Enterprise-Grade Security

Your Data is Safe With Us

We take security seriously. From encryption to access controls, every layer of SyncAuction is designed to protect your business.

Security at Every Layer

Comprehensive protection for your credentials and data

AES-256 Encryption at Rest

All stored data, including your API credentials, is encrypted using AES-256 encryption. Your secrets are never stored in plain text.

TLS 1.3 in Transit

All data transmitted between your browser, our servers, and third-party APIs is protected with TLS 1.3 encryption.

Per-Tenant Encryption Keys

Each organization has its own encryption key. Your data is isolated and cannot be accessed by other tenants.

Two-Factor Authentication

Protect your account with 2FA using authenticator apps like Google Authenticator or Authy.

SSO Ready (SAML 2.0)

Enterprise customers can integrate with their identity provider for single sign-on access.

Comprehensive Audit Logs

Every action is logged with timestamps and user attribution. Review who did what and when.

Compliance & Standards

We're committed to meeting the highest security standards and compliance requirements for our customers.

GDPR Compliant

Full compliance with EU data protection regulations

CCPA Ready

California Consumer Privacy Act compliance

SOC 2 Type II (In Progress)

Working toward SOC 2 Type II certification

Data Handling Practices

  • Secure Data Centers

    Hosted on AWS with SOC 2 certified infrastructure

  • Data Retention

    Data deleted within 90 days of account termination

  • Data Export

    Export your data anytime in standard formats

  • Regular Backups

    Automated backups with point-in-time recovery

Certifications & Compliance

Trusted by dealers who prioritize security

GDPR Compliant
AES-256 Encryption
TLS 1.3 In Transit
SOC 2 In Progress
CCPA Ready

Infrastructure & Data Centers

Your data is hosted on world-class infrastructure with multiple layers of physical and logical security.

Amazon Web Services (AWS)

Hosted on AWS with SOC 1, SOC 2, and ISO 27001 certified data centers

US-Based Data Residency

Primary infrastructure in US-East region with automatic failover

Automated Backups

Daily encrypted backups with 30-day retention and point-in-time recovery

DDoS Protection

Cloudflare enterprise protection against distributed denial-of-service attacks

Network Security

  • Virtual Private Cloud (VPC) isolation
  • Web Application Firewall (WAF) rules
  • Intrusion detection and prevention systems
  • Regular vulnerability scanning and patching
  • Security event logging and monitoring
  • Rate limiting and API abuse prevention

Incident Response Process

How we handle security events to protect your business

1

Detection

24/7 automated monitoring detects anomalies and potential security events in real-time.

2

Assessment

Security team assesses severity, scope, and potential impact within 15 minutes.

3

Containment

Immediate actions to contain the incident and prevent further impact.

4

Resolution

Full remediation, customer notification (if required), and post-incident review.

Customer Notification Policy

In the event of a security incident affecting your data, we will notify you within 72 hours via email and dashboard notification, in compliance with GDPR requirements.

Request Incident Policy

Uptime & Reliability

Built for enterprise reliability

99.9%
Uptime SLA (Enterprise)
24/7
Monitoring & Alerting
<5min
Incident Response Time

Granular Access Controls

Control who can access what in your organization

Owner

Full access to all features, billing, and team management

Admin

Manage stores, sync settings, and team members

Manager

Edit products, pricing rules, and view reports

Viewer

Read-only access to dashboards and reports

Report a Security Vulnerability

We take security seriously. If you discover a vulnerability, please report it responsibly. We appreciate your help in keeping SyncAuction secure.

Email: security@syncauction.com
PGP Key available upon request
Response within 24 hours

Responsible Disclosure Guidelines

  • Provide detailed steps to reproduce the issue
  • Do not access or modify data belonging to others
  • Allow reasonable time for remediation before disclosure
  • Act in good faith and avoid privacy violations

Security Questions & Answers

Common questions about our security practices

How is my Heritage Auctions API key stored?

Your API credentials are encrypted using AES-256 encryption with per-tenant keys. They are never stored in plain text and are only decrypted in memory when needed for sync operations.

Is my data shared with other SyncAuction customers?

No. Your data is completely isolated using per-tenant encryption keys and separate database schemas. There is no data sharing between customers.

What happens to my data if I cancel my account?

Upon account cancellation, all your data including API credentials, sync history, and settings are permanently deleted within 90 days. You can request immediate deletion by contacting support.

Does SyncAuction comply with GDPR?

Yes. SyncAuction is fully GDPR compliant. We process data based on legitimate business interest, provide data export on request, and honor deletion requests within 30 days.

How do you protect against unauthorized access?

We employ multiple layers of protection including two-factor authentication, role-based access controls, session management, and comprehensive audit logging of all account activities.

Where are SyncAuction servers located?

Our primary infrastructure is hosted on Amazon Web Services (AWS) in the US-East region. All data centers are SOC 1, SOC 2, and ISO 27001 certified with automatic failover capabilities.

Have more security questions?

Contact our security team

Need More Details?

Request our security whitepaper for a comprehensive overview of our security practices.

Request Security Whitepaper