Architecture & Security
Trust is the foundation of client management. Zynclog is engineered with enterprise-grade security practices to ensure your data, and your clients' data, remains private, highly available, and strictly controlled.
Infrastructure
Zynclog is built on a modern, serverless edge architecture:
- Framework: Next.js (App Router) for edge-optimized rendering.
- Database: PostgreSQL managed via Drizzle ORM for absolute transactional integrity.
- Caching & Limits: Upstash Redis handles our strict rate-limiting and session caching.
Rate Limiting Policy
To guarantee 100% uptime and lightning-fast speeds for all users, we enforce rate limits on our API and Server Actions. If you exceed these limits, you will receive an HTTP 429 Too Many Requests response.
| Endpoint Category | Limit | Refresh Window |
|---|---|---|
| Authentication | 5 requests | per 5 minutes |
| Milestone Updates | 30 requests | per 10 seconds |
AI Generation Pro/Agency | 10 requests | per 1 minute |
Note: Agency tier accounts possess dedicated infrastructure routing, effectively doubling the standard operational rate limits.
Data Integrity & Webhooks
We treat your database as the ultimate source of truth.
- Financial Security: All subscription state changes are handled via cryptographically verified Webhooks from Paddle. We do not rely on client-side requests to upgrade or downgrade accounts, making billing manipulation impossible.
- Audit Trails: Every state change (creating a project, updating a milestone, changing a title) is logged in an immutable
ActivityLogtable. This guarantees you always have a verifiable history of who did what, and when.
Responsible AI Usage
For users on our Pro and Agency tiers, Zynclog utilizes background AI agents to summarize milestones and detect scope creep.
- Zero Training Policy: The text you input into Zynclog is sent to our LLM providers strictly for processing. Your proprietary client data, code snippets, and updates are never used to train public foundational models.