How we protect you
Security practices
Data in transit
TLS 1.3 for all connections between client, server, and databases
Certificate pinning on the NoSQLSync agent
Perfect forward secrecy — session keys rotated on every connection
Data at rest
AES-256 encryption for all stored data, credentials, and logs
Database credentials are never persisted — short-lived session tokens only
Encryption keys managed via AWS KMS with annual rotation
Access control
Role-based access control with workspace-level permissions
SSO and SAML 2.0 support (Enterprise)
Multi-factor authentication enforced for admin actions
All access logged with immutable audit trail
Infrastructure
Hosted on AWS with VPC isolation and private subnets
AWS SSE (S3 AES-256, EBS gp3 encryption) enabled on all storage volumes
Worker nodes process migration data in ephemeral containers — no data persisted after job completion
Automated vulnerability scanning on every deploy via Trivy and Snyk
Penetration tested annually by NCC Group
Responsible disclosure
Found a vulnerability?
We take security reports seriously and respond to every credible report within 2 hours. We do not pursue legal action against security researchers acting in good faith.
For critical vulnerabilities, we offer rewards up to $10,000 through our private bug bounty program. Email us with details and we'll coordinate disclosure and remediation together.
Report a vulnerability →Need a security review?
Enterprise customers can request our security architecture documentation under NDA.
Talk to enterprise sales →