Security principles
co-synq is designed around clear workspaces, permission-aware client access, and a separation between the public website and the product workspace. We aim to keep security practical, understandable, and aligned with how consultants, coaches, freelancers, and service teams actually work.
Secure access
Access to the product workspace is handled through authenticated accounts rather than public links to client data.
Encrypted connections
co-synq is served over HTTPS so data is encrypted in transit between your browser and the service.
Client boundaries
Client portal access is invite-based and designed to show only the information that belongs in that shared relationship.
Operational care
We monitor core product health, keep dependencies under review, and respond to security issues as the product evolves.
Current controls
- Separate public website at co-synq.com and product workspace at app.co-synq.com.
- HTTPS for public and product traffic.
- Authenticated product access for workspace data.
- Role-aware interfaces for professional and client-side views.
- Optional analytics on the public website only after consent.
- Product code and deployment changes managed separately from the marketing site.
Workspace sharing
co-synq supports a professional-side workspace and a focused client-side portal. Before sharing information with a client, workspace owners should check that the content is intended for that client and does not include unrelated third-party information.
Your role
Security is shared. Use strong passwords, protect your email account, invite only the right clients, remove access when a relationship ends, and avoid uploading sensitive data that co-synq has not been explicitly approved to process.
Report a security issue
If you believe you found a security issue, contact zengin.atakan@outlook.com. Please include a clear description, steps to reproduce, affected URLs, and your contact information. Avoid accessing or sharing data that does not belong to you.