Synapse

Trust Center

Your data, your keys.

Synapse is built for the device recommerce industry, where your cost basis and sourcing relationships are among your most sensitive assets. This page explains, in plain English, exactly how we protect your data — and, just as importantly, what even we cannot see.

Tenant isolation

One workspace can never see another.

Every workspace is fully isolated. Each request is scoped to your organization, and queries are constrained to your tenant — so no other customer can ever see, search, or join against your records.

Isolation is enforced on the server for every read and write, not just hidden in the interface.

Encryption in transit & at rest

Protected on the wire and on disk.

All traffic between your browser and Synapse is encrypted in transit using TLS. Connections are served over HTTPS only.

Stored data is encrypted at rest at the storage layer. For the most sensitive fields, we go further — see Privacy Lock below.

Privacy Lock (zero-knowledge)

Encrypted with a key only your team holds.

Privacy Lock is end-to-end, zero-knowledge encryption for your most sensitive inventory fields: cost basis and sourcing. When it is enabled, those values are encrypted in your browser before they ever reach our servers.

Who can read it: only your team — anyone on your workspace who unlocks Privacy Lock with your passphrase. The passphrase and the underlying data key never leave your device and are never sent to us.

Who cannot: we, the operator. We store only ciphertext that we cannot open — even if compelled by a third party. We never receive your passphrase, recovery key, or data key, so there is nothing for us to hand over.

Recovery model: when you set up Privacy Lock you receive a one-time Recovery Key. Keep it safe — it is the only way to regain access if the passphrase is lost. By design there is no provider backdoor: if both the passphrase and the Recovery Key are lost, the encrypted data cannot be recovered by anyone, including us.

What is encrypted, and who can read it

An honest, field-level summary.

DataEncryptedWho can read
Cost & sourcing (Privacy Lock on)Yes, your keyOnly your team
Device model / statusStandardYour team + isolated
IMEI / serial & order dataStandardYour team + isolated

“Standard” means encrypted in transit (TLS) and at rest, and isolated to your workspace — but readable by our systems to operate the service. We will not claim otherwise: only Privacy Lock fields are ones we genuinely cannot read.

Access transparency & audit log

A record of who did what.

Sensitive actions in your workspace are written to an audit log so your team can see who accessed or changed what, and when.

This gives you an independent record for accountability and investigations, separate from the data itself.

Data ownership

It is yours — to take or to erase.

Your data belongs to you. You can request a full export of your workspace data at any time.

You can also request permanent deletion. When you do, we erase your records — and because Privacy Lock data is only ciphertext to us, deleting it leaves nothing readable behind.

Our pledge

No cross-customer analytics. We never mine or aggregate one customer's data to benefit another.

We do not sell your data. Ever. You are our customer, not our product.

Back to sign in