Privacy and Security Compliance
Privacy Overview
We collect Personal Information that clients provide us through our Sites, and in connection with other business dealings we may have with clients. Such information may include First and last name, Company name, Title, Email address, IP address, Login user name, Mailing address, Telephone number, Fax number, and Personal preferences regarding products and services. We use client Personal Information primarily to facilitate our ongoing and proposed business dealings (“Business Use”).
“Business Use” includes the creation of user profiles, establishing and maintaining client accounts so that we may provide products or services requested by our clients, registering clients as users of these products or services so that the client may access them through our Sites or otherwise, communicating with clients about updates, maintenance, outages, or other technical matters concerning these products or services, providing clients with training and support regarding usage of these products or services, notifying clients about changes to any of the policies and procedures for the use of these products or services, verifying the accuracy of account and technical contact information we have on file for clients, responding to questions or inquiries that clients may have about our products or services.
We may also use client Personal Information as required to comply with laws and regulations relating to the products or services we provide in any jurisdictions in which we or our affiliated companies operate, including the United States. We may use Usage Information internally within Sync Computing to help us improve our products or services or to develop new products or services. For Marketing Purposes, and with client consent or as otherwise permitted by applicable law, we may use client Personal Information for purposes relating to marketing our content, products, and services, or those of our business partners.
Data Collected and Stored
All client data is encrypted in transit and at rest.
Client data is stored in secure data centers hosted by AWS and Heroku.
In-Transit encryption protocols include HTTPS and SSL/TLS
Data stored in the cloud is stored using AES-256 encryption.
Data is automatically encrypted before being written to disk.
Identity Authentication
Single sign-on (SSO) and multi-factor authentication (MFA) support.
With SSO the user authentication process is delegated to identity providers that support the Security Assertion Markup Language (SAML) 2.0 standard.
Clients are capable and encouraged to leverage MFA using their SSO provider.
Personnel Security
At Sync Computing, we encourage all employees to participate in helping secure our client data and company assets. Where applicable by law, Sync Computing performs background screenings on personnel before joining the organization. All Sync Computing personnel regularly complete security and privacy awareness training.\
Application Security
Application security is of vital importance to Sync Computing. We incorporate security throughout our Software Development Lifecycle (SDLC), from the design of our products to the deployment of our software into our production environment.
We leverage a variety of third-party security partners to support our expectations of secure SDLC processes and secure production SaaS application environments.
Secure development and change management methods are outlined in our policies & procedures and every engineer is required to acknowledge and adhere to these methods. policies and procedures determine when and how changes occur. \
Availability
Sync Computing designs our application to be highly available and leverages Cloud Service Provider (CSP) technologies to attain availability objectives. Some of the CSP technologies that Sync Computing leverages are redundant storage, content distribution networks, auto-scaling technologies, and others.
Compliance
Sync Computing’s SOC2 Status
Sync Computing has obtained our SOC2 Type 1 Report for the Security, Availability, and Confidentiality Trust Services Criteria.
Sync will then begin a SOC2 Type 2 reporting period and actively work towards a SOC2 Type 2 report delivery later in 2024 with the same Trust Services Criteria.\
What is SOC2?
Developed by the American Institute of Certified Public Accounts (AICPA), a SOC 2 Report confirms the results of a comprehensive audit that focuses on the system-level controls that process customer data.
SOC 2 reports cover the design and documentation of controls and provide evidence of how the organization operated the documented controls over an extended period of time for a given point in time.
What is the difference between SOC 2 Type1 and Type2 reports?
There are two different types of SOC 2 reports.
A SOC 2 Type 1 report describes a service provider’s systems and whether the system is suitably designed to meet relevant trust principles.
A SOC 2 Type 2 report details the operational effectiveness of those systems and includes a historical element that shows how controls were managed by a business over a period of time.\
Why SOC2 for Sync Computing?
Sync Computing is committed to establishing trust with our customers, delivering innovative technology and accurate predictions and optimization recommendations for Apache Spark workloads. We regularly test our infrastructure and applications rigorously to isolate and remediate vulnerabilities. We also work with industry security teams and third-party specialists to keep our users and their data safe.
Becoming a certified SOC 2 Compliant solutions provider, we have multiple layers of protection across a distributed, reliable infrastructure. All Sync Computing data is stored in a secure data centers managed and secured by Amazon Web Services (AWS) and Heroku.\
\
Last updated