Security & Privacy

Data Security

How Synoveo protects your data

Synoveo implements comprehensive security measures to protect your data.

Encryption

In Transit

  • All connections use TLS 1.3
  • HTTPS enforced everywhere
  • Certificate pinning for API calls

At Rest

  • Database encryption (AES-256)
  • Google OAuth tokens encrypted with AES-256-GCM
  • Encryption keys managed securely

Authentication

User Authentication

  • Passwordless email verification
  • JWT tokens with short expiration
  • Automatic token refresh
  • Session management

API Authentication

  • API keys with domain binding
  • Location-scoped access
  • Key rotation support
  • Revocation capability

Infrastructure

Hosting

  • Railway cloud platform
  • Automated backups
  • Geographic redundancy
  • DDoS protection

Database

  • PostgreSQL with encryption
  • Regular backups
  • Point-in-time recovery
  • Access logging

Access Control

Principle of Least Privilege

  • API keys only access assigned locations
  • Users only see their businesses
  • Role-based permissions

Multi-Tenant Isolation

  • Complete data isolation between users
  • No cross-tenant data access
  • Tenant context on every request

Monitoring

Security Monitoring

  • Real-time threat detection
  • Anomaly alerts
  • Access logging
  • Audit trails

Incident Response

  • 24/7 monitoring
  • Defined response procedures
  • User notification policy

Compliance

  • SOC 2 Type II (in progress)
  • GDPR compliant
  • CCPA compliant
  • PCI DSS (via Stripe)

OAuth & Permissions

GDPR

On this page

EncryptionIn TransitAt RestAuthenticationUser AuthenticationAPI AuthenticationInfrastructureHostingDatabaseAccess ControlPrinciple of Least PrivilegeMulti-Tenant IsolationMonitoringSecurity MonitoringIncident ResponseCompliance