Security
Last updated: April 7, 2026
SyndTrack handles sensitive financial data, and we take that responsibility seriously. This page describes the security controls we have in place today, the third-party services we rely on, and how you can reach us with security questions.
Current Security Controls
- Encryption in transit and at rest — Customer data is encrypted in transit (TLS) and at rest (AES-256).
- Authentication via Clerk — Authentication is handled by Clerk, supporting email/password, OAuth providers, and multi-factor authentication.
- Payments via Stripe — Payments are processed by Stripe. We never store credit card numbers or bank account details on our servers.
- Record-level access controls — Access to portfolio data is restricted with record-level access controls enforced at the database layer via row-level security.
Subprocessors
We use the following third-party services to operate the platform:
| Provider | Purpose |
|---|---|
| Supabase | Database hosting (PostgreSQL) |
| Clerk | Authentication & identity |
| Stripe | Payment processing |
| Vercel | Application hosting & CDN |
| Anthropic | AI deal scoring (Claude model) |
Data Retention & Deletion
We retain your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are required by law to retain it.
You can export your portfolio data at any time from your account settings. To request a full data export or account deletion, contact us at security@syndtrack.io.
Compliance
We are an early-stage company building toward formal compliance certifications. We do not currently hold SOC 2 or equivalent certifications. As we grow, we will pursue independent audits and update this page with our progress.
Security Contact
Security questions, vulnerability reports, or data requests can be sent to security@syndtrack.io.