Data Protection Policy

This page explains the safeguards, operational controls, and governance measures SyrupMS uses to protect personal data and maintain service integrity across the platform.

Policy Reference

Protection Summary

SyrupMS uses administrative, technical, and physical safeguards designed to protect personal data, service availability, and account security.

These controls include access management, monitoring, secure development practices, vendor oversight, and incident-response procedures.

This policy should be read together with the Privacy Policy, Terms of Service, and End User License Agreement.

1. Introduction

SyrupMS implements administrative, technical, and physical safeguards to protect personal data and service integrity. This policy complements our Privacy Policy, Terms of Service, and End User License Agreement.

2. Roles and Responsibilities

SyrupMS acts as a data controller for account, subscription, and billing data and may act as a processor where data is handled on behalf of users. Personnel with access to sensitive systems receive training and are expected to follow role-based security and privacy requirements.

3. Security Measures

  • Encryption in transit using HTTPS or TLS and encryption at rest where appropriate.
  • Access control based on least privilege, strong authentication, and audit logging.
  • Network hardening, firewalling, abuse detection, and operational monitoring.
  • Secure software development practices, code review, and vulnerability management.
  • Backups, redundancy, and recovery processes intended to support resilience.

4. Vendor and Sub-Processor Management

We assess vendors and service providers for security and privacy posture and use contractual safeguards where needed. Sub-processors are engaged only for defined business purposes and are expected to operate under confidentiality and appropriate data-handling obligations.

5. Incident and Breach Response

We maintain response procedures for incident detection, containment, investigation, remediation, documentation, and notification where required by law or contract. Response steps may include account protections, infrastructure changes, and customer communications as appropriate to the event.

6. Data Minimization and Retention

We aim to limit personal data collection to what is necessary for defined purposes and retain data only for as long as needed for those purposes, to support security and fraud-prevention requirements, or to meet legal obligations. Data is then deleted, anonymized, or otherwise de-identified where appropriate.

7. International Transfers

When personal data is transferred across borders, we implement appropriate safeguards such as contractual protections or other lawful transfer mechanisms intended to maintain an adequate level of protection.

8. Data Subject Requests

We support requests involving access, correction, deletion, portability, and restrictions or objections to processing in line with applicable law and our Privacy Policy. Requests may be submitted to support@syrupms.com, and we may ask for verification before fulfilling them.

9. Review, Updates, and Contact

We periodically review this policy and may update it to reflect operational, legal, or security changes. Significant updates will be reflected on this page. Questions about this policy may be sent to support@syrupms.com.