GDPR Compliance

SyncRivo is fully committed to compliance with the General Data Protection Regulation (GDPR), which protects the personal data of individuals in the European Economic Area (EEA).

We have integrated GDPR principles into our entire platform lifecycle—from 'Privacy by Design' in our engineering architecture to our legal contracts and vendor management.

It is important to understand our role in handling your data:

• Processor: For the content of messages and files transmitted through our service, SyncRivo acts as a Data Processor. We process this data solely on your behalf and according to your instructions.

• Controller: For account administration data (e.g., billing contacts, admin user logins), SyncRivo acts as a Data Controller.

We support all fundamental rights granted to data subjects under GDPR:

SyncRivo ensures that data transferred outside the EEA is protected by appropriate safeguards.

• Standard Contractual Clauses (SCCs): We include the EU's modernized SCCs in our Data Processing Addendum (DPA).

• Data Privacy Framework: We participate in the EU-U.S. Data Privacy Framework (DPF) for transfers to the United States.

We engage third-party sub-processors to assist in providing our services (e.g., AWS for hosting).

• Due Diligence: All sub-processors undergo rigorous security and privacy reviews.

• List: We maintain a transparent list of all sub-processors.

• Notification: We notify customers before adding new sub-processors, providing an opportunity to object.

In accordance with Article 32 of GDPR, we implement technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Pseudonymization and encryption of personal data.

• Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems.

• Regular testing, assessing, and evaluating the effectiveness of technical and organizational measures.