Security

Security is a first-class feature

Migrations touch your most sensitive data. We treat security as a product requirement, not an afterthought. Here's exactly how we protect your data.

How we protect you

Security practices

Data in transit
TLS 1.3 for all connections between client, server, and databases
Certificate pinning on the NoSQLSync agent
Perfect forward secrecy — session keys rotated on every connection
Data at rest
AES-256 encryption for all stored data, credentials, and logs
Database credentials are never persisted — short-lived session tokens only
Encryption keys managed via AWS KMS with annual rotation
Access control
Role-based access control with workspace-level permissions
SSO and SAML 2.0 support (Enterprise)
Multi-factor authentication enforced for admin actions
All access logged with immutable audit trail
Infrastructure
Hosted on AWS with VPC isolation and private subnets
AWS SSE (S3 AES-256, EBS gp3 encryption) enabled on all storage volumes
Worker nodes process migration data in ephemeral containers — no data persisted after job completion
Automated vulnerability scanning on every deploy via Trivy and Snyk
Penetration tested annually by NCC Group
Responsible disclosure

Found a vulnerability?

We take security reports seriously and respond to every credible report within 2 hours. We do not pursue legal action against security researchers acting in good faith.

For critical vulnerabilities, we offer rewards up to $10,000 through our private bug bounty program. Email us with details and we'll coordinate disclosure and remediation together.

Report a vulnerability →

Need a security review?

Enterprise customers can request our security architecture documentation under NDA.

Talk to enterprise sales →