syncPenBack to Home

Trust Architecture

How SyncPen protects your data and earns your trust

1. Why Trust Matters

When you write, you share ideas that matter. Whether it's a draft article, collaborative notes, or personal reflections, your content deserves protection. SyncPen is built with security and privacy as foundational principles, not afterthoughts.

2. Data Encryption

Your documents are protected with industry-standard encryption:

  • In Transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption, ensuring your content cannot be intercepted.
  • At Rest: Documents stored in our database are encrypted using AES-256, the same standard used by financial institutions.
  • Backups: All backups are encrypted with separate keys and stored in geographically distributed locations.

3. Authentication & Access Control

We use trusted OAuth providers to secure your account:

  • OAuth 2.0: Sign in securely with Google or GitHub without sharing your password with us.
  • Session Security: Sessions are cryptographically signed and expire automatically. Tokens are stored securely and never exposed to client-side code.
  • Document Permissions: Fine-grained access control lets you decide exactly who can view or edit each document.

4. Real-Time Collaboration Security

Collaborative editing requires special security considerations:

  • Authenticated Connections: All real-time sync connections are authenticated and verified before any data is exchanged.
  • Permission Verification: Every edit operation is validated against the user's permissions in real-time.
  • Conflict Resolution: Our CRDT-based sync ensures data integrity even with multiple simultaneous editors.

5. Infrastructure & Hosting

SyncPen runs on modern, secure infrastructure:

  • Cloud Provider: We use industry-leading cloud providers with SOC 2 Type II certification and regular security audits.
  • Database Security: Our PostgreSQL databases run in isolated networks with no public internet access.
  • Regular Updates: All systems are kept up-to-date with security patches applied promptly.

6. Data Ownership & Portability

Your data belongs to you:

  • Full Ownership: You retain complete ownership of all content you create. We never claim rights to your work.
  • Export Anytime: Download your documents in standard formats whenever you want.
  • Account Deletion: Request complete deletion of your account and all associated data at any time.

7. Third-Party Services

We minimize external dependencies:

  • No Tracking: We do not use advertising trackers or sell your data to third parties.
  • Minimal Analytics: We collect only essential usage data to improve the service, never personal browsing data.
  • AI Processing: When you use AI features, your content is processed securely and not used to train external models.

8. Incident Response

We take security incidents seriously:

  • Monitoring: Automated systems detect and alert on suspicious activity 24/7.
  • Response Plan: We have documented procedures for investigating and resolving security incidents.
  • Notification: In the unlikely event of a breach affecting your data, we will notify you promptly and transparently.

9. Transparency

We believe in open communication:

  • Clear Policies: Our Privacy Policy and Terms of Service are written in plain language.
  • No Hidden Practices: We don't engage in data practices that aren't disclosed in our policies.
  • Open to Questions: We welcome inquiries about our security practices and respond to all concerns.

10. Security Contact

If you discover a security vulnerability or have concerns about our security practices, please contact us at security@syncpen.io. We take all reports seriously and will respond promptly.

For general inquiries, reach us at hello@syncpen.io.