Trust & Security
Cynch is designed to be trusted by doing less, not more.
Trust is earned through clear limits, predictable behavior, and verifiable sources — not claims.
Security posture
Cynch is built to minimize risk by minimizing surface area.
No re-hosting of source content
No modification of source data
No transformation of source data
No shadow copies of documents or messages
Cynch observes signals and relationships, not full artifacts.
Access and visibility
Cynch never expands access.
Users only see what they already have access to in source systems
Workspace and project boundaries are respected
No cross-boundary inference
No privilege escalation
If Cynch cannot verify access, it does not surface information.
Data integrity and explainability
Every surfaced signal is explainable.
All outputs link back to original source events
No black-box conclusions
No unverifiable summaries
No derived truth without provenance
If something cannot be traced, it is not shown.
Reference artifacts and visibility
Cynch produces reference artifacts designed to be cited without interpretation.
Each reference artifact is created with a visibility posture that defines how it can be shared.
### Internal only
Visible only to authenticated organization members.
Not emissible as an external reference.
### Link-authoritative
Anyone with the link can view the reference surface.
Links are unlisted and not discoverable.
This exists because a citation that cannot be forwarded intact is not a citation.
### Restricted
The reference surface requires identity verification and is limited to an explicit allowlist (domain or email).
Restricted citation is intentionally slower. If restriction becomes casual, it becomes political.
### Immutability
Reference artifacts are immutable.
They may be superseded, never edited.
Visibility changes create a new version. Prior versions remain part of the historical record.
Redaction posture
Cynch can project a citeable reference surface without exposing raw source material.
Redaction reduces exposure without breaking authority: - timestamps persist - object identity persists - contradiction and decision structure persists - source links remain where permitted
Attention discipline
Security includes attention discipline.
No constant polling dashboards
No engagement-driven alerts
No behavioral scoring
No monitoring for its own sake
Silence is the default state.
What Cynch does not do
Does not sell or share data
Does not monetize observation
Does not profile users
Does not analyze behavior for optimization
Cynch has no incentive to increase visibility or activity.
Independent verification
Security claims must be verifiable.
Claims are backed by enforceable constraints.
Architecture favors inspection over trust.
Documentation exists to support review
Trust is structural, not rhetorical.