Enterprise-grade security and privacy built into every layer of Syndrix AI.
UK & EU data protection
End-to-end, AES-256
Secure cloud infrastructure
Enterprise reliability
Data Protection Act compliant
Security isn't an afterthought — it's built into the foundation of Syndrix.
TLS 1.3 in transit, AES-256 at rest. OAuth tokens stored in encrypted vaults. No plaintext secrets anywhere in the system. API communications use authenticated, encrypted endpoints with certificate pinning.
Role-based access control with API key scoping and granular permissions. Full audit logging of every action. Session management with automatic timeouts. Support access requires your explicit permission.
GDPR Article 17 (right to erasure) compliant. UK Data Protection Act 2018 compliant. Data processing agreements available on request. Regular internal audits with documented retention and deletion policies.
Cloud-hosted on AWS with redundant backups, automated failover, and real-time monitoring. 24/7 alerting for anomalies. Designed for 99.9% uptime with monthly SLA measurement and outage credits.
We believe in complete transparency about data collection, usage, and retention.
Account information (name, email, company), business data you connect (emails, calendar, CRM), usage analytics to improve the service, and support communications.
Exclusively to provide and improve Syndrix services for your business. Your data powers the autonomous agent's actions — it's never used for advertising, profiling, or any purpose beyond serving you.
Active account data is retained while your account is active. If you choose to stop using Syndrix, data is retained for 30 days, then permanently deleted. You can request immediate deletion at any time.
You have full rights to access, correct, export, and delete your data at any time. You can request a complete data export in a machine-readable format. Deletion requests are processed within 30 days.
A step-by-step look at how Syndrix handles your information — from connection to delivery.
Grant permission through secure OAuth 2.0 flows (Google, Microsoft, CRM) or provide scoped API keys. We never see or store your passwords.
All API calls use TLS 1.3 encryption. Data is fetched on-demand from your connected platforms — nothing is bulk-copied or cached unnecessarily.
Your data is processed in a sandboxed environment. No cross-client data access — your business data is never mixed with any other customer's data.
Reports, responses, and alerts are sent through encrypted Telegram Bot API or your connected email. You control what gets delivered and when.
Any data stored on our servers — OAuth tokens, session logs, preferences — is encrypted at rest using AES-256. Encryption keys are managed separately from data.
These are promises we make to every customer, without exception.
Syndrix is built with safeguards to prevent AI manipulation and unauthorised actions.
All AI inputs are sanitised and validated before processing. Malicious prompts, injection attempts, and adversarial inputs are detected and blocked.
System instructions are isolated from user content. External data (emails, web pages) cannot override Syndrix's core safety rules or business logic.
Tools are scoped by permission level. Syndrix cannot access tools or data beyond what you've explicitly authorised. Sensitive actions require confirmation.