Yes, your data stays encrypted, your access is revocable at any time, and AI tools only ever get read access to what you've explicitly connected — nothing more. You choose exactly which sources and which items within them are shared, and you can disconnect any of it the moment you want to.
MCP has grown quickly since its release, and that growth has come with real security incidents across the broader ecosystem — servers left exposed to the open internet, vulnerabilities in specific implementations, and integrations granted far more access than the task in front of them required. That's why Synquil is built the way it is below, and why it's worth checking any MCP server you connect to against the same standard, not just Synquil's.
OAuth 2.1 with PKCE
Every data source is connected through that provider's own standard OAuth 2.1 flow with PKCE. Your password or API key for that tool is never shared with Synquil — only a scoped, revocable access token.
Per-customer schema isolation
Your synced data lives in its own isolated Postgres schema, not a shared table distinguished by a customer ID column. A query bug affecting one customer's schema has no path to another's.
Encryption at rest
OAuth tokens and synced data are encrypted at rest. Credentials are never exposed in logs, error reports, or API responses.
Read-only, validated queries
Every query an AI tool sends through the MCP server is parsed and validated as read-only before it runs. There is no code path from an AI tool to a write, an update, or a delete — the query layer checks the query's structure, not just the text the model generated.