Data Retention & Protection

SyncRivo operates on a 'Privacy by Design' and 'Transient Processing' philosophy. As an enterprise messaging integration layer, our core function is to route data securely between platforms (e.g., Slack to Teams), not to store it indefinitely.

This Data Retention & Protection Policy outlines specifically how long we keep different types of data, the technical measures we use to protect it, and how we ensure secure disposal.

We employ defense-in-depth strategies to secure data at rest and in transit.

• Encryption in Transit: All data transmitted between SyncRivo, your platforms (Slack, Teams, etc.), and our users is encrypted using TLS 1.2+.

• Encryption at Rest: All persistent data (database, backups, configuration) is encrypted using AES-256.

• Key Management: Encryption keys are managed via AWS KMS with strict rotation policies and role-based access controls.

We ensure that data deletion is permanent and irreversible.

• Database Records: Deleted records are cryptographically erased or overwritten.

• Backups: We maintain encrypted backups for disaster recovery. Data deleted from active systems will age out of backups within 30 days.

• Hardware: As a cloud-native company (running on AWS/GCP), physical disk destruction is managed by our cloud providers in compliance with NIST 800-88.

To ensure service reliability, we perform regular encrypted backups of configuration data.

• Frequency: Daily snapshots.

• Storage: Stored in a geographically separate region from the primary infrastructure to ensure resilience.

• Testing: We conduct quarterly disaster recovery drills to verify data integrity and restoration times.

Access to customer data is strictly controlled and monitored.

• Principle of Least Privilege: Employees are granted access only to the specific resources needed for their role.

• MFA: Multi-Factor Authentication is verified for all internal system access.

• Audit Trails: All access to production environments is logged and reviewed automatically for anomalies.