skip to main content
Browse documentation

Data residency & security

Syncanix runs entirely in AWS eu-central-1 (Frankfurt), isolates each customer’s data at four layers, and encrypts data in transit and at rest.

Syncanix is built in Europe, for data that should stay in Europe. Your data is stored and processed in one region, kept apart from every other customer, and encrypted on the way in and at rest.

Where your data lives

All Syncanix compute, storage, and databases run in AWS eu-central-1 (Frankfurt). The region is pinned in our infrastructure and checked at build time, so a deploy to any other region simply fails.

Keeping customers apart

Every authenticated request carries a tenant identity, and your data is isolated from other customers’ by four independent layers — so a single missed check can never expose another tenant’s data:

  • A boundary guard rejects any authenticated request that doesn’t resolve to a tenant.
  • A request-context layer binds the tenant identity for the lifetime of the request.
  • Every database query is scoped to the tenant.
  • The database enforces row-level security as a final backstop, even if a query forgets to scope itself.

Encryption

Data is encrypted both in transit and at rest:

  • All traffic uses TLS, including the connection between the API and the database.
  • Data at rest is encrypted with AWS-managed keys — database, object storage, and secrets.
  • Per-tenant and customer-managed (BYOK/CMK) envelope encryption is designed for Enterprise and is being readied for rollout.

Next steps

ReliabilityUptime, backups, and how we keep the service available.Compliance & subprocessorsOur certifications program and the vendors we use.