Snipara
LoginStart
Back to Home

Trust Center

Security, compliance, and data protection at Snipara

Last updated: February 2026

Our Security Commitments

AES-256 Encryption at Rest
TLS 1.3 in Transit
🇨🇭Swiss Data Sovereignty
GDPR & LPD Compliant
No Cloud Act
No AI Training
Tenant Isolation
DPA Available

1. Security Overview

Snipara is a Context Optimization as a Service platform operated by STARBOX GROUP GMBH, a Swiss-registered company (CHE-326.317.262). We process your documentation to deliver optimized context to your own LLM — we never run inference on your data, never train models on it, and never share it with third parties.

Security is foundational to our architecture. Because our service sits between your documentation and your AI tools, we treat every document, query, and session as confidential by default.

What We Do

Index, search, rank, and compress your documentation into optimized context chunks within your token budget.

What We Never Do

Run LLM inference on your data, train AI models, sell or share your content with third parties, or access your documents without explicit permission.

2. Encryption & Data Protection

All data is encrypted both in transit and at rest using industry-standard cryptographic protocols.

Data in Transit

TLS 1.3 enforced on all API endpoints (api.snipara.com) and web application (www.snipara.com)
HSTS (HTTP Strict Transport Security) headers with 1-year max-age prevent protocol downgrade attacks
MCP protocol (Model Context Protocol) connections secured via HTTPS with API key or OAuth token authentication

Data at Rest

AES-256 encryption for all stored documents, embeddings, and user data via Vaultbrix PostgreSQL encryption
API keys hashed with SHA-256 before storage — raw keys are never persisted and cannot be retrieved after creation
OAuth tokens validated per-request — tokens are cryptographically signed and expire after a defined TTL
Embeddings isolated per project — vector indexes are scoped to the owning project and cannot be accessed cross-tenant

Secrets Management

Secret TypeStorage MethodRotation
API KeysSHA-256 hashed, prefixed for identificationUser-initiated via dashboard
OAuth TokensCryptographically signed JWTsAuto-expire with configurable TTL
Database CredentialsRailway encrypted environment variablesRotated per deployment
Webhook SecretsHMAC-SHA256 signaturesPer-integration rotation

3. Tenant Isolation Architecture

Snipara enforces strict multi-tenant isolation at every layer of the stack. Customer data is never co-mingled, and access boundaries are enforced at the database, application, and API layers.

Isolation Model

Every project operates in a logically isolated environment:

Database-level: PostgreSQL Row-Level Security (RLS) policies enforce tenant boundaries — queries are scoped to the authenticated project/team at the database layer, not just the application layer
Application-level: Every API request is authenticated and authorized against a specific project. Access Control Lists (ACL) enforce per-project permissions (VIEWER, EDITOR, ADMIN, NONE)
Vector index-level: Document embeddings (pgvector) are stored with project-scoped foreign keys — semantic search results never leak across project boundaries
Team-level: Multi-project access (Team/Enterprise plans) is gated by team membership — team API keys can only access projects owned by the team
Session-level: Agent memory, swarm state, and session context are scoped per-project or per-agent — no cross-session data leakage

Enterprise Self-Hosted Isolation

Enterprise customers can deploy Snipara in their own infrastructure for complete physical isolation. Self-hosted deployments run in the customer's own VPC with their own database, eliminating any shared infrastructure. See our Self-Hosted Enterprise offering for details.

4. Authentication & Access Control

Authentication Methods

MethodFormatUse CaseSecurity Level
Project API KeyX-API-Key: rlm_...Single project MCP accessHigh
Team API KeyX-API-Key: rlm_...Multi-project team accessHigh
OAuth 2.0 TokenAuthorization: Bearer snipara_at_...Device flow authenticationHigh
Web SessionNextAuth.js session cookieDashboard access (GitHub, Google, Email)Standard

Access Control Model

Snipara uses a role-based access control (RBAC) system with per-project granularity:

RoleRead DocsWrite DocsManage KeysAdmin
VIEWERYesNoNoNo
EDITORYesYesNoNo
ADMINYesYesYesYes
NONENoNoNoNo

