Synchronise operates on a principle of minimal access. We read what we need, process it ephemerally, and never store document contents.
Synchronise requests minimal OAuth scopes. We never modify, create, or delete anything in your connected tools. Your Jira tickets, Notion pages, and Slack messages remain untouched.
All data is encrypted in transit using TLS 1.3. OAuth tokens are encrypted at rest using AES-256-GCM before storage in our database.
Document contents are processed in memory and immediately discarded after analysis. We store only metadata (titles, IDs, timestamps) and the findings we generate.
Your data is never used to train AI models. We use Anthropic's Claude API with zero data retention enabled. No cross-customer learning.
Our infrastructure and processes are audited annually for security, availability, and confidentiality.
Full compliance with EU data protection regulations. Standard Contractual Clauses available for international transfers.
Choose where your data is processed. US and EU regions available.
72-hour breach notification. Documented incident response procedures.
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Hosting & CDN | US, EU |
| Supabase | Database & Auth | US, EU |
| Anthropic | AI Processing | US |
We notify customers of sub-processor changes with at least 30 days' notice.
We're happy to answer questions or provide additional documentation for your security review.