Syndicate AI

Your Data Security is Our Top Priority

Syndicate AI Solutions LLC operates on Google Cloud (us-central1) using Firebase Hosting, Cloud Functions 2nd Gen, and Firestore with ElevenLabs and Twilio powering voice automation. Every workload is encrypted in transit with TLS and at rest with AES-256, while Firestore security rules enforce tenant isolation in line with VCDPA and GDPR commitments.

GDPR

Privacy Compliant

CCPA

Privacy Rights

VCDPA

Virginia Data Protection

End-to-End Encryption

All workloads inherit Google Cloud's defense-in-depth posture. Data is encrypted in transit with TLS 1.3 and stored with AES-256 encryption managed by Google Cloud Key Management Services.

  • TLS 1.3 for every dashboard session, API call, and webhook exchange
  • AES-256 for data at rest across Firestore, Cloud Storage, and backups
  • Firestore security rules enforce tenant isolation and least-privilege access
  • Google Cloud manages key rotation, logging, and infrastructure monitoring 24/7
Complete Data Ownership

You maintain 100% ownership and control of your data. We never sell, share, or use your data for any purpose other than providing our services to you.

  • Export your data anytime
  • Delete your data permanently
  • No third-party data sharing
📊 How We Use Your Data - Complete Transparency

Data Collection & Purpose

Assessment Data

Business information, requirements, and preferences collected during our assessment process.

Used for: Agent configuration, system design, and service delivery

Business Operations Data

Customer records, orders, communications, and workflow data processed by your AI agents.

Used for: AI agent operations, automation, and customer service

System Performance Data

Usage statistics, performance metrics, and system logs for optimization.

Used for: Service improvement and technical support

Communication Records

Support conversations, training sessions, and consultation records.

Used for: Customer support and service delivery

What We DON'T Do With Your Data

  • Sell or share your data with third parties
  • Use your data for advertising or marketing
  • Train third-party foundation models on your confidential data
  • Access your data for competitive analysis
  • Store data in unsecured or personal systems
  • Retain data beyond agreed contractual terms
🔥 Firebase & Google Cloud Security

Firebase Security Features

  • Firestore Security Rules: Granular, declarative security rules control data access
  • Identity-Based Access: Firebase Authentication ensures only authorized users access data
  • Real-time Encryption: All data encrypted in transit and at rest automatically
  • Data Residency: Production workloads deployed in Google Cloud us-central1 (United States)

Google Cloud Protections

  • Google's Security Model: Same infrastructure protecting Gmail, YouTube, and Google Search
  • BeyondCorp Security: Zero-trust security model with no corporate VPN required
  • Titan Security Keys: Hardware-based authentication for administrative access
  • Automatic Updates: Security patches applied automatically without downtime
Your Data Isolation

Each client's data is completely isolated using Firebase's multi-tenancy features and Firestore's document-level security rules. Your business data is stored in dedicated collections with strict access controls that prevent any cross-contamination between clients. Even our support team can only access your data with explicit permission and audit logging.

📞 Voice Agent & Telephony Data Governance

Voice calls run through Twilio and ElevenLabs Conversational AI with the Adam voice profile (ID pNInz6obpgDQGcFmaJgB). Every interaction is logged in Firestore collections such as voiceConversations, appointmentRequests, and emailRequestsso your team has an auditable record of tool usage, outcomes, and follow-up actions.

What We Capture

  • Timestamped conversation transcripts with tool execution metadata in voiceConversations
  • Appointment and email actions stored as structured documents for follow-up (appointmentRequests, emailRequests)
  • Voice minute usage, warm transfers, and escalation flags tied back to your subscription allowances

Safeguards In Place

  • Access controlled by Firestore security rules — unauthenticated voice calls can create records but only authenticated admins can read them
  • Webhook validation ensures requests originate from ElevenLabs and Twilio before any data is persisted
  • Retention aligned to contractual terms with export options for call records and transcripts on request
🔌 API Security & Third-Party Integrations

How APIs Work in Your AI Agent System

APIs (Application Programming Interfaces) are secure communication channels that allow your AI agents to connect with your existing business systems. Think of them as secure messengers that carry information between different software applications while maintaining strict security protocols.

