We have received our SOC 2® Type 2 certification and continue to renew and monitor via Tugboat Logic/OneTrust along with yearly audits. Click here to learn more about the certification.
Syncfusion recognizes that protecting privacy requires a comprehensive security program. Syncfusion strives to be GDPR-compliant, and we handle our customers’ personal data with great care and respect, as outlined in our privacy policy and Terms of use. We monitor on a continuous basis.
Syncfusion infrastructure is hosted on Microsoft Azure. Microsoft is deeply committed to securing the underlying infrastructure we build on and continuously expanding their compliance programs.
Syncfusion uses a PCI-compliant payment processor for encrypting and processing credit card payments. We have partnered with Authorize.Net, PayPal and Stripe to securely handle sensitive payment processing data. Syncfusion does not have access to customers’ credit card data at all.
Syncfusion undergoes regular penetration testing by our in-house security experts and development team. A yearly detailed penetration test is performed by third-party security experts to confirm the security of our products and environment.
Every change and new feature is governed by a change management policy. Code is screened with standard code analyzer tools, and a manual review process.
Data is continuously backed up in secured way to ensure that we can restore access to your data and the service in the unlikely event. Our monitoring system alerts us to any problems, and we have staff on-call at all times to handle any unexpected incidents.
Our application and the underlying infrastructure components are actively monitored 24/7. Our engineers are immediately notified in case of an outage.
Syncfusion uses security tools to continuously scan for vulnerabilities. Additionally, vulnerabilities in third-party libraries and tools are monitored and software is patched or updated promptly when new issues are reported. We use HostedScan to scan our websites for vulnerabilities regularly. It includes the OWASP ZAP, OpenVAS, and Nmap tools. It actively tests web applications for SQL injection, remote command execution, XSS, and other vulnerabilities. Passive testing involves checking web applications for cross-domain misconfigurations, insecure cookies, vulnerable JS dependencies, and other vulnerabilities.
We also use Vega and Burp Suite Community Edition for testing our applications.
Syncfusion has a 99.9% uptime or higher. If our systems require maintenance or a brief outage, clients will be notified in advance.