Security & Data

Before a security team will bless Syntic Code for company-wide use, it needs clear answers to a few pointed questions: what can the agent do to our systems, what happens to our code when it is sent to the model, and can we guarantee that nothing is retained. This section provides those answers. It is written to be handed to the people who evaluate and approve developer tools.

The three concerns

Security breaks into three related but distinct topics. Security is about the agent’s behavior on the machine, the boundaries you can place around it, and how to reduce the risk of it taking an unwanted action. Data Usage is about the flow of information to and from the Syntic model: what leaves your environment, how it is protected in transit, and how it is handled once it arrives. Zero Data Retention is about the strongest data guarantee available, ensuring that prompts and responses are not persisted at all.

How to read this section

If you are performing a security review, read all three pages in order. Security establishes the operational controls, the permission rules, sandboxing, and managed settings that keep the agent inside a defined boundary. Data Usage then explains where your code goes and how it is treated, which is usually the crux of a data-protection assessment. Zero Data Retention covers the option to eliminate retention entirely for teams with strict requirements.

Nothing here replaces your own risk assessment, but it gives you the factual basis to conduct one. Pair these pages with the controls under Setup, especially server-managed settings and permissions, to turn the guarantees described here into enforced policy.