Snyho
Sign InStart 14-Day Free Trial

Trust center

Enterprise-Grade Security. Your content and data are protected by industry-leading infrastructure.

Snyho is built for agencies and regulated teams who cannot compromise on confidentiality, integrity, or access control. The following principles describe how we protect your publishing stack end to end.

Data encryption

All traffic between your browser, our application servers, and upstream providers is encrypted in transit using TLS (SSL) — the same transport standard expected for modern SaaS and financial tooling.

Data at rest is stored in PostgreSQL with provider-managed disk encryption and hardened access policies, so drafts, credentials metadata, and audit trails are not left exposed on unprotected volumes.

Authentication

Sign-in is powered by NextAuth.js with industry-standard session handling. Google OAuth lets teams delegate identity to Google without Snyho ever receiving or storing your Google password.

For email-and-password accounts, only a strong one-way hash of the password is persisted — never the plaintext secret — using modern password hashing on the server.

API protection

Every sensitive route enforces role-based access control (RBAC) at the project and workspace level — editors, publishers, and owners see only what their role allows before any WordPress or social action executes.

Database access runs through the Prisma ORM with parameterized queries, eliminating ad-hoc string concatenation and materially reducing the risk of SQL injection compared to raw SQL patterns.

WordPress safety

Snyho connects to WordPress using Application Passwords — scoped credentials you generate inside wp-admin — so we never ask for your primary WordPress admin password. You can revoke a single application password without rotating your entire account.

That separation limits blast radius if a credential is ever rotated or disclosed, and keeps publishing automation aligned with WordPress security best practices.

Operational discipline

We maintain least-privilege access for operators, dependency hygiene, and clear subprocessors for hosting and email. For procurement and DPA workflows, pair this page with our Privacy Policy and Data Processing Agreement.

  • TLS for all browser and API traffic
  • Encrypted PostgreSQL storage for application data
  • Session-based auth with OAuth and secure password hashing
  • RBAC plus Prisma for safe, auditable data access
← HomeContact security