Skip to content
ThreadSync
Request Demo
Enterprise Trust Center Security Request Security Materials
Enterprise Trust Center

Security & Compliance

Transparency is at the core of how we build trust. Access our security documentation, compliance information, and enterprise security resources.

SOC 2

Mapped to SOC 2 TSC

AES-256

Encryption Posture

High Availability

SLA negotiated per engagement

Continuous

Security Monitoring

SLA terms are negotiated for enterprise engagements; specific commitments are documented in each contract.

Security Program Overview

ThreadSync's security program is built on defense-in-depth principles, implementing multiple layers of security controls to protect customer data and ensure service availability.

Our information security controls are designed around SOC 2 Trust Service Criteria and ISO 27001 control families. We do not currently hold third-party attestation or certification under these frameworks; control-mapping documentation is available under NDA where applicable.

Defense in Depth

Multiple security layers including network segmentation, application security, and data protection controls.

Continuous Monitoring

Security monitoring with logging integration and incident response procedures. Specific tooling and 24/7 SOC posture not claimed unless explicitly stated in a procurement response.

Regular Assessments

Internal vulnerability scanning, continuous monitoring, and periodic control reviews. Formal third-party attestations are not claimed; documentation available under NDA where applicable.

Security Training

Security awareness practice is followed by all personnel with access to engagement systems. Specific training records and frequency documented under NDA.

Encryption

All data processed by ThreadSync is encrypted both in transit and at rest using industry-standard cryptographic protocols.

  • Data in Transit TLS 1.3 for all API connections. TLS 1.2 supported for legacy integrations. Perfect forward secrecy enabled.
  • Data at Rest AES-256 encryption for all stored data. Keys managed via AWS KMS with automatic rotation.
  • Key Management Cloud-managed key store with HSM-backed key material (cloud KMS). Access controls and key rotation policies aligned with provider best practices.
  • Database Encryption Database encryption-at-rest where supported by provider (cloud KMS / TDE). Encrypted backup procedures documented under NDA.

Access Control

ThreadSync implements strict access control policies following the principle of least privilege. Access to customer data and production systems is tightly controlled and continuously monitored.

  • Role-Based Access Control (RBAC) Granular permissions aligned with role. Regular access reviews; deprovisioning procedures documented under NDA.
  • Multi-Factor Authentication MFA required for all employee access. FIDO2/WebAuthn support for phishing-resistant authentication.
  • Single Sign-On (SSO) SAML 2.0 and OIDC support for enterprise customers. Integration with major identity providers.
  • Production Access Time-bound access provisioning where feasible. Access logged. Breakglass procedures documented under NDA.

Audit Logging

Audit logging captures security-relevant events on the platform. Logs are centrally stored with write-once integrity controls (hash-chained per event), with retention configured per environment and contract.

Complete Coverage

Authentication events, API calls, data access, configuration changes, and administrative actions.

Write-Once Integrity

Append-only logging design with cryptographic integrity verification.

Alerting

Alerting on security-relevant events. Integration with SIEM systems for enterprise customers.

Retention

Logging and audit-trail retention is scoped per engagement; details documented under NDA where applicable.

Compliance & Certifications

ThreadSync maintains security controls aligned with leading compliance frameworks. Our compliance program is designed to meet the requirements of security-conscious enterprises.

SOC 2 Type II

No attestation currently held; controls mapped to TSC

GDPR

Ready

ISO 27001

Framework

AWS

SOC 2 Type II

Our infrastructure providers (AWS) maintain SOC 2 Type II, ISO 27001, and other certifications. We leverage their certified infrastructure while implementing additional application-level controls.

Subprocessors

The following third-party service providers process customer data on behalf of ThreadSync. All subprocessors are contractually bound to maintain appropriate security controls.

Subprocessor Purpose Location
Amazon Web Services (AWS) Cloud infrastructure and hosting US / EU
Neon Database services US
Cloudflare CDN and DDoS protection Global
Stripe Payment processing US

A complete list of subprocessors with DPA details is available in our security package. Enterprise customers can subscribe to subprocessor change notifications.

Last updated: January 15, 2026

Security Documentation

Detailed security documentation is available under NDA for qualified prospects and customers undergoing security reviews.

NDA-Protected Documents

Request access to our comprehensive security package including:

Controls Mapped to SOC 2 TSC Control documentation and evidence package
Control Review Summary Internal control-review documentation
Architecture Diagram System and network architecture
Incident Response Plan IR procedures and escalation
DR/BCP Summary RTO/RPO targets and recovery procedures
Data Processing Agreement GDPR-compliant DPA template

Responsible Disclosure

We take security vulnerabilities seriously and appreciate the work of security researchers who help us keep our platform secure.

Report a Vulnerability

security@threadsync.io

Please encrypt sensitive reports using our PGP key (available on request).

Security Questions

security@threadsync.io

For security questionnaires, vendor assessments, and compliance inquiries.

Responsible Disclosure Policy

  • Provide reasonable time to address issues before disclosure
  • Avoid accessing or modifying customer data
  • Do not perform denial of service testing
  • Include detailed reproduction steps in your report