How We Protect Your Data

At Synorex, data protection and security are our top priorities. Whether you are using our customized software solutions or SaaS services, we ensure that your data is handled securely and with full compliance to industry standards. This document outlines the key measures we take to protect your data.

1. Data Encryption

We utilize advanced encryption technologies to ensure that your data is protected at all times.

• Data in Transit: All data transmitted between your system and our servers is secured using SSL/TLS encryption, which prevents unauthorized access during transmission.
• Data at Rest: Data stored in our databases and servers is encrypted using AES-256 encryption, ensuring that it remains secure even in storage.

2. Access Control and Authentication

We implement strict access control measures to safeguard your data from unauthorized access.

• Role-Based Access Control (RBAC): Access to your data is restricted to authorized personnel only, based on their roles and responsibilities.
• Multi-Factor Authentication (MFA): We enforce multi-factor authentication for all our employees and administrators to enhance login security and prevent unauthorized access to sensitive systems.
• Client-Specific Access: Only authorized users from your organization can access your data through our customized software or SaaS platforms. You control the permissions and can manage who has access to what data.

3. Data Backup and Recovery

We ensure that your data is backed up regularly and can be restored in case of any unexpected incidents.

• Daily Backups: All customer data is backed up daily to ensure that it is safe and recoverable in case of hardware failure, accidental deletion, or other unforeseen events.
• Geographically Distributed Backup Locations: Backups are stored in geographically distributed locations to ensure redundancy and resilience in the event of a regional outage.
• Disaster Recovery Plan: We have a comprehensive disaster recovery plan in place, which ensures that data can be restored quickly and effectively in the event of a disaster.

4. Data Privacy Compliance

We are committed to complying with global data privacy regulations, ensuring that your data is handled according to the highest standards.

• GDPR Compliance: For clients operating in the EU, we comply with the General Data Protection Regulation (GDPR) to ensure the lawful, fair, and transparent processing of personal data.
• PDPA Compliance: We follow the Personal Data Protection Act (PDPA) in Malaysia to ensure the privacy and security of personal information.
• Data Ownership: You retain full ownership of your data. We never sell, share, or use your data for any purposes other than to provide the services you have subscribed to.

5. Secure Hosting Infrastructure

We host our services on secure, reliable infrastructures to provide top-tier data protection.

• ISO/IEC 27001 Certified Data Centers: Our servers are hosted in data centers that are ISO/IEC 27001 certified, ensuring the highest standards of information security management.
• Firewall and Intrusion Detection: Our hosting environment is protected by firewalls and intrusion detection/prevention systems (IDPS) to detect and block malicious activities.
• DDoS Protection: We use advanced DDoS protection to safeguard our systems against distributed denial of service attacks, ensuring that your services remain available and secure.

6. Data Anonymization and Minimization

We prioritize the protection of sensitive information by implementing data anonymization and minimization practices.

• Anonymization: In cases where personal data is not required, we anonymize the data to ensure that it cannot be traced back to an individual.
• Minimization: We only collect and store the data that is necessary for the functionality of the software or service. This minimizes the risk associated with storing unnecessary personal data.

7. Regular Security Audits and Updates

We proactively monitor and improve our security practices to keep your data safe.

• Regular Audits: We conduct regular internal and external security audits to identify and address any potential vulnerabilities.
• Patch Management: Our systems are continuously updated with the latest security patches to mitigate the risks posed by newly discovered vulnerabilities.
• Penetration Testing: We periodically perform penetration testing to identify and fix security weaknesses before they can be exploited.

8. Data Retention and Deletion

We ensure that your data is handled responsibly throughout its lifecycle.

• Data Retention Policy: We retain your data only for as long as necessary to fulfill the purposes of the services or as required by law.
• Data Deletion: Upon the termination of your service or by request, we ensure that all your data is securely deleted from our servers in accordance with industry best practices.

9. Customer-Controlled Data

For customers using our custom software solutions, you have full control over your data.

• Custom Encryption Options: We can implement custom encryption mechanisms for customers with special data security needs.
• On-Premises Data Storage: For clients opting for premium packages, we provide the option to store data on your own servers, giving you complete control over data access and management.

Contact Us

If you have any questions about how we protect your data or if you need further assistance, please feel free to contact our Support Team at [email protected] or visit our website synorex.group/contact.