Security & Trust

Security & Trust

How Syncora protects partner data and player information across the platform.

Partner-isolated architecture

Each partner operates in an isolated tenant boundary enforced by row-level security. Data, integrations, and messaging config never cross tenants.

API-key secured server integrations

Server-to-server APIs require scoped API keys. Sensitive endpoints validate keys, IP allowlists, and HMAC signatures where applicable.

Short-lived widget tokens

Player-facing widgets authenticate via short-lived, server-minted tokens. Raw partner API keys never touch the browser.

Role-based backoffice access

Operator accounts are governed by roles and granular permissions, evaluated on every server call — not just in the UI.

Audit logs and event tracking

Backoffice actions and player lifecycle events are recorded, providing a reviewable trail for CRM, VIP, and bonus operations.

GDPR-conscious data handling

We minimise personal data, honor partner-controlled processing instructions, and support data subject request workflows.

Scope of these statements

This page describes controls that are enabled today in the Syncora Lab platform. It does not claim ISO 27001, SOC 2, MGA licensing, or completed independent penetration testing. For security questionnaires or a security review call, contact legal@syncoralab.com.

Ready to connect your casino platform?

See a live walkthrough of Syncora with your team.

Book a Demo