SyncallySecurity & Compliance
Syncally is designed with a security-first approach to protect your intellectual property. This document outlines our security practices, compliance status, and data handling policies.
Security Practices
We employ industry-standard security controls to safeguard your data at every layer.
Encryption
- TLS 1.3 for all data in transit
- AES-256 encryption at rest
- Secure key management with rotation
- End-to-end encrypted API communications
Access Control
- SSO with SAML 2.0 and OIDC
- Role-based access control (RBAC)
- Granular permission scopes
- Strict session management policies
Compliance
| Certification | Status | Notes |
|---|---|---|
| SOC 2 Type II | In Progress | Target Completion: Q3 2026 |
| GDPR | Compliant | Data Processing Agreement available |
| CCPA | Compliant | California resident rights supported |
| ISO 27001 | Planned | Roadmap for Q4 2026 |
We are actively pursuing SOC 2 Type II certification. All required controls (Security headers, Audit logging, VAPT, Incident Response) are already implemented.
Data Handling
Our architecture ensures your code remains private and secure.
- No Raw Code StorageWe never permanently store your actual source code. Only semantic embeddings (vectors) and temporary AI-generated context are retained.
- Data IsolationEach organization's data is logically isolated in our database. Cross-tenant access is architecturally impossible.
- Read-Only AccessOur GitHub App explicitly requests read-only permissions. We strictly never write to your repositories.
- Retention PolicySensitive transient data, such as meeting audio files, are automatically deleted after 7 days processing.
Resources & Contact
Privacy Policy →
How we collect and manage data
Terms of Service →
Software license agreement
Data Processing Agreement →
GDPR-compliant DPA for customers
Contact Security Team →
[email protected]
Need detailed security documentation?
Our team can provide detailed security questionnaires, architecture diagrams, and compliance reports upon request.