Security
Security contact and baseline practices.
For security reports, email security@synveron.com. Include the affected product, reproduction steps, impact, and any relevant request IDs or timestamps.
Responsible disclosure
Synveron welcomes good-faith vulnerability reports. Do not access, modify, delete, or exfiltrate customer data. Do not degrade service availability. Reports that protect users and include clear reproduction details receive priority.
Infrastructure
- Static marketing site hosted on Cloudflare Pages with security headers.
- Application workloads run on managed infrastructure with environment-based secret configuration.
- Product databases are PostgreSQL-backed, with tenant-owned data scoped by product and tenant.
- Marketplace auth and billing remain inside Shopify, HubSpot, or Stripe where applicable.
Data handling
- Products collect the minimum data needed to perform the stated workflow.
- Secrets and OAuth tokens are never committed to source control.
- Privacy-sensitive records use retention limits and export/delete workflows where the product requires them.
- AI features use structured outputs for application logic and do not rely on free-text parsing.
Incident response
Confirmed incidents are triaged by severity, contained, remediated, and reviewed. Where law or contract requires notification, affected customers and authorities are notified within the applicable timeline.