Request

Agent requests specific data

Authenticate

Secure verification process

Deliver

Encrypted data transfer

API Security Measures

Authentication & Authorization
  • OAuth 2.0 & JWT Tokens: Industry-standard secure authentication protocols
  • API Key Management: Encrypted keys with automatic rotation and expiration
  • Scope-Limited Access: APIs only access specific data they need for their function
  • Rate Limiting: Prevents abuse and ensures system stability
Data Protection in Transit
  • TLS 1.3 Encryption: All API communications encrypted end-to-end
  • Certificate Pinning: Prevents man-in-the-middle attacks
  • Request Signing: Digital signatures verify request authenticity
  • Payload Encryption: Sensitive data double-encrypted within API calls

Third-Party API Integrations

Popular Integrations We Support
Salesforce CRM
HubSpot
Shopify
QuickBooks
Mailchimp
Slack
Google Workspace
Microsoft 365
Stripe
PayPal
Twilio
Zendesk
How We Handle Your API Data
  • Read-Only When Possible: Many integrations only read data, never modify
  • Temporary Processing: Data processed in memory, not permanently stored
  • Minimal Data Caching: Only essential data cached for performance
  • Audit Logging: Every API call logged for security monitoring
API Data Lifecycle
1
Request: Agent requests specific data via secure API
2
Process: Data processed in encrypted memory
3
Action: Agent performs required task
4
Cleanup: Temporary data securely deleted

🔒 Your API Credentials Stay Secure

We understand that API credentials are like keys to your business. Here's how we protect them:

  • Encrypted Storage: All credentials encrypted with AES-256
  • Access Control: Only authorized agents can use credentials
  • No Human Access: Our staff cannot view your API keys
  • Rotation Support: Easy credential updates when you rotate keys
  • Immediate Revocation: Disable access instantly if needed
  • Separate Environment: Development/testing uses sandbox credentials

📋 API Compliance & Standards

REST APIs

Industry-standard RESTful architecture

OpenAPI 3.0

Standardized API documentation

GraphQL

Efficient data fetching support

💰 Usage Costs & Transparency

What is a "Token"?

Think of tokens as the building blocks of language for AI models. They are like words or pieces of words. For example, the sentence "Your data is safe" might be broken down into five tokens: "Your", "data", "is", "safe", ".".

Every time you interact with an AI agent (e.g., ask a question, get a response), the text is converted into tokens. The more text you process, the more tokens you use. This is how AI providers measure usage and calculate costs.

AI Model Usage Costs

Our service integrates with several leading AI models. The cost of using our service is directly tied to the usage of these models, which have their own pricing structures. We pass through the costs of these models to you with a 15% service fee.

Costs are calculated based on two types of tokens:

  • Input Tokens: The tokens you send to the model (e.g., your questions or prompts).
  • Output Tokens: The tokens the model sends back to you (e.g., the AI's answers or generated content).

Below is a breakdown of the pricing for the models we support (prices are per 1 million tokens):

Google Gemini
  • Gemini 1.5 Pro: $7.00 (input), $21.00 (output)
  • Gemini 1.5 Flash: $0.70 (input), $2.10 (output)
OpenAI
  • GPT-4: $30.00 (input), $60.00 (output)
  • GPT-4 Turbo: $10.00 (input), $30.00 (output)
  • GPT-3.5 Turbo: $0.50 (input), $1.50 (output)
Anthropic Claude
  • Claude 3 Opus: $15.00 (input), $75.00 (output)
  • Claude 3 Sonnet: $3.00 (input), $15.00 (output)
  • Claude 3 Haiku: $0.25 (input), $1.25 (output)

Cloud Hosting

For clients who choose to have AI features on their websites hosted by us, there are costs associated with cloud infrastructure. This includes servers, databases, and other resources needed to keep your AI agents running smoothly. We charge a 20% markup on our costs for cloud hosting.

Factors that can influence hosting costs include:

  • Website Traffic: Higher traffic requires more server resources.
  • Data Storage: The amount of data your application stores.
  • AI Agent Complexity: More complex agents may require more powerful servers.
  • Estimated Monthly Cost: A typical small business website with moderate traffic might incur hosting costs of $50-$100 per month. This is an estimate, and actual costs may vary.

