Security

Security is the fundamental pillar of SNYFT

Secure by Design

Security is not an afterthought for us, but a fundamental principle built into every phase of our product development. From the first line of code to production deployment, we apply proven security practices.

WORM Archive (S3 Object Lock)

All log data is stored in Write-Once-Read-Many (WORM) format using AWS S3 Object Lock — physically preventing deletion or modification by anyone, including SNYFT. Tamper-proof archives satisfy GDPR and NIS2 audit requirements without any manual configuration.

Passkeys & WebAuthn — Passwordless Login

SNYFT supports Passkeys and WebAuthn across all accounts — hardware security keys, biometrics, and device authenticators are all supported out of the box. Passwordless login eliminates the most common attack vector: phishing for credentials.

Database-Level Tenant Isolation

Each customer's data is protected by dual isolation: at the application layer every request works exclusively with the authenticated customer's data, and at the database layer this isolation is enforced by Row-Level Security at the database engine level. Even an application bug cannot cause access to another customer's data — the database itself will reject it.

Encryption

  • TLS 1.3 for all communication
  • Data encryption in transit and at rest
  • Modern cryptographic algorithms
  • Secure key management

Authentication & Authorization

  • Multi-factor authentication (MFA)
  • Passkeys / WebAuthn (passwordless login — hardware key, biometric, device authenticator)
  • Role-based access control (RBAC)
  • Instant session revocation across all devices on logout
  • Login audit logs

Infrastructure

  • Certified data centers
  • Physical facility security
  • Redundancy and backups
  • Network segmentation

Development & DevSecOps

  • Automated security tests
  • Dependency scanning (npm audit)
  • Code review process
  • Secure CI/CD pipeline

Compliance and Standards

GDPR compliance (personal data protection)
Designed according to ISO 27001 principles (information security)
OWASP Top 10 (web security)
Secure by Design principles
NDA available for enterprise evaluations upon request
AWS Well-Architected Review

AWS Well-Architected Review

Our infrastructure has been independently reviewed against the AWS Well-Architected Framework for security, reliability, and operational excellence.

Verify badge

Responsible Vulnerability Disclosure

If you discover a security vulnerability in our system, please report it responsibly. Please do not disclose vulnerabilities publicly until time for a fix has passed.

Contact for security reports:

E-mail:

Security.txt

To facilitate communication with security researchers, we provide a security.txt file according to RFC 9116, containing contact information and security policies.

View security.txt