At Syncinns, we recognize the importance of data privacy in a digitally connected world. As a technology platform designed for the hospitality industry, we handle sensitive user and operational data daily. This Data Privacy Policy outlines our commitment to safeguarding all personal, organizational, and transactional information entrusted to us. We maintain strict controls to protect the confidentiality, integrity, and availability of data as required under the EU General Data Protection Regulation (GDPR), the Saudi Personal Data Protection Law (PDPL), and U.S. data protection regulations including the CCPA.
Our Commitment to Data Privacy
Syncinns is committed to ensuring that all personal and business data collected through our platform is processed lawfully, transparently, and only for specific, legitimate purposes. We adopt a data privacy-by-design approach across all modules, including our PMS, POS, HRMS, CRM and revenue systems.
All data interactions, from user sign-up to platform usage, are secured through modern encryption standards and structured under strict data minimization, purpose limitation, and retention principles.
Types of Data We Process
We may collect and process the following categories of information:
Personal Identification Data
- Full name
- Email address
- Mobile number
- Billing address
Authentication Data
- Login credentials
- Access tokens
Transactional Data
- Booking records
- Shift details
- Employee activity
- Payment details (handled via third-party gateways)
Technical and behavioral data
- IP address
- Browser type
- Access logs
- Usage analytics
Where applicable, this may include data related to your employees, customers, or third-party integrations as entered or processed through the Syncinns platform.
Purpose and Lawful Basis of Data Processing
All personal and operational data collected through Syncinns is processed for the following lawful purposes:
- To provide access to and ensure functionality of Syncinns modules
- To manage user accounts and maintain service reliability
- To process authorized payments
- To perform analytics that improve system performance and user experience
- To ensure information security and detect malicious behavior
- To ensure compliance with the applicable laws and policies
Processing is carried out on the legal basis of user consent, contractual necessity, legitimate interest, or legal compliance, depending on the context.
Data Storage and Retention
All collected data is stored on secure cloud infrastructure that is certified under international standards. We retain data only for as long as necessary to fulfill the stated purposes or as required by legal or regulatory obligations. Once the retention timeframe has passed, all data is permanently deleted or converted into a form that can no longer be linked to any individual.
Access to stored data is strictly controlled through role-based permissions, time-bound access windows, and usage logging.
Cross-Border Data Transfers
Syncinns operates globally and may store or process data in jurisdictions outside your country of residence. We ensure that all such transfers comply with applicable international data transfer frameworks.
Cross-border transfers within the European Union are subject to GDPR - compliant Standard Contractual Clauses (SCCs). For users in the Kingdom of Saudi Arabia, transfers are performed in accordance with the PDPL’s Chapter 5 provisions. In the U.S., all transfers are made in compliance with the CCPA and applicable state laws.
Data Sharing and Third-Party Access
We do not sell or lease any personal or operational data. Limited sharing may occur with verified third parties such as:
- Payment processors
- Cloud hosting providers
- Communication and analytics services
- Legal or governmental bodies (when legally required)
All third-party processors are bound by contractual obligations to uphold the same level of data privacy and security standards as Syncinns.
Data Encryption and Security
To protect data privacy, we implement strict technical and organizational safeguards. All data in transit is protected using TLS encryption protocols, while data at rest is protected using AES-256 level encryption within our storage systems.
Moreover, Syncinns uses end-to-end encryption to secure sensitive operations, particularly in modules involving guest records, payroll data, or financial transactions. Real-time intrusion detection systems, audit trails, and automated alerts are implemented across all environments to detect unauthorized access or data breaches.
In addition, our infrastructure security strategy includes:
Shift Left
We find and address issues before code is distributed. This includes rigorous code review processes and advanced tooling such as Software Composition Analysis (SCA), Static Analysis Security Testing (SAST), and Infrastructure as Code (IaC) scanning. These tools block vulnerabilities early in the development lifecycle.
Security in the Cloud
We follow cloud infrastructure design best practices to minimize risk. Our systems are designed and deployed using Infrastructure as Code (IaC), which enables automated, secure, and testable environments. Further, we use Dynamic Application Security Testing (DAST) and periodic manual assessments by our internal red team to continuously detect and remediate security issues.
Automation
Wherever possible, we deploy automated security remediation tools to immediately resolve detected vulnerabilities. In cases where tools lack automation capabilities, our internal security engineering team builds custom remediation solutions.
Culture of Security
All Syncinns personnel involved in design, development, testing, and maintenance receive quarterly security training. At each stage of software development, security measures are thoroughly assessed to embed protection into the system from the ground up.
Monitoring and Threat Detection
Monitoring and Alerting
We monitor all activities across endpoints, systems, and user actions in real-time. Our Security Team receives immediate alerts in response to any suspicious behavior.
Threat Awareness
We stay ahead of evolving threats by using advanced tools and subscribing to global threat intelligence feeds. Our controls are regularly reviewed and updated based on emerging threat patterns.
Incident Response and Recovery
Availability
Our incident response team is available 24/7/365 to address security issues.
Incident Management
We maintain a dynamic and evolving Incident Management plan. This plan is tested annually across multiple simulated scenarios and improved upon after every exercise.
Disaster Recovery
Automated database snapshots and high availability practices enable rapid service restoration in the event of a data loss or breach. Infrastructure-as-code allows for full system rebuilds if necessary.
Your Rights Over Your Data
Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or object to the processing of your personal data. You may also request a copy of your data in a portable format or withdraw your consent at any time.
These rights are fully supported under the GDPR, Saudi PDPL, and U.S. privacy laws including the CCPA. If you wish to make a request regarding your data rights, you can get in touch with us at info@syncinns.com . We will respond in accordance with the legally mandated timelines.
Data Breach Response
In the unlikely event of a data breach, Syncinns will take immediate steps to isolate the incident, secure affected systems, and conduct a full investigation. If personal data is impacted, affected individuals and regulatory authorities will be notified in accordance with GDPR Article 33, PDPL Articles 20–21, or applicable U.S. state regulations.
We are committed to full transparency and remediation in any such incident.
Updates to This Policy
This Data Privacy Policy may be revised from time to time to accommodate legal updates, technological advancements, or shifts in our business practices. All changes will be published on this page, and where appropriate, you will be notified via email or system alert. Continued use of Syncinns following any updates will constitute your acceptance of the revised policy.
Contact Information
If you have any questions regarding this Data Privacy Policy or wish to submit a data access request, please contact:
Syncinns Privacy Office
Email: info@syncinns.com
Phone: (659) 906-1034
Website: syncinns.com
Regulatory Compliance
This Data Privacy Policy is written in accordance with the data privacy laws of:
- The European Union (GDPR)
- The Kingdom of Saudi Arabia (PDPL)
- The United States, including the California Consumer Privacy Act (CCPA) and other state-specific privacy regulations
At Syncinns, we value your privacy. All data is handled in line with the EU GDPR and Saudi PDPL. Read our Privacy Policy to learn more.
© 2025 Syncinns. All rights reserved.
