Security

Security and Infrastructure

Syncbot uses layered security controls to protect workspaces, integrations, tokens, customer data, and messaging infrastructure.

Effective: June 1, 2026 Applies to syncbot.cloud and app.syncbot.cloud Operator: Pixlence Marketing and Media Services Private Limited Contact: legal@syncbot.cloud

1. Security Controls

  • HTTPS encryption for public web and app traffic.
  • Role-based workspace access controls for admins, managers, agents, billing users, and viewers.
  • Security headers, CSRF protection, session protection, throttling, and server-side validation.
  • Audit logging for sensitive workspace and administrative actions.
  • Restricted production access and separate configuration for credentials and secrets.

2. Access Control

Customers are responsible for inviting only authorized users, assigning appropriate roles, protecting credentials, reviewing access regularly, and promptly removing team members who no longer need access.

3. Integrations and Tokens

Syncbot stores integration configuration needed to operate connected features such as Meta Embedded Signup, WhatsApp messaging, email delivery, payment providers, APIs, and AI models. Customers should rotate credentials if they suspect unauthorized access.

4. Reporting Security Issues

Report suspected vulnerabilities or unauthorized access to security@syncbot.cloud. Include a clear description, affected URL or API route, reproduction steps, and any relevant logs or screenshots.