Data Protection Policy

Introduction

Syrup implements administrative, technical, and physical safeguards to protect personal data and service integrity. This policy complements our Privacy Policy and Terms & Conditions.

Roles & Responsibilities

Syrup acts as a data controller for account and billing data and may act as a processor when handling data on behalf of users. Staff receive periodic security and privacy training appropriate to their roles.

Security Measures

• Encryption in transit (HTTPS/TLS) and at rest where applicable.
• Access control (least privilege), strong authentication, and auditing.
• Network hardening, firewalls, and anti-abuse monitoring.
• Secure SDLC practices, code reviews, and vulnerability management.
• Backups, redundancy, and tested recovery procedures.

Vendor & Sub-Processor Management

We assess vendors for security and privacy posture and execute data-processing terms as needed. Sub-processors are engaged only for defined purposes under contractual safeguards.

Incident & Breach Response

We maintain incident-response procedures for detection, containment, investigation, remediation, and notification where required by law.

Data Minimization & Retention

We limit personal data to what is necessary for specified purposes and retain it only as long as needed or required by law, then securely delete or anonymize.

International Transfers

When transferring personal data across borders, we implement appropriate safeguards (e.g., contractual protections) to help ensure an adequate level of protection.

Data Subject Requests

We honor rights requests (access, correction, deletion, portability, restriction/objection) per our Privacy Policy. Contact support@syrupms.com to submit a request.

Review & Updates

We periodically review this policy and update it as needed. Significant changes will be reflected on this page.

Contact

Questions about this policy: support@syrupms.com.