How we protect
your data.
Synvaxis LLC operates SaaS products that handle business data. These are the practices applied by default across all of our infrastructure.
Practices
Default controls.
Encryption in transit.
All traffic between clients and our services travels over TLS 1.2 or higher. We do not operate public endpoints without encryption.
Encryption at rest.
Databases backing our products store information encrypted with AES-256, managed by the infrastructure provider (Supabase on AWS).
Tenant isolation.
SynvaxisApp is multi-tenant: each business operates over its own isolated dataset, enforced at the database level through Row-Level Security policies.
Authentication and authorization.
Sessions are based on JWT tokens issued by Supabase Auth. Access to internal resources follows the principle of least privilege with explicit roles.
Automatic backups.
Daily backups managed by the database provider, with standard retention. Backups never leave the operating region.
Data residency.
Primary infrastructure operates in United States regions. We do not transfer customer data outside that perimeter without explicit notice.
Responsible disclosure
Report a vulnerability
If you discovered a vulnerability in SynvaxisApp or any Synvaxis LLC service, let us know privately before disclosing it publicly. We reply to every report.