Security, Privacy & Reliability with SyncMatters

SyncMatters is trusted to securely process and synchronize the data of companies worldwide.

SyncMatters has been certified by independent third-party auditors as compliant with ISO/IEC 27001:2013.
Learn more about our certification and download our certification certificate here.

SyncMatters engages an independent third party to perform regular web application vulnerability testing and penetration testing of the platform. Click on the trust mark (left) to verify our status or download our "secure application" attestation here.

Data Privacy & GDPR

We are committed to protecting your Personal Data and respecting your privacy. The SyncMatters Privacy Policy details how we gather, use, disclose, and manage Personal Data. If you're visiting us from the EU or UK: we make strong efforts to comply with the GDPR, including incorporating the Standard Contractual Clauses, approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, into our Terms of Use.

Platform Security & Reliability

Hosting

We use reputable certified data centers to host the services we provide.

Amazon Web Services (AWS) in the USA: Our primary hosting provider is Amazon Web Services (AWS). We make full use of the best practice security and availability capabilities offered by AWS including Virtual Private Cloud (VPC) technology for network isolation and multi-availability zones for reliability. Read about AWS cloud security (https://aws.amazon.com/security) and SOC compliance (https://aws.amazon.com/compliance/soc-faqs/).

Hetzner in Germany: To further ensure the resilience and global accessibility of our services, we also utilize hosting services provided by Hetzner in Germany. This addition enhances our data processing capabilities within the European Union, aligning with our commitment to data privacy and GDPR compliance. Hetzner's servers are renowned for their high security, reliability, and adherence to European data protection standards. Read more about their ISO/IEC 27001 certification here: https://www.hetzner.com/unternehmen/zertifizierung/

Networking

We take the security of our internal and external networks very seriously. Communication between our servers and your business applications / web browser is encrypted.

Within our VPC network we employ public and private subnets. All application servers reside in private subnets and so have no public IP addresses; external communication is routed via NAT Gateways. Network security is multi-tiered including strict Network Access Control List rules, role based Network Security Groups, host IP Table restrictions and user based authorization. All user user interaction with SyncMatters services is encrypted over HTTPS/TLS. Access to the production VPC is restricted - only select team members responsible for maintaining operational stability of the application are able to connect to resources within the VPC.

Storage

Stored customer data is encrypted.

SyncMatters stores account information, user information and integration/connection configuration. If an integration is configured to do so, SyncMatters may also store integration related data. In all cases customer data is encrypted when stored ("encryption at rest").

• We do not store account payment (credit card) details, our 3rd party payment processor holds that information
• We store system backups for 5 weeks
• We store details of deleted accounts/users for up to 2 months
• We store application logs for up to 12 months (these do not contain customer data or personally identifiable information)

Integration Execution

Integration processes execute in isolated, account unique, temporary run-time environments.

SyncMatters follows the serverless paradigm. Before each integration process executes a new, strongly isolated, integration execution run-time is provisioned ¹. The integration runs to completion in this environment after which the environment, along with temporary artifacts created during the run, is destroyed.

¹ When launching an integration in an "event triggered" fashion, if multiple event occur in rapid succession, the same run-time environment may be re-used to process each event sequentially. This re-use only happens for the same account running the same integration so there is zero risk of "cross account" data leaks.

Account Access

Users must be explicitly authorized to access an SyncMatters account.

Each SyncMatters user requires their own sign-in credentials, and only your SyncMatters account administrators can grant access an SyncMatters account. The SyncMatters sign-in process supports, encourages and optionally enforces the use of multi-factor authentication during sign-in.

Our customer support team may only access your account if you explicitly authorize access from your "Profile and Preferences" page.

Our Sub-processors

We have GDPR compliant data protection agreements in place with our sub-processors.

You can view our current list of sub-processors here.