# Security Best Practices at SyncPenguin

# Introduction

SyncPenguin’s goal is to provide customers with secure and reliable integration solution to serve their business needs. An important part of this is ensuring that all customer data is securely stored and processed according to modern best practices. This document provides some in-depth information about how we handle user data.

# User data

  • The following user data is stored: customer email and names; information needed to access the third-party customer services (access tokens, passwords, API tokens, etc.); synced customer data (contacts, meetings, etc.) as part of disposable sync history/logs.
  • Encryption. All sensitive user data is encrypted using modern 256-bit AES algorithms and transferred through TLS.
  • Access protocol. A responsible set of SyncPenguin employees have indirect access to the customer data through a provided interface. This is done to provide customers with proper support and issues troubleshooting.
  • New employees undergo internal user data handling course, as well as GDPR employee training.

# Cloud Infrastructure

We use Digital Ocean (German 🇩🇪 FRA region) for our cloud infrastructure. You can find more details regarding DO security practices on their website. A part of responsible employees have access to the server infrastructure through secure channels.

Denial-of-service protections are set everywhere (this ensures service resiliency under attack). Sync services are decoupled from the website and the dashboard application which ensures service reliability even in case of an attack.

All cloud databases and infrastructure are regularly and automatically backed up.

# Sync history

SyncPenguin maintains a log history of user actions and synchronization processes. The purpose of these logs is to provide customers and our support team with proper information and tools for troubleshooting.

The logs have an expiration date ranging from 24 hours to 2 months. The sync logs are not directly used in the sync process and customer can opt out.

# Development & Testing

  • All new features introduced to SyncPenguin go through standard code-review, staging, and testing process to ensure quality and reliability.
  • Code is mostly covered with unit and integration tests.
  • GitLab is used as a code repository, and Microsoft Azure DevOps is used for continuous integration and delivery.

# Threats and vulnerability detection

SyncPenguin is regularly tested for any potential external threats and vulnerabilities.

# Need more information?

Feel free to contact us at email [email protected] for any further questions or issues that you might have.

Last updated 21-06-2022