewall & Intrusion Detection Systems (IDS/IPS) protect our cloud-hosted automation services.
    • DDoS Protection via Make.com, Zoho, and cloud providers ensures uptime and resilience.
    • API Security Measures: API calls are encrypted and authenticated via OAuth 2.0.
  2. Secure Data Transfers
    • TLS 1.2+ encryption ensures that data moving between Zoho CRM, Make.com, and third-party platforms is secure.
    • Tokenized access controls prevent unauthorized retrieval of sensitive data.
SECTION 6 - INCIDENT RESPONSE & DATA BREACH POLICY
  1. In the event of a security incident:
    • Immediate Threat Detection & Containment: We monitor Make.com logs, Zoho Security Logs, and third-party API events for suspicious activity.
    • Client Notification: If an incident involves client data, we notify affected parties within 72 hours, per GDPR & CCPA guidelines.
    • Root Cause Analysis (RCA) & Mitigation: We conduct post-incident reviews to identify weaknesses and implement corrective measures.
    • Data Recovery & Backup: Zoho CRM maintains regular backups, ensuring data can be restored if needed.
SECTION 7 - CUSTOMER SECURITY RESPONSIBILITIES
  1. While we implement stringent security measures, clients must:
    • Use strong authentication (e.g., MFA) when accessing Zoho CRM and automation dashboards.
    • Review and approve third-party integrations before granting API access.
    • Limit access permissions for employees and team members.
    • Notify us immediately if unauthorized access or suspicious activity is detected.
  2. We provide security training and documentation to help clients maintain best practices.
SECTION 8 - UPDATES TO THIS SECURITY POLICY
  1. We regularly review and update this Security Policy to reflect new security threats, software updates, and regulatory changes. Changes will be posted with an updated “Last Updated” date.
  2. For security-related inquiries or concerns, contact our Data Security Team at support@sylvara.ai.