Security · Last updated July 9, 2026
Security at Syvoq
You trust Syvoq with a complete picture of your finances, and we treat that as the most serious responsibility we have. This page describes, in plain language, how your data is protected — from your device, across the network, to our servers.
Encryption everywhere
Your data is encrypted at every stage. Nothing you store in Syvoq travels or rests in plain text.
- In transit — all traffic between your device and our servers uses TLS 1.2 or newer. Connections that cannot negotiate modern TLS are refused.
- At rest — databases and backups are encrypted with AES-256.
- On your device — local data is protected by your device keychain and can be locked behind Face ID, Touch ID, or your device passcode.
Your account
Account security starts at sign-in. Passwords are never stored — only salted hashes using a modern, deliberately slow algorithm. Sessions are short-lived tokens that you can revoke by signing out, and signing out of all devices takes one tap.
We monitor for unusual sign-in activity and will notify you when your account is accessed from a new device.
Infrastructure
Syvoq runs on hardened infrastructure hosted in the European Union. Production systems live in private networks that are not reachable from the public internet, with access controlled by the principle of least privilege.
Backups are automatic, encrypted, and tested. If something fails, we can restore your data — and only your data, to you.
Access to your data
Inside Syvoq, access to production data is restricted to the small set of engineers who operate the systems, protected by hardware-key multi-factor authentication, and logged. Nobody browses user data; support staff see your financial details only if you explicitly grant access during a support request, and that access expires.
How we build
Security is part of how the product is made, not a feature bolted on afterwards.
- Every code change is reviewed before it ships.
- Dependencies are scanned continuously and patched promptly.
- Secrets never live in code — they are stored in a dedicated secrets manager and rotated.
- We log security-relevant events and alert on anomalies.
- We practice data minimization: what we never collect, we can never lose.
Your part
A few habits on your side make the protection above complete.
- Use a strong, unique password — ideally from a password manager.
- Enable the biometric lock in the app settings.
- Keep your device OS and the Syvoq app updated.
- Be suspicious of emails asking for your password — we will never ask for it.
Responsible disclosure
No system is perfect, and we would rather hear about a weakness from you than discover it in an incident. If you find a vulnerability in Syvoq, report it to us privately using the contact below. We acknowledge reports within 48 hours, keep you informed while we fix the issue, and credit researchers who wish to be credited.
If we ever suffer a breach that affects your data, we will notify you and the relevant supervisory authority without undue delay, as the GDPR requires — and we will tell you plainly what happened, what was affected, and what we are doing about it.
Found a vulnerability?
We welcome reports from security researchers. Email us with the details and we will acknowledge your report within 48 hours. We ask that you give us reasonable time to fix an issue before disclosing it publicly, and we commit to not pursuing good-faith research.
[email protected]