skip to main content
Browse documentation

Security in plain English

A plain-language answer to "is my data safe with Syncanix?" — where it lives, how customers are kept apart, who can see it, what the AI sees, and what you control.

If you're deciding whether to trust Syncanix with your product and your users' data, this page is for you. No jargon — just straight answers to the questions a careful buyer asks.

Where your data lives

Everything runs in the European Union — in AWS's Frankfurt region. The region is pinned in our infrastructure and checked at build time, so a deploy anywhere else simply fails. Data is encrypted both on the way in and at rest. Full detail is on data residency & security.

How customers are kept apart

Your workspace's data is isolated from every other customer's by several independent layers, so a single mistake in one layer can't expose another company's data:

  • Every request is tied to one workspace at the door — a request that doesn't resolve to a workspace is rejected.
  • Every database query is scoped to your workspace.
  • The database itself enforces isolation as a final backstop, even if a query forgets to.
  • Automated checks run every night that deliberately try to reach one workspace's data from another — and must fail — before the next release ships.

Who can see your data

Access is least-privilege: systems and staff can reach only what's needed to run and support the service, everything is encrypted at rest, and access is logged. Syncanix doesn't sell your data or your users' data, and doesn't use your end-users' conversations to train AI. The formal access-control policy and our Data Processing Agreement are available in the Trust Center.

What the AI model sees — and doesn't

When the assistant answers, a model provider processes the conversation. Here's exactly what that means:

  • It receives the conversation and the catalog of capability names and descriptions — enough to understand the request and choose an action.
  • It does not receive your source code, environment variables, database, secrets, or raw request and response bodies.
  • For the models Syncanix runs for you, your data isn't retained or used for training; default inference runs in-region on Amazon Bedrock in the EU.

What you control

Trust isn't only our commitments — it's your switches:

  • Turn each capability on or off, and decide which (if any) destructive actions are ever allowed.
  • Set how long conversations are kept, shorter than your plan's default if you want.
  • Turn cross-session memory on or off, and clear it.
  • Bring your own model key so inference runs in your own provider account.
  • Export or erase data on request, and sign a Data Processing Agreement.

Anonymous visitors

Syncanix can let signed-out visitors chat with your agent, but it is locked down by design. Three guarantees hold. Deny-by-default: a signed-out visitor cannot trigger any capability until you explicitly allow-list it, one capability at a time. Read-only floor: visitors can only ever trigger read-only capabilities — the dashboard only lets you open read-only capabilities to visitors, and the server independently re-checks this on every call, so a write or destructive action is never reachable anonymously. No shared credential: the AI never holds a login or API key, and anonymous visitors are given no session credential of their own, so every tool call is still gated exactly as it is for signed-in users.

You choose the posture per workspace: off, Q&A-only, or Q&A plus your allow-listed read-only capabilities.

Next steps