Privacy Policy

Information we collect

• Account & authentication. Email address and the sign-in token issued when you authenticate. Syndeo Authenticator stores a device-bound cryptographic key on your device to approve sign-ins; the private key never leaves your device.
• Workspace content you access. Depending on the app: messages and attachments (Relay, Mail), meeting details (Meet), employee/HR records, schedules and attendance (People), candidate and job records, and billing/subscription data (Syndeo). This data belongs to your workspace and is processed on its behalf.
• Device & technical data. App version, device model and OS version, and diagnostic/crash information used to keep the app working.
• Optional device features (only with your permission).Camera (QR scan, attachments), microphone/camera (Meet calls), notifications, and biometric unlock. Biometric data is handled by your device’s operating system and is never transmitted to or stored by Syndeo.

How we use information

• To authenticate you and keep your session secure.
• To deliver the app’s features (show your messages, meetings, schedules, records).
• To send notifications you have enabled.
• To diagnose crashes, prevent abuse, and improve reliability and security.

We do not sell your personal information, and we do not use it for advertising.

Google user data (Limited Use)

When you connect a Google account (Gmail, Google Calendar, Google Drive, or Google Sheets), Syndeo accesses only the data covered by the permissions you grant, and only to provide the in-product features you use — for example, showing and organizing your Gmail in your workspace inbox, scheduling interviews on your calendar, or importing a document you choose from Drive. You can disconnect a Google account at any time, which revokes Syndeo’s access going forward.

Syndeo’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we do not sell Google user data, do not use it for advertising, do not transfer it except to provide or improve these user-facing features (or as required by law or with your consent), and do not allow humans to read it except with your consent, for security or abuse investigation, to comply with law, or where the data has been aggregated and anonymized.

Sharing

We share information only with: (a) other authorized members of your workspace, as required to deliver the service; (b) infrastructure and processing providers that host or transmit data on our behalf under contract (cloud hosting, object storage, communications, email, and real-time calling providers); and (c) authorities where required by law. Processors act on our instructions and are bound to protect your data.

Data security

Data is encrypted in transit (TLS). Authentication uses bearer tokens; sensitive credentials and keys are stored in the device’s secure storage. Sensitive personal fields in People/HR are encrypted at the application layer. Access to workspace data is restricted to authorized members of that workspace.

Data retention

Workspace content is retained for as long as your workspace remains active or as instructed by the workspace owner, and is deleted on workspace or account deletion subject to legal retention requirements. You can request deletion of your personal data as described below.

Your rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal data, and you may object to or restrict certain processing. Because your employer/workspace owner controls workspace content, some requests are directed to them; we will assist as required.

Children

The Syndeo apps are intended for workplace use by adults and are not directed to children under 16.

Changes

We may update this policy; material changes will be reflected here with a new “last updated” date.

Contact

Questions or data requests: privacy@syndeo.cloud, Syndeo Cloud.