Security & Data Protection
Syncopay is designed with separation of concerns at every layer. Here's exactly how we protect your data and your money.
Our core principle: Syncopay never has access to your money or your customers' payment details.
All payment processing is handled entirely by Stripe.
We never touch your money
All payments flow directly through Stripe Connect. Funds go from the parent's card straight to the instructor's Stripe account. Syncopay never holds, processes, or has access to funds at any point.
We never see card details
Credit card numbers, CVVs, and billing details are entered on Stripe's hosted checkout page — never on our site. We don't store, transmit, or have access to any payment method data.
Row-level security on every table
Our database enforces row-level security (RLS) policies so that users can only access their own data. An instructor can never see another instructor's students, invoices, or account information — even if they tried.
Expiring access tokens
Parent payment links contain unique, cryptographically random access tokens that expire automatically. Even if a link is shared, it can only be used for the specific invoice it was created for.
Passwordless parent access
Parents sign into the Parent Portal via magic link — no passwords to create, remember, or compromise. Each magic link is single-use and expires quickly.
Encrypted connections everywhere
All data in transit is encrypted via TLS. Our database connections, API calls, and email delivery all use encrypted channels. Data at rest is encrypted by our infrastructure providers.
Minimal data collection
We only store what's needed to operate: names, emails, lesson rates, and invoice history. We don't use advertising trackers, analytics pixels, or third-party cookies. No data is sold or shared with ad networks.
Trusted infrastructure
Syncopay is built on industry-leading services: Supabase (database & auth), Stripe (payments), Resend (email), and Vercel (hosting). Each provider maintains their own rigorous security standards and compliance certifications.
Have security questions?
We're happy to answer any questions about how we handle data. Reach out anytime.