Skip to content
ThreadSync
Enterprise Trust Center

Security & Compliance

Transparency is at the core of how we build trust. Access our security documentation, compliance information, and enterprise security resources.

SOC 2

Type II Aligned

AES-256

Encryption Standard

Up to 99.99%

Uptime SLA*

24/7

Security Monitoring

*SLA varies by plan. Enterprise plans may include custom SLA terms.

Security Program Overview

ThreadSync's security program is built on defense-in-depth principles, implementing multiple layers of security controls to protect customer data and ensure service availability.

Our information security management system is aligned with industry frameworks including SOC 2 Type II Trust Service Criteria and ISO 27001. We undergo regular third-party security assessments and maintain a dedicated security team responsible for continuous monitoring and improvement.

Defense in Depth

Multiple security layers including network segmentation, application security, and data protection controls.

Continuous Monitoring

24/7 security operations center with automated threat detection and incident response capabilities.

Regular Assessments

Annual penetration testing, vulnerability assessments, and third-party security audits.

Security Training

All employees complete security awareness training and role-specific security education.

Encryption

All data processed by ThreadSync is encrypted both in transit and at rest using industry-standard cryptographic protocols.

  • Data in Transit TLS 1.3 for all API connections. TLS 1.2 supported for legacy integrations. Perfect forward secrecy enabled.
  • Data at Rest AES-256 encryption for all stored data. Keys managed via AWS KMS with automatic rotation.
  • Key Management Hardware security modules (HSMs) for key storage. Separation of duties for key access. Regular key rotation policies.
  • Database Encryption Transparent data encryption (TDE) for all databases. Encrypted backups with separate key hierarchy.

Access Control

ThreadSync implements strict access control policies following the principle of least privilege. Access to customer data and production systems is tightly controlled and continuously monitored.

  • Role-Based Access Control (RBAC) Granular permissions based on job function. Regular access reviews and automated deprovisioning.
  • Multi-Factor Authentication MFA required for all employee access. FIDO2/WebAuthn support for phishing-resistant authentication.
  • Single Sign-On (SSO) SAML 2.0 and OIDC support for enterprise customers. Integration with major identity providers.
  • Production Access Just-in-time access provisioning. All access logged and reviewed. Breakglass procedures for emergencies.

Audit Logging

Comprehensive audit logging captures all security-relevant events across the platform. Logs are immutable, centrally stored, and retained according to compliance requirements.

Complete Coverage

Authentication events, API calls, data access, configuration changes, and administrative actions.

Tamper-Proof

Write-once storage with cryptographic integrity verification. Logs cannot be modified or deleted.

Real-Time Alerting

Automated detection of suspicious patterns. Integration with SIEM systems for enterprise customers.

Retention

Standard 90-day retention. Extended retention available for compliance requirements.

Compliance & Certifications

ThreadSync maintains security controls aligned with leading compliance frameworks. Our compliance program is designed to meet the requirements of security-conscious enterprises.

SOC 2 Type II

Aligned

GDPR

Ready

ISO 27001

Framework

AWS

SOC 2 Type II

Our infrastructure providers (AWS) maintain SOC 2 Type II, ISO 27001, and other certifications. We leverage their certified infrastructure while implementing additional application-level controls.

Subprocessors

The following third-party service providers process customer data on behalf of ThreadSync. All subprocessors are contractually bound to maintain appropriate security controls.

Subprocessor Purpose Location
Amazon Web Services (AWS) Cloud infrastructure and hosting US / EU
Neon Database services US
Cloudflare CDN and DDoS protection Global
Stripe Payment processing US

A complete list of subprocessors with DPA details is available in our security package. Enterprise customers can subscribe to subprocessor change notifications.

Last updated: January 15, 2026

Security Documentation

Detailed security documentation is available under NDA for qualified prospects and customers undergoing security reviews.

NDA-Protected Documents

Request access to our comprehensive security package including:

SOC 2 Aligned Control Mapping Control documentation and evidence package
Penetration Test Summary Third-party assessment results
Architecture Diagram System and network architecture
Incident Response Plan IR procedures and escalation
DR/BCP Summary RTO/RPO targets and recovery procedures
Data Processing Agreement GDPR-compliant DPA template
Request Security Package

Responsible Disclosure

We take security vulnerabilities seriously and appreciate the work of security researchers who help us keep our platform secure.

Report a Vulnerability

security@threadsync.io

Please encrypt sensitive reports using our PGP key (available on request).

Security Questions

trust@threadsync.io

For security questionnaires, vendor assessments, and compliance inquiries.

Responsible Disclosure Policy

  • Provide reasonable time to address issues before disclosure
  • Avoid accessing or modifying customer data
  • Do not perform denial of service testing
  • Include detailed reproduction steps in your report