Security at FerroSync
Your business data is critical. FerroSync is built with security as a foundation — not an afterthought.
- Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database connections use encrypted channels. Passwords are hashed with bcrypt.
- Tenant Isolation
Each customer's data is logically isolated. Row-level security ensures one tenant cannot access another's records, even at the database level.
- Audit Trails
Every data change — stock movements, order updates, user actions — is logged with timestamps and user attribution. Nothing happens without a record.
- Access Control
Role-based permissions restrict what each user can see and do. Admin, manager, and staff roles are built in. Custom roles are on the roadmap.
Infrastructure
FerroSync runs on modern cloud infrastructure with automated backups, redundant storage, and monitoring. Our Rust backend eliminates entire classes of memory-safety vulnerabilities common in other languages.
We follow secure development practices: code review on every change, dependency scanning, and regular security assessments.
Responsible Disclosure
Found a security issue? We take reports seriously and respond quickly. Please email security@ferrosync.com with details. We will acknowledge receipt within 24 hours.