Rate Limiting & Anti-Abuse

API key rate limiting: 100 requests per 60 seconds per API key (Redis-backed with in-memory fallback)
IP-based rate limiting: 300 requests per 60 seconds per IP address
Anti-scan protection: Automatic detection of project enumeration attempts — 10 unique denied slugs within 5 minutes triggers a 15-minute IP block
Input validation: All inputs validated via Pydantic schemas with regex timeout protection (1s max) and pattern length limits (500 chars)

5. Infrastructure Security

Platform Architecture

ComponentProviderRegionSecurity
Web ApplicationRailwayEU / USContainerized, non-root user
MCP Server (API)RailwayEU / USDocker multi-stage, health checks
DatabaseVaultbrix (PostgreSQL)🇨🇭 SwitzerlandAES-256, TLS, automated backups
Vector Searchpgvector (in Vaultbrix)🇨🇭 SwitzerlandSame DB-level encryption and RLS
Rate LimitingRedis (Railway)EU / USEncrypted connections, in-memory fallback
Error TrackingSentryEUAPI key redaction, 10% sampling

Security Headers

Every HTTP response from our API includes security headers:

HeaderValuePurpose
Strict-Transport-Securitymax-age=31536000Enforce HTTPS for 1 year
X-Frame-OptionsDENYPrevent clickjacking
X-Content-Type-OptionsnosniffPrevent MIME type sniffing
X-XSS-Protection1; mode=blockXSS filter
Content-Security-Policydefault-src 'self'Restrict resource loading
Referrer-Policystrict-origin-when-cross-originLimit referrer information

Docker Security

Non-root user execution (UID/GID 1000) in all production containers
Multi-stage builds to minimize attack surface — production images contain only runtime dependencies
Health check endpoints for automated container lifecycle management

Error Sanitization

All error responses are sanitized before being returned to clients. Internal error details, stack traces, and system information are never exposed. Only 11 pre-defined safe error messages are returned, preventing information leakage.

6. Compliance & Certifications

Current Compliance

StandardStatusDetails
GDPR (EU General Data Protection Regulation)CompliantFull compliance including DPA, data subject rights, lawful basis, breach notification
Swiss FADP (Federal Act on Data Protection)CompliantSwiss-registered company (CHE-326.317.262) with full FADP compliance
CCPA (California Consumer Privacy Act)CompliantNo sale of personal information, right to delete, right to know
SOC 2 Type IIPlanned 2026Audit engagement planned — controls aligned with Trust Services Criteria
ISO 27001RoadmapInformation Security Management System certification on roadmap

No AI Training Commitment

Legally Binding: Your Data is NEVER Used for AI Training

This commitment is documented in our Privacy Policy (Section 6) and Terms of Service (Section 6), and constitutes a legally binding obligation:

We NEVER use your documents, queries, or data for AI model training, fine-tuning, or improvement
We NEVER share your data with third parties for any AI or research purposes
Embeddings and indexes are isolated per project and used solely for your context optimization queries
Employees NEVER access your content except with your explicit written permission (e.g., support tickets)

7. Data Residency & Storage

Snipara stores and processes data exclusively in Switzerland on our self-hosted infrastructure. This provides the strongest data protection available, outside US jurisdiction.

🇨🇭

Swiss Data Sovereignty

All customer data is stored in Switzerland, providing:

No Cloud Act - US courts cannot subpoena your data
GDPR Adequate - EU recognizes Swiss protection
LPD Compliant - Swiss Federal Data Protection Act
Swiss Cloud - Our infrastructure in Swiss data centers

Primary Data Locations

Data TypeLocationProviderRetention
Documents & embeddings🇨🇭 SwitzerlandVaultbrix DBaaSUntil deletion requested
User accounts🇨🇭 SwitzerlandVaultbrix DBaaSUntil account deletion
API keys (hashed)🇨🇭 SwitzerlandVaultbrix DBaaSUntil revoked
Audit logs🇨🇭 SwitzerlandVaultbrix DBaaS90 days
Application logsEU / USRailway + Sentry30 days
Payment dataUS (Stripe)Stripe (PCI DSS Level 1)Per Stripe policies