Example Cost Calculation

Let's say you have an AI agent that answers customer questions on your website. A customer asks a question that is 1,000 tokens long, and the AI's answer is 2,000 tokens long. You are using the GPT-3.5 Turbo model.

  • Input Cost: 1,000 tokens * ($0.50 / 1,000,000 tokens) = $0.0005
  • Output Cost: 2,000 tokens * ($1.50 / 1,000,000 tokens) = $0.003
  • Total AI Model Cost: $0.0005 + $0.003 = $0.0035
  • Our Service Fee (15%): $0.0035 * 0.15 = $0.000525
  • Total Cost for this interaction: $0.0035 + $0.000525 = $0.004025

As you can see, the cost for a single interaction is very small. Costs are billed monthly based on your total usage.

🏢 Infrastructure Security

Cloud Infrastructure

  • Google Cloud Platform: Hosted on Google's enterprise infrastructure with Firebase/Firestore security
  • Regional Resiliency: Hosted in us-central1 with automated backups and Google-managed redundancy
  • 24/7 Monitoring: Real-time security monitoring with automated threat detection
  • 99.9% Uptime SLA: Guaranteed availability with automatic failover capabilities

Network Security

  • WAF Protection: Web Application Firewall filters malicious traffic
  • DDoS Protection: Advanced protection against distributed denial-of-service attacks
  • VPC Isolation: Private network isolation with controlled access points
  • IP Whitelisting: Restrict access to approved IP addresses only
🔐 Data Protection & Privacy

Encryption Standards

  • AES-256 Encryption: Industry-standard encryption for all stored data
  • Key Management: Hardware Security Modules (HSM) for encryption key protection
  • Database Encryption: Column-level encryption for sensitive fields
  • Backup Encryption: All backups encrypted with separate key rotation

Privacy Controls

  • Data Minimization: Only collect and process data necessary for services
  • Right to Erasure: Complete data deletion upon request within 30 days
  • Data Portability: Export your data in standard formats anytime
  • Consent Management: Granular control over data processing permissions
👥 Access Control & Authentication

Multi-Factor Authentication

  • Required MFA: Two-factor authentication mandatory for all accounts
  • SSO Integration: Support for enterprise Single Sign-On providers
  • Session Management: Automatic session timeouts and secure token handling
  • Device Management: Track and manage authorized devices

Role-Based Access

  • Principle of Least Privilege: Users only access data they need for their role
  • Granular Permissions: Fine-grained control over data access and operations
  • Regular Access Reviews: Quarterly reviews of user permissions and access rights
  • Audit Logging: Complete audit trail of all data access and modifications
📋 Privacy & Security Standards

Privacy Compliance

  • GDPR
    European General Data Protection Regulation - We follow GDPR principles for all customer data
  • CCPA
    California Consumer Privacy Act - Privacy rights respected for all users

Security Best Practices

  • Enterprise Security
    Following industry-standard security frameworks and best practices
  • Google Cloud
    Leveraging Google Cloud Platform's SOC 2 and ISO 27001 certified infrastructure
  • Regular Audits
    Continuous security monitoring and regular third-party security assessments
🚨 Incident Response & Monitoring

Threat Detection

  • Real-time Monitoring: 24/7/365 security operations center
  • AI-Powered Detection: Machine learning algorithms detect anomalies
  • Threat Intelligence: Integration with global threat intelligence feeds
  • Vulnerability Scanning: Regular automated security assessments

Response Procedures

  • Incident Response Plan: Documented procedures for security incidents
  • Immediate Notification: Customer alert within 72 hours of any incident
  • Forensic Analysis: Professional investigation of security events
  • Continuous Improvement: Regular testing and updating of response plans

Questions About Our Security?

Our founder-led security team is available to answer questions about data handling, run-throughs of our Firestore rules, or voice agent call flows. For urgent issues, email support with your businessId so we can respond within 24 business hours or faster for production-impacting events.

Email support@syndicateaisolutions.comView Documentation