Security and Compliance

The Syncfusion React Chart component is a fully client side visualization control that runs entirely within the browser. It does not rely on any vendor managed runtime, external cloud service, or background processing engine. All chart operations are performed locally using standard, secure browser APIs. Security, compliance, and data governance responsibilities remain with the host application and back-end systems. This includes authentication, authorization, data filtering, masking of sensitive values, export controls, drill down validation, audit logging, and enforcement of multitenant boundaries.

Security responsibility matrix

The Chart component functions as a self contained visualization module within the broader application environment. The matrix below outlines the safeguards inherently provided by the Chart component and the areas where the hosting application must enforce its own security measures.

Security architecture overview

In a typical web application architecture, the Syncfusion React Chart functions entirely within the front end layer as a visualization component. It depends on the application to provide data that has already been validated and authorized, usually through existing API calls and state management logic. The Chart does not communicate directly with back-end systems or perform any data retrieval, which minimizes its exposure to risk.

All critical responsibilities, including authentication, authorization, and data processing, are handled externally by back-end services and middleware. User interactions are emitted as events to the application, where any required logic is executed securely. This separation keeps the Chart lightweight, stateless, and consistent with secure application design practices.

Flow diagram showing Syncfusion React Chart component interacting with a REST API backend and database

Data flow and network behavior

The Chart component renders only the data supplied by the host application. It does not load data, make API calls, or communicate with external services. All rendering, layout, scaling, and animation logic executes entirely on the client using in memory data provided through the application.

The Chart does not introduce any networking capabilities. It does not initiate fetch calls, WebSockets, or background requests. Any network activity related to chart data is performed exclusively by the application before the data is passed to the component.

Network control ownership

  • All API routing, endpoint visibility, and request flows are determined by the application and backend services.
  • Authentication, authorization headers, and tokens must be attached by the application's networking layer.
  • Back-end services enforce all data permissions, validation, and access rules.
  • Infrastructure level controls such as WAF policies, reverse proxies, API gateways, and monitoring tools operate independently of the Chart component.

OWASP Security Responsibility Context

The Chart aligns with the OWASP security risk areas that apply to a client-side data visualization component. The following table outlines how each relevant OWASP risk relates to the Chart component and clarifies the responsibilities of the component versus the host application.

Authentication and authorization integration

The Chart component does not handle authentication, authorization, or session control, and it does not enforce any access or data governance policies. All identity management, role based permissions, tenant isolation, and visibility rules must be implemented by the hosting application and back-end services. The component provides interaction hooks that allow the application to apply its own security and access controls as needed.

Deployment security characteristics

The Chart's deployment security characteristics follow its architectural design. The component with no external runtime dependencies, no dynamic code execution, and no outbound network communication of any kind. The Chart behaves consistently across secure, restricted, and isolated environments, and cannot be misconfigured to introduce external dependencies.

Compliance certifications

Syncfusion maintains independently audited security, privacy, and accessibility compliance frameworks that support enterprise procurement, regulated industry adoption, and formal security assessments. These certifications and documented standards provide verified assurance that Syncfusion's development, operational, and organizational controls meet industry recognized benchmarks.

Vulnerability management

Syncfusion maintains a formal vulnerability management process designed to identify, remediate, and communicate security vulnerabilities across all UI components. Security patches for the Chart component are delivered through regular product updates, and Syncfusion provides an established pathway for responsible disclosure.

Explore our blog on achieve regulatory compliance to understand how Syncfusion components maintain compliance standards.

Export security

Export behavior is fully controlled by the host application. The Chart component only exports the data it is given and does not apply authorization, masking, or access controls. All export permissions, data filtering, and governance rules must be enforced by the application and back end.

Security assurance statements

The following statements describe key security characteristics of the Chart component and Syncfusion's supporting vendor security practices. Each statement includes a verification method that can be independently validated during security reviews, penetration testing, and enterprise procurement evaluations.

Frequently asked questions

Blog Forum

Copyright © 2001 - 2026 Syncfusion® Inc.

syncfusion-logo