Skip to main content
SolyntraSolyntra

How we keep your code on our laptops.

Every Solyntra engineer's device is provisioned, locked down, and audited before it sees your repository. This page is the detail behind the security mentions on Engineering Pods and Custom Software Builds. If you are evaluating us for a regulated, IP-sensitive, or audit-relevant build, this is the page your security team is looking for.

Why this page exists

Most offshore engineering exposures start at the endpoint. An engineer with local administrator rights on an unmanaged laptop can copy a repository, install unsanctioned tooling, accept malware-laden updates, or carry source code to a new employer when they leave.

The standard mitigation, NDAs and trust, is not a control. It is a hope.

We run a different model. The controls below are not aspirational; they are what our IT function operates today, on every device, with no exceptions for engineers, contractors, or visitors.

Endpoint management

Every laptop that touches client code is enrolled in our managed-device policy before it is issued. The enrolment is not optional and cannot be removed by the user.

  • Device is provisioned through Windows Autopilot or equivalent macOS MDM.
  • No local administrator rights for any user, including the engineer using the device.
  • Software installation restricted to approved list, managed centrally.
  • Full-disk encryption enabled and enforced.
  • Endpoint detection and response (EDR) installed and monitored.
  • Device compliance checked before network or repository access is granted.

Access control

  • Repository access is role-based and scoped to the specific engagement.
  • Access is provisioned when an engineer joins a project and revoked when they leave.
  • Same-day revocation when an engineer rolls off an engagement.
  • Multi-factor authentication required for all access.
  • SSH keys and API tokens are engagement-scoped and rotated on rolloff.

Provisioning sequence

When you sign an engagement, here's what happens before the engineer writes their first line of code:

  1. 1Hardware procurement for the specific engagement.
  2. 2Device enrolled in managed-device policy during setup.
  3. 3Engineer assigned to device; no local admin rights.
  4. 4Role-based repository access provisioned against your engagement.
  5. 5Compliance verification before first code access.
  6. 6Security handshake with your team to confirm controls.

What this prevents

  • Code copied to personal devices or storage.
  • Unauthorised software installed on development machines.
  • Access persisting after an engineer leaves the engagement.
  • Credentials or keys remaining active after rolloff.
  • Unpatched or non-compliant devices touching your code.

What this does not replace

  • Your own security review of our practices (we welcome it).
  • Contractual protections (we sign appropriate NDAs and data handling agreements).
  • Application-level security (we build that into the software).
  • Your compliance obligations (we build to spec; certification is your process).

What we will share under NDA

If you need more detail for your security review, we can share:

  • Our endpoint management policy documentation.
  • Evidence of specific controls (screenshots, configuration exports).
  • Our access control matrix template.
  • Details of our provisioning and offboarding processes.

Ask on your discovery call or email hello@solyntra.com.

Questions about our security posture?

We're happy to walk your security team through the detail.

Book a discovery call