SharpSync
  • Welcome
  • Fundamentals
    • Getting Started
      • Registration
      • Landing Page
      • Support
      • Subscription
    • Data Sources
    • Property Mappings
    • Rule Templates
    • BOM Comparison
    • Data Safety
    • Troubleshooting
      • Duplicate component paths
      • OAuth 2.0
  • Data Sources
    • Autodesk Inventor
    • CSV
      • Setup
      • Importing a Bill of Materials (BOM)
    • MS Dynamics 365 Business Central
    • NetSuite
      • OAuth Setup
        • Permissions
      • Suite API Setup
      • Create an uploads folder
      • Setting up a thumbnail folder
      • Authentication + Configuration
      • Common setup
        • Configure quantity mapping
        • Configure accounts mappings
        • Configure itemType mapping
        • Configure isPhantom mapping
        • Configure subsidiary mapping
        • Configure price mapping
        • Configure Where Used Link mapping
        • Configure thumbnail mapping
        • Common Mapping Rules
        • Common List names
      • Advanced Bill of Materials
      • Configure Server Side Script
        • Example Server Side Script
      • Configure SharpSync to use Server Side Script
      • Configure Routings
      • Integration tips
      • Supported features
      • Troubleshooting
    • Odoo
      • Getting Started
        • Authentication + Configuration
        • Debugging tips
      • Product Management
      • Hosting Options
      • List Names
      • Map attribute values
        • Reading Attributes - Overview
        • Display All Attribute Names
        • Display Single Attribute Names
        • Writing attributes
      • Permissions
    • Onshape
      • Getting Started
    • Propel PLM
      • Getting Started
    • SolidWorks
    • SolidWorks PDM
      • Downloading and installing the add-in
      • Configure the add-in
      • Setting up the Solidworks PDM Web 2
      • Troubleshooting
      • Submitting a BOM for update
  • Property Mappings
    • Property Mapping Settings
      • Rendering Types
    • Rule Templates
      • Import / Export
        • Append text
        • Calculate number
        • Export manipulation
        • Format as decimal number
        • Prepend text
        • Remove property
        • Replace all instances
        • Replace first instance
        • Round to nearest X
        • Select from JSON
        • Set cell value
        • Set empty cells
        • Text manipulation
      • Display
        • Number between
        • Text contains
        • Text ends with
        • Text evaluation
        • Text is a number
        • Text is exactly
        • Text is in list
        • Text is not a number
        • Text is not empty
        • Text is not in list
        • Text length between
        • Text length is exactly
        • Text maximum length
        • Text minimum length
        • Text not contains
        • Text not ends with
        • Text not starts with
        • Text starts with
  • Advanced
    • Derivatives
    • Advanced Scripting
  • User management
    • User Management
    • Application Permissions
Powered by GitBook
On this page
  • Per Organization Access
  • Per User Access
  • Role Based Access Controls
  • Pre-empting Data Leaks
  • Reduced logging
  • Preventing Credentials Leakage
  1. Fundamentals

Data Safety

At SharpSync we take the safety of your data very seriously.

While we would all like to pretend that penetrations never happen, no one is truly safe and the risk of IP exposure is real due to phishing attacks or compromised user machines.

That's why we are transparent about our safety mechanisms and the steps we take to ensure your data is protected at all times. We employ industry-leading encryption protocols to safeguard your data both in transit and at rest. Our systems undergo regular security audits, and we work with trusted third-party experts to identify and address potential vulnerabilities. Additionally, we implement multi-factor authentication (MFA) and continuous monitoring to prevent unauthorized access.

We also have strict access control measures in place, ensuring only authorized personnel can interact with sensitive information.

Per Organization Access

Each organization in SharpSync is unique.

When logging in to SharpSync, you only see your organization's data. No other organization's data is visible, so it's not possible for you to see another organization's BOM details, or vice versa.

Per User Access

Each user in SharpSync is unique.

When logging in to SharpSync, you only see your login's BOM data. No other user's data is visible, so it's not possible for you to see another organization's BOM details, or vice versa.

The exception to this is when another user (in the same organization) shares a Bill of Material with you explicitly using the 'Share' button.

Role Based Access Controls

We provide access to setup and administration via role based access controls. The roles are:

Role name
Description

Administrator

Can edit data sources, property mappings and BOMs, Billing, Users and more.

Editor

Can edit, transfer & view BOMs

Viewer

Can transfer & view BOMs

An editor and viewer cannot view the setup connection details for a DataSource. This means sharing a BOM with a colleague does not give that person visibility on how you connect to your sources.

This is great for inviting other users to your SharpSync instance and sharing BOM information with them without exposing your authentication secrets. Each user's session is authenticated individually with a source and kept separate from other users.

See more about permissions at Application Permissions and User management

Pre-empting Data Leaks

To pre-empt any potential data leakage, the following mechanism are in place:

Automatic deletion of unused or stale data

To prevent stale data from hanging around, we've implemented a 30 day stale data policy.

  • Bill of Material (BOM) data is only kept around for a maximum of 30 days.

  • Thumbnails

  • Metadata

  • Hierarchical data

  • File derivatives

  • Backup copies of derivatives

Conditions for triggering

The removal of stale data condition is triggered when:

  • There is no activity in your account OR

  • You have not interacted with an individual Bill of Materials in 30 days.

When this condition is triggered, you will receive an optional email notifying you of the removal of the data. This does not delete the data at the source (i.e. CAD, PLM or ERP source), it simply removes your data from our servers.

Reduced logging

At SharpSync we use diagnostic logging to troubleshoot our software. This is what all great software companies do. We take this a step further by taking the following preventative measures:

  • We don't store any:

    • User names,

    • Identifying names

    • Company names

    • Account references.

  • We only store our application's internal ids for these objects

  • We automatically remove (delete) any log entries older than 7 days. This future proofs the logs by simply not making it available for a mining exfiltration attack.

Preventing Credentials Leakage

If for any reason there are any problems with the server, the vault is automatically locked

At SharpSync, we aim to give you the peace of mind that your data is in safe hands. Your trust is paramount, and we are committed to maintaining the highest level of security and transparency.

If there are any obligatory certifications that you have to adhere to and we can implement, please reach out to us for further comment.

We support OAuth2.0 authentication flow for sources (if supported at the source), meaning that user credentials are not stored at SharpSync. Should this become the target of an attack, simply revoke the OAuth client id and secret at your source.

PreviousBOM ComparisonNextTroubleshooting

Last updated 24 days ago

You user authentication credentials are stored in a . SharpSync staff does not have access to it unless you provide them with admin access to your instance.

vault