We take a defense-in-depth approach to security. Client data is isolated at the database level, credentials are never stored or transmitted in plaintext, and access is restricted to authenticated users with appropriate permissions. Below is a summary of our current security practices.
All data in transit between your browser and our servers is encrypted with TLS 1.2 or higher.
Database contents are encrypted at rest. Backups are encrypted before storage.
Client portal accounts use Supabase Auth with bcrypt-hashed passwords and optional MFA. Sessions are short-lived and invalidated on sign-out.
Database access is enforced with row-level security policies. Each client can only access their own data — no shared-data bleed between accounts.
Internal service accounts are scoped to the minimum permissions required. No shared root credentials.
We scan project dependencies for known vulnerabilities on a regular basis and patch promptly.
API keys and credentials are stored as environment variables, never committed to version control.
Admin actions in the client portal are logged with timestamps and actor identity.
If you discover a security vulnerability in our systems or applications, please report it responsibly by emailing sales@sinthetix.com with the subject line "Security Report."
We will acknowledge your report within 2 business days and work to address confirmed vulnerabilities promptly. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to remediate it.
Security questions? Contact us or email sales@sinthetix.com.