GDPR Compliance

Data privacy is a priority

Syndio complies with well-known privacy and data protection regulations and programs.
Syndio is designed to help its customers demonstrate compliance with GDPR.

  • In line with the principles of privacy by design and by default, the Syndio platform enables customers to honor data subjects’ rights under GDPR, such as the right to access, correct, and delete data
  • Syndio meets GDPR data retention and minimization requirements
  • Currently expanding support for localizing EU customer data

Syndio's data protection strategy is three-pronged

Encryption, two-factor authentication, and comprehensive logging

Encryption

Syndio encrypts data in transit and at rest using secure up-to-date protocols and key lengths.

  • Encryption in motion - TLS 1.2+
  • Encryption at rest - AES-256+ disk encryption

Access control

Syndio uses unique user accounts, single sign-on, and two-factor authentication for all systems.

  • Role-based access (RBA) for Syndio Workplace Equity Platform users
  • As a default, the Syndio dashboard will display only aggregate results, not raw data
  • Access by the Syndio team to the database is based on a business need to know and follows the principle of least privilege
  • Access is removed promptly when no longer required due to employee termination or job change
  • Access rights review is performed regularly
  • Access requires approval and is tracked at all stages

Comprehensive logging

  • Syndio logs all users and network activity and responds to alerts of any abnormal activity
  • Firewalls and host-based intrusion detection are in place
  • Logs are reviewed weekly and on alert
  • Security Logs are retained indefinitely and all other logs for 90 days

Syndio protects your data in our data centers

Your data is protected, both from physical and environmental threats in a secure data center.

  • Syndio’s workplace equity platform is hosted on Google Cloud Platform (GCP)
  • Customer data is physically protected by Syndio’s cloud hosting provider which is ISO27001 and SOC 2 certified
  • Environmental protections against fire, moisture, and loss of power or connectivity

We can back up what we say

Syndio undergoes independent security auditing, vulnerability scanning, and penetration testing.

Industry-standard security evaluation

  • Annual SOC 2 Type II audit conducted by a reputable third party
  • This audit validates the processes and policies of Syndio’s Information Security Management Program (ISMP)

Vulnerability scanning and penetration

  • Continuous vulnerability scanning is integrated to our CI pipeline and quarterly external application penetration testing is conducted

Want to see our platform in action?