Privacy Policy

Syncify Integration Platform

1. Introduction

This Privacy Policy explains how Syncify AB (“Syncify”, “we”, “us”, “our”) processes personal data when providing the Syncify Integrations Platform and related integration services (“Service”).
The Service enables data synchronization between customer-selected business systems (“Connected Systems”).

Syncify acts as a data processor on behalf of the customer (“Controller”) according to applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

By using the Service, the customer acknowledges that Syncify processes data necessary for delivering, operating, monitoring and securing the integration.

2. Categories of Personal Data We Process

The Syncify Integrations Platform processes only the data transmitted from the customer’s Connected Systems. Typical categories include:

Business and Customer Data

  • Customer records (names, addresses, identifiers)
  • Contacts (names, emails, phone numbers)
  • Organizational identifiers (customer numbers, company information)

Commercial Information

  • Orders
  • Quotes
  • Invoices
  • Payments
  • Products / Items
  • Transactional metadata
  • Other commercial records present in Connected Systems

Technical and Logging Data

To ensure reliability, diagnostics, and security of the Service, we process:

  • API request and response metadata
  • Integration event logs
  • Error logs and warnings
  • Time stamps and system identifiers
  • Authentication events (non-sensitive)

We do not read, extract or store data beyond what is required to perform the integration.

3. Purposes of Processing

We process personal data strictly for the following purposes:

Providing the Integration Service

  • Synchronizing data between Connected Systems
  • Executing customer-configured workflows and mappings

Monitoring and Securing the Service

  • Preventing misuse or unauthorized access
  • Logging and diagnostics
  • Performance monitoring

Troubleshooting and Support

  • Identifying errors
  • Providing customer support
  • Restoring failed synchronization attempts

Service Improvements (aggregated/anonymized only)

  • Enhancing stability and performance
  • Improving customer experience
  • Usage analytics (non-identifiable)

We do not use identifiable customer data for marketing or profiling.

4. Legal Basis for Processing

When processing personal data within the Syncify Integrations Platform, Syncify relies on:

  • Article 6(1)(b) GDPR – Contractual necessity, when providing the Service under a customer agreement.
  • Article 6(1)(f) GDPR – Legitimate interest, for maintaining logs, securing the Service, preventing misuse, and ensuring operational reliability.

5. Data Storage & Retention

Syncify stores personal data only as long as necessary for the stated purposes.

Transactional Data

  • Processed in transit and normally not stored.
  • Temporary technical caching may occur but is automatically purged.

Integration Logs

  • Retained for 30–180 days depending on service tier, unless otherwise agreed.
  • Used solely for diagnostics, troubleshooting, and security.

Support Data

  • Information shared via support channels may be retained as long as needed to resolve the case.

6. Data Sharing & Sub-processors

Syncify does not sell, rent, or trade personal data.

Data may be processed by authorized sub-processors, such as:

  • Cloud hosting providers (within the EU)
  • Logging and monitoring tools
  • Email and support ticket systems

All sub-processors are bound by:

  • Data Processing Agreements
  • Confidentiality obligations
  • GDPR-compliant security measures

A current list of sub-processors can be obtained upon request.

7. International Data Transfers

Syncify primarily stores and processes data within the European Union.
If data is transferred outside the EU/EEA, Syncify ensures:

  • Standard Contractual Clauses (SCCs)
  • Adequate safeguards
  • Supplemental measures where required

8. Security Measures

Syncify employs industry-standard technical and organizational measures, including:

  • TLS encryption in transit
  • Encrypted credential storage
  • Access control and role-based authorization
  • Secure API connections
  • Audit logs
  • Infrastructure monitoring and intrusion detection
  • Regular security testing and patching

9. Roles & Responsibilities

Customer (Controller)

  • Determines the purpose and means of processing
  • Manages access to Connected Systems
  • Ensures lawful basis for transferring personal data to Syncify

Syncify (Processor)

  • Processes data only according to customer instructions
  • Provides secure and reliable integration services
  • Implements required technical and organizational security measures

A Data Processing Agreement (DPA) forms part of the contractual relationship.

10. Data Subject Rights

Individuals whose data is processed may contact the Controller (Syncify’s customer) to exercise:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to portability
  • Right to object

Syncify will support the Controller in fulfilling such requests.

11. Contact Information

For data protection inquiries:

Syncify AB
Org. No. 556987-2905
Gothenburg, Sweden
Email: dataprivacy@syncify.se
Website: https://syncify.se