Data privacy is a priority
Syndio complies with well-known privacy and data protection regulations and programs.
Syndio is designed to help its customers demonstrate compliance with GDPR.
- In line with the principles of privacy by design and by default, the Syndio platform enables customers to honor data subjects’ rights under GDPR, such as the right to access, correct, and delete data
- Syndio meets GDPR data retention and minimization requirements
- Currently expanding support for localizing EU customer data
Syndio's data protection strategy is three-pronged
Encryption, two-factor authentication, and comprehensive logging
Syndio encrypts data in transit and at rest using secure up-to-date protocols and key lengths.
- Encryption in motion - TLS 1.2+
- Encryption at rest - AES-256+ disk encryption
Syndio uses unique user accounts, single sign-on, and two-factor authentication for all systems.
- Role-based access (RBA) for Syndio Workplace Equity Platform users
- As a default, the Syndio dashboard will display only aggregate results, not raw data
- Access by the Syndio team to the database is based on a business need to know and follows the principle of least privilege
- Access is removed promptly when no longer required due to employee termination or job change
- Access rights review is performed regularly
- Access requires approval and is tracked at all stages
- Syndio logs all users and network activity and responds to alerts of any abnormal activity
- Firewalls and host-based intrusion detection are in place
- Logs are reviewed weekly and on alert
- Security Logs are retained indefinitely and all other logs for 90 days
Syndio protects your data in our data centers
Your data is protected, both from physical and environmental threats in a secure data center.
- Syndio’s workplace equity platform is hosted on Google Cloud Platform (GCP)
- Customer data is physically protected by Syndio’s cloud hosting provider which is ISO27001 and SOC 2 certified
- Environmental protections against fire, moisture, and loss of power or connectivity
We can back up what we say
Syndio undergoes independent security auditing, vulnerability scanning, and penetration testing.
Industry-standard security evaluation
- Annual SOC 2 Type II audit conducted by a reputable third party
- This audit validates the processes and policies of Syndio’s Information Security Management Program (ISMP)
Vulnerability scanning and penetration
- Continuous vulnerability scanning is integrated to our CI pipeline and quarterly external application penetration testing is conducted