Third-Party Sub-Processors

Sub-ProcessorPurposeData CenterSafeguards
VaultbrixDatabase hosting (Swiss cloud)🇨🇭 SwitzerlandSOC 2 (in progress), LPD, GDPR adequate, No Cloud Act
RailwayApplication hostingEU / USSOC 2, encrypted infra
StripePaymentsUSPCI DSS Level 1, SCCs
ResendTransactional emailUSSCCs, TLS encryption
SentryError trackingEUSOC 2, API key redaction
VercelCDN / EdgeGlobalSOC 2, GDPR DPA

All sub-processors with data centers outside the EU/EEA operate under Standard Contractual Clauses (SCCs) and supplementary security measures as required by GDPR Chapter V.

8. Data Processing Agreement (DPA)

Snipara provides a Data Processing Agreement for all customers who require one. Our DPA is compliant with GDPR Article 28 and the Swiss FADP, and covers:

Scope & Purpose

Processing scope, purpose limitation, categories of personal data, and data subject categories.

Security Measures

Technical and organizational measures (TOMs) including encryption, access control, monitoring, and incident response.

Sub-Processors

Complete list of sub-processors, their locations, safeguards, and notification process for sub-processor changes.

Data Subject Rights

Assistance obligations for data subject requests (access, rectification, erasure, portability, restriction, objection).

Breach Notification

Commitment to notify within 72 hours of confirmed data breach, with full incident details and remediation plan.

Data Return & Deletion

Data export and permanent deletion within 30 days of contract termination, including embeddings, indexes, and backups.

To request a DPA or discuss custom contractual requirements, contact legal@starbox-group.com. Enterprise customers on annual contracts receive a pre-signed DPA as part of onboarding.

9. Data Lifecycle & Retention

Data at Each Stage

StageWhat HappensWhat We Store
UploadDocument received via MCP or REST APIOriginal document content, metadata
IndexingDocument chunked, embedded with pgvectorChunks, embeddings (project-scoped)
QuerySemantic + keyword search, ranking, compressionQuery logged for usage tracking (no query content stored)
ResponseOptimized context returned to clientNothing — response is ephemeral
DeletionAccount or project deletedAll data permanently purged within 30 days

Retention Policy

Data TypeActive AccountAfter Deletion Request
Documents & embeddingsRetained until deletedPermanently purged within 30 days
API keysUntil revokedImmediately invalidated
Agent memoriesPer TTL or until deletedPermanently purged within 30 days
Usage statisticsAggregated, anonymizedAnonymized data may be retained
Audit logs90 days rollingAuto-expires
Billing recordsPer Swiss law (~10 years)Retained per legal obligation

10. Incident Response

Snipara maintains a structured incident response plan aligned with industry best practices. Our goal is rapid containment, transparent communication, and thorough remediation.

Response Timeline

PhaseTimelineActions
DetectionContinuousAutomated monitoring via Sentry, audit logs, anti-scan detection, and health checks
Triage< 1 hourClassify severity (Critical/High/Medium/Low), assign incident owner, begin investigation
Containment< 4 hoursIsolate affected systems, revoke compromised credentials, deploy mitigations
Customer Notification< 72 hoursNotify affected customers with incident details, impact assessment, and recommended actions (per GDPR Article 33/34)
RemediationVariesRoot cause analysis, permanent fix deployment, infrastructure hardening
Post-Mortem< 7 daysInternal review, lessons learned, process improvements, customer summary report

Severity Classification

SeverityDefinitionExample
CriticalData breach or unauthorized access to customer dataDatabase exfiltration, authentication bypass
HighService-wide outage or significant security vulnerabilityAPI down, privilege escalation vulnerability
MediumPartial service degradation or minor vulnerabilityElevated error rates, information disclosure
LowInformational finding, no immediate impactConfiguration drift, non-critical dependency update

11. Vulnerability Disclosure

Snipara welcomes responsible security research. If you discover a security vulnerability, we ask that you report it responsibly so we can address it promptly.

