{
  "infrastructure": {
    "provider": "Google Cloud Platform (GCP)",
    "hosting": "Firebase Hosting",
    "servicesUsed": [
      "Cloud Run",
      "Cloud Functions",
      "Firestore Database",
      "Cloud Storage",
      "Vertex AI"
    ]
  },
  "securityPractices": [
    "HTTPS/TLS encryption for all public endpoints",
    "Encryption of data in transit",
    "Encryption of supported cloud-stored data at rest",
    "Role-based access controls (RBAC)",
    "Principle of least privilege",
    "Secure authentication and authorization",
    "Environment-based secret management",
    "Security monitoring and logging",
    "Regular dependency updates and vulnerability remediation",
    "Automated backups for supported services",
    "Firestore Security Rules",
    "Firebase Authentication",
    "Cloud IAM",
    "DDoS protection provided through Google Cloud infrastructure"
  ],
  "privacyPractices": [
    "Privacy-first engineering approach",
    "Data minimization where practical",
    "GDPR-aware privacy practices",
    "Customer data handled according to the published Privacy Policy",
    "Users may request account or personal data deletion where applicable"
  ],
  "compliance": {
    "SOC2": "Planned (Not Certified)",
    "ISO27001": "Planned (Not Certified)",
    "HIPAA": "Not Currently Claimed",
    "PCIDSS": "Not Currently Claimed"
  },
  "availability": {
    "uptimeSLA": "No formal uptime SLA is currently offered.",
    "note": "Services are designed for high availability using managed Google Cloud infrastructure. Availability targets and SLAs may be introduced for enterprise customers in the future."
  },
  "securityContact": "security@zyniqlabs.com"
}