Security

Last updated: July 6, 2026

Security is foundational to Synerdeck. This page summarizes the technical and organizational measures we use to protect your data.

Data protection

  • All traffic is encrypted in transit with TLS. Data at rest is encrypted by our hosting providers.
  • Row-level security enforces tenant isolation so each workspace can only access its own data.
  • Uploaded documents are stored in a private bucket and served through short-lived signed URLs.
  • File uploads are validated by content type and size, with optional malware scanning.

Access control

  • Authentication is handled by a dedicated identity provider with support for Google sign-in.
  • Internal access to production follows the principle of least privilege.
  • Role-based permissions govern what team members can do within a workspace.

Application security

  • Strict security headers, including a Content Security Policy, protect against common web attacks.
  • API keys are stored only as hashes; the full key is shown once at creation.
  • Webhook payloads are verified by signature before processing.
  • Rate limiting protects sensitive endpoints from abuse.

Monitoring & reliability

  • Errors and performance are continuously monitored (when enabled) to detect issues early.
  • Our database provider offers automated backups and point-in-time recovery.

Responsible disclosure

If you believe you have found a security vulnerability, please report it to support@synerdeck.com. We appreciate responsible disclosure and will investigate all legitimate reports.