Secure data integration, engineered as a pass-through
Secure data integration means your records are encrypted in transit with TLS 1.2+, encrypted at rest with AES-256, and never retained after a sync completes. Adapters is a pass-through: data moves between your systems, it does not live with us.
TLS 1.2+ in transit · AES-256 at rest · 99.9% SLA on Enterprise
All systems operational
Sync engine · Connector APIs · Alerting
Encrypted end to end, retained nowhere
Every record that moves through the data integration platform is protected the same way, on every plan. Security is not an add-on tier: encryption, credential isolation, and the pass-through model apply from Starter up.
In transit: TLS 1.2+
All connections between your systems and Adapters, and between Adapters services, use TLS 1.2 or newer with modern cipher suites. Plaintext connections are refused, not downgraded.
At rest: AES-256
Anything that must persist, configuration, mappings, and logs, is encrypted at rest with AES-256. Keys are managed separately from the data they protect and rotated on a schedule.
Credentials: encrypted and scoped
API keys and OAuth tokens are stored encrypted, never logged, and never exposed back through the UI after entry. Adapters requests the narrowest scopes each connector supports, read-only where possible.
Your records: pass through, not retained
Records are processed in memory during a sync and are not retained after it completes. Sync logs keep metadata, record IDs, timestamps, and statuses, so you get an audit trail without us warehousing your data.
The controls, plainly listed
Adapters operates in alignment with SOC 2 controls across security, availability, and confidentiality; our controls report is available under NDA on Enterprise. We do not claim certifications we do not hold, and we will answer your security questionnaire line by line.
| Control | What it covers | Availability |
|---|---|---|
| Encryption | TLS 1.2+ in transit, AES-256 at rest, encrypted credentials | All plans |
| Pass-through processing | Records not retained after sync; metadata-only logs | All plans |
| RBAC | Role-based access: admin, editor, and viewer roles per workspace | Enterprise |
| SSO / SAML | Okta, Entra ID, and Google Workspace via SAML 2.0 | Enterprise |
| Audit logs | Who changed which mapping, credential, or schedule, and when | Enterprise |
| Data residency | US or EU processing region, pinned per workspace | Enterprise |
| DPA & subprocessors | Signed DPA, published subprocessor list, change notifications | Enterprise |
| Uptime SLA | 99.9% sync availability, with service credits | Enterprise |
SOC 2 controls report and subprocessor list shared under NDA during security review.
How we run security day to day
Least privilege
Narrow scopes by default
Connectors request the minimum permissions the sync needs. A one-way Stripe to QuickBooks adapter never holds write access to Stripe. Production access inside Adapters is role-gated and logged.
Review & testing
Continuous review
Dependency scanning and code review on every change, plus periodic third-party penetration testing. Findings are triaged with fixed remediation windows by severity.
Disclosure
Straight answers
Report anything to [email protected] and a human replies within one business day. Enterprise customers get named contacts and incident notification commitments in the DPA.
Evaluating vendors? Compare the data integration pricing tiers to see which controls ship on Enterprise, or start with the what is data integration FAQ for the short answers.
Security review ready when you are
Encrypted in transit and at rest, pass-through processing, and a controls report under NDA on Enterprise.