Security

Learn how SourceSync keeps your data secure and private.

Data Privacy

• No Data Training: Your data is never used to train models
• Data Isolation: Each customer's data is logically isolated
• EU-Based Storage: All metadata is stored in EU data centers
• Your Infrastructure: Bring your own storage and vector database
• Your Keys: Use your own API keys for LLMs and embedding models

Data Handling

• Encryption: All data in transit is encrypted using TLS 1.3
• Access Controls: Role-based access control for all resources
• API Authentication: Secure token-based authentication
• API Logging: Basic request logs without sensitive data
  • Timestamp, endpoint, method, status
  • No request/response payloads stored
  • Configurable retention (7-90 days based on plan)

Infrastructure

• Infrastructure Location:
  • API and metadata hosted in AWS EU (Frankfurt)
  • Your data stays in your infrastructure
  • Your vector store stays in your infrastructure
• Network Security:
  • DDoS protection
  • Web Application Firewall (WAF)
  • Regular security scans
• Monitoring: 24/7 infrastructure monitoring

Compliance

• GDPR: GDPR compliance in progress
• SOC 2: Certification in progress (2025)
• Audits: Regular third-party security audits

Enterprise Security

Additional security features for enterprise customers:

• Custom log retention periods
• Dedicated infrastructure (optional)
• Custom compliance requirements