Security
Last updated: July 6, 2026
Security is foundational to Synerdeck. This page summarizes the technical and organizational measures we use to protect your data.
Data protection
- All traffic is encrypted in transit with TLS. Data at rest is encrypted by our hosting providers.
- Row-level security enforces tenant isolation so each workspace can only access its own data.
- Uploaded documents are stored in a private bucket and served through short-lived signed URLs.
- File uploads are validated by content type and size, with optional malware scanning.
Access control
- Authentication is handled by a dedicated identity provider with support for Google sign-in.
- Internal access to production follows the principle of least privilege.
- Role-based permissions govern what team members can do within a workspace.
Application security
- Strict security headers, including a Content Security Policy, protect against common web attacks.
- API keys are stored only as hashes; the full key is shown once at creation.
- Webhook payloads are verified by signature before processing.
- Rate limiting protects sensitive endpoints from abuse.
Monitoring & reliability
- Errors and performance are continuously monitored (when enabled) to detect issues early.
- Our database provider offers automated backups and point-in-time recovery.
Responsible disclosure
If you believe you have found a security vulnerability, please report it to support@synerdeck.com. We appreciate responsible disclosure and will investigate all legitimate reports.