How to Report

Email: security@starbox-group.com — our preferred channel for vulnerability reports
Include: Description of the vulnerability, reproduction steps, potential impact, and any proof-of-concept

Our Commitment

ActionTimeline
Acknowledge receiptWithin 48 hours
Initial assessmentWithin 5 business days
Status updateWithin 10 business days
Fix deployed (critical)Within 72 hours of confirmation
Fix deployed (high)Within 14 days of confirmation
Fix deployed (medium/low)Within 30 days of confirmation

Safe Harbor

We will not pursue legal action against security researchers who act in good faith, follow responsible disclosure practices, avoid accessing or modifying other users' data, and do not disrupt our services. We ask that you give us reasonable time to address reported issues before any public disclosure.

12. Business Continuity

Backup & Recovery

Database backups: Automated point-in-time recovery via Vaultbrix with configurable retention windows
Application rollback: Containerized deployments on Railway with instant rollback to previous versions
Infrastructure as Code: All deployment configuration version-controlled for reproducible environments
Health monitoring: Automated health checks with container restart on failure detection

Availability

Snipara targets high availability across all plans. Enterprise customers receive contractual SLA terms as part of their agreement:

PlanAvailability TargetSupport
Free / ProBest effortCommunity + email
Team99.5% monthlyPriority email, 24h response
Enterprise99.9% monthly (contractual SLA)Dedicated support, 4h response for critical

13. Audit & Monitoring

Security Audit Logging

All security-relevant events are logged asynchronously (fire-and-forget) with structured data for analysis and alerting:

Event TypeTriggerData Captured
access.deniedUnauthorized project access attemptIP, API key prefix, target project, timestamp
rate_limit.exceededRate limit threshold crossedIP, API key prefix, request count, window
scan.blockedEnumeration attack detectedIP, denied slugs count, block duration
auth.failedInvalid authentication attemptIP, auth method, failure reason
key.createdNew API key generatedUser, project, key prefix
key.revokedAPI key revokedUser, project, key prefix
acl.changedAccess control modificationUser, project, old/new role
data.deletedAccount or project data purgedUser, scope, data types affected

Monitoring & Alerting

Sentry: Real-time error tracking with API key redaction and 10% sampling in production for performance monitoring
Health checks: Automated /health endpoint monitoring with container restart on consecutive failures
Structured logging: JSON-formatted logs with correlation IDs for request tracing across services

Security Audits

Snipara conducts regular security assessments. Our most recent comprehensive audit (January 2026) covered 14 security domains and resulted in all critical findings being remediated. Enterprise customers may request audit summaries as part of their procurement process.

14. Employee Access & Training

Principle of least privilege: Employee access to production systems is limited to the minimum required for their role
No customer content access: Employees never access customer documents or data except with explicit written permission (e.g., during a support request)
Code review: All production code changes require peer review and pass CI/CD checks (linting, type-checking, tests) before merge
Credential management: All production secrets are stored in Railway encrypted environment variables — never in code, config files, or version control

15. Security Roadmap

Security is an ongoing investment. We are continuously improving our posture and working toward additional certifications:

InitiativeStatusDetails
SOC 2 Type II AuditIn ProgressAudit engagement initiated, controls aligned with Trust Services Criteria
ISO 27001 CertificationPlannedISMS framework development and certification on roadmap
External Penetration TestingRecurringPeriodic third-party penetration testing engagements
Bug Bounty ProgramPlannedFormal bug bounty program under evaluation for launch alongside SOC 2
SIEM IntegrationPlannedEnterprise customers will receive real-time security event forwarding to their SIEM
Customer-Managed Encryption KeysPlannedBring-your-own-key (BYOK) support for Enterprise self-hosted

16. Contact Security Team

We take security seriously and welcome communication from customers, researchers, and the community.

Snipara Security Team

STARBOX GROUP GMBH

Chemin du Pré-Guillot 9

1288 Aire-la-Ville, Switzerland

CHE-326.317.262

security@starbox-group.com
legal@starbox-group.com (DPA requests)privacy@starbox-group.com (Data rights)

We aim to respond to all security inquiries within 48 hours.

Enterprise customers can request security questionnaire completion, audit report summaries, and custom DPA terms. Contact security@starbox-group.com to start the conversation.

Questions about security? Contact security@starbox-group.com

Privacy Policy →Terms of Service →