Security

Your Data Never Leaves Your Machine

Synrix runs entirely on your infrastructure. No cloud. No third-party servers. No data transmission. Your agent data stays exactly where you put it.

Security by Design

Instead of sending your data to someone else's servers and hoping they protect it, Synrix installs locally and keeps everything on your machine.

Your Code

→

Synrix SDK

→

Local Storage Engine

→

Your Disk

No data sent to external servers

No cloud database

No third-party APIs called

No telemetry by default

Everything stays on your file system

Data Internalization

Your Disk, Your Data

All data stored in local files. Lattice engine uses memory-mapped binary files. SQLite stores in standard .db files with WAL journals. No external database.

No Phone-Home

Zero network calls during normal operation. License validation is offline HMAC-SHA256. Telemetry is opt-in only with local export. No license server contacted.

No External Dependencies

Storage engine, REST API, dashboard, license validation, anomaly detection, background daemon — all run on your machine. Nothing external.

Component	Where It Runs
Storage engine (Lattice C binary)	Your machine
SQLite database	Your machine
REST API server	Your machine (localhost)
Dashboard	Your machine (localhost)
License validation	Your machine (offline)
Anomaly detection	Your machine
Background daemon	Your machine

ACID Guarantees

Atomic

Writes complete fully or not at all. No partial writes, ever.

Consistent

Data is always in a valid state. WAL ensures consistency between journal and main store.

Isolated

Concurrent reads see consistent snapshots. Readers are never blocked by writers.

Durable

Once acknowledged, data is on disk. Power loss, crashes, SIGKILL — the data survives.

Crash Recovery Proof

Synrix has been tested with Jepsen-style crash injection:

Write 500 nodes to the store
Send SIGKILL during mid-write (the worst possible crash)
Restart the process
Result: All 500 nodes recovered. Zero data loss. Every time.

Recovery time: < 269 microseconds.

Authentication & Licensing

API Key Security

• Format: sk-synrix-{random_token} (52+ chars)
• Storage: SHA-256 hashed, raw key never stored
• Verification: Constant-time comparison prevents timing attacks
• Multi-tenant: Keys scoped to tenants for isolation

Offline License Validation

License keys are self-contained cryptographic tokens:

• Extract payload (tier, limits, expiration)
• Compute HMAC-SHA256 signature
• Compare signatures mathematically
• Works in air-gapped environments

Compliance & Privacy

Data Type	Collected?	Details
Agent memory data	No	Stays on your disk
API keys	No	Hashed locally, never transmitted
Usage metrics	No	Optional, requires explicit setup
Telemetry	No	Opt-in only, local export only
IP addresses	No	No network calls by default
User PII	No	Never collected

GDPR

No data processor relationship.

HIPAA

No BAA needed.

SOC 2

No third-party audit scope.

Data Residency

Data is wherever your machine is.

Self-Hosted vs. Cloud Alternatives

	Synrix	Cloud Memory APIs	Managed Vector DBs
Data location	Your machine	Their servers	Their servers
Network required	No	Yes	Yes
Data visible to vendor	No	Yes	Yes
Latency	Microseconds	Milliseconds	Milliseconds
Compliance burden	Minimal	Requires DPA/BAA	Requires DPA/BAA
Air-gap compatible	Yes	No	No
Vendor lock-in	None	High	High
Cost scales with data	No (flat)	Yes (per req)	Yes (per GB)

Security shouldn't be an afterthought.

With Synrix, security is the architecture. Your data never leaves. There's nothing to breach because there's nothing to transmit.