Security Overview
Effective Date: July 01, 2026
1. Introduction
At Synclo, we understand that security is essential to the trust client companies place in our platform. As a modular ERP, Synclo may be used to manage sensitive business information, including employee records, payroll and finance data, recruitment records, customer and vendor information, documents, workflows, support requests, learning records, analytics, and AI-assisted operations.
This Security Overview explains the general safeguards, practices, and responsibilities designed to help protect information processed through Synclo. It should be read together with our Privacy Policy, Cookie Policy, applicable agreements, and any additional security or data protection terms made available to clients.
2. Security Approach
Synclo follows a layered security approach designed to reduce risk across the platform, infrastructure, users, access controls, data handling processes, monitoring, and operational practices.
Our approach is based on reasonable safeguards, role-based access, least-privilege principles, secure system design, traceability, and continuous improvement. Security is also a shared responsibility between Synclo and client companies. Synclo is responsible for securing the platform and services we provide, while client companies are responsible for managing their users, roles, permissions, integrations, exports, devices, internal policies, and how their organization uses Synclo.
3. Product Security
Synclo includes product-level controls designed to help client companies manage access, approvals, workflows, and operational records securely across the platform.
These controls may include role-based access control, module-level permissions, admin-managed user access, approval workflows, audit logs, activity history, configurable settings, and workspace-level controls. Client administrators can assign users to appropriate roles and permissions based on their responsibilities, departments, modules, and authorized business functions.
Because Synclo is used across multiple business areas, product security is designed to support controlled access to sensitive records such as employee data, payroll data, financial records, recruitment records, customer and vendor data, tickets, documents, and reports.
3.1 Recruitment and Candidate Data Security
When client companies use HireHub, Synclo may process recruitment-related information such as job applications, resumes, candidate profiles, interview feedback, screening records, offer details, referrals, and talent pool records. Access to recruitment data is governed by the client company’s roles, permissions, workflows, and workspace configuration. Synclo is designed to help client companies manage candidate information securely while maintaining appropriate visibility for authorized recruitment, HR, and hiring team users.
4. Data Security
Synclo uses reasonable technical, administrative, and organizational safeguards designed to protect client-controlled data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.
These safeguards may include encryption where applicable, secure transmission, access controls, tenant or workspace separation, audit logs, backups, monitoring, internal access restrictions, confidentiality obligations, and secure data handling practices.
Client-controlled data is processed according to the client company’s instructions, enabled features, configurations, applicable agreements, and authorized use of the platform. Synclo does not claim ownership of client-controlled data and does not use client workspace data to train public AI models.
4.1 Encryption and Secure Transmission
Synclo uses secure transmission practices designed to protect information while it moves between users, the platform, and supported services. Encryption may also be used to help protect stored information where applicable, based on the nature of the data, infrastructure, and service configuration.
5. Access Control and Internal Access
Synclo supports role-based access control to help client companies manage who can access specific modules, records, workflows, reports, documents, and administrative settings. Client administrators are responsible for assigning appropriate roles and permissions to users based on their job responsibilities and internal policies.
Access by Synclo personnel to client-controlled data is limited to situations where access is reasonably needed for support, troubleshooting, security, maintenance, legal, or operational purposes. Such access is intended to follow least-privilege principles and may be subject to internal controls, confidentiality obligations, and logging where applicable.
6. Authentication and Account Security
Synclo uses authentication controls designed to help protect user accounts and prevent unauthorized access. These may include secure login processes, password protection, password reset flows, session controls, account status controls, and two-factor or multi-factor authentication where available.
Client companies and users are responsible for keeping login credentials confidential, using strong passwords, enabling available account protection features, promptly removing access for users who no longer need it, and notifying Synclo of any suspected unauthorized access or account compromise.
7. Infrastructure and Hosting Security
Synclo may use trusted cloud infrastructure and hosting providers to operate, store, process, and deliver the platform and related services. These providers may maintain physical, environmental, network, and infrastructure-level safeguards for the systems and facilities they operate.
Synclo’s infrastructure security practices are designed to support secure hosting, availability, controlled access, monitoring, and protection against unauthorized activity. Hosting locations and infrastructure arrangements may vary based on technical requirements, service providers, client configuration, and applicable legal or contractual obligations.
8. Application Security
Synclo’s application security practices are designed to reduce the risk of common web application vulnerabilities and support secure product development. These practices may include input validation, access checks, secure coding practices, testing, code review where applicable, vulnerability assessment, patch management, and security improvements over time.
Because Synclo is a modular ERP platform, application security also includes enforcing permissions at the application level so that users can only access information, workflows, and actions they are authorized to use based on the client company’s configuration and their assigned role.
9. Monitoring, Logging, and Audit Trails
Synclo maintains system, access, activity, workflow, and security-related logs to support platform security, troubleshooting, auditability, and operational traceability.
These logs may include login activity, admin actions, permission changes, workflow history, approval activity, module interactions, system events, error logs, and security-related activity. Audit trails help client companies review important actions within their workspace and help Synclo monitor platform performance, investigate issues, and detect suspicious or unauthorized activity where applicable.
10. Backups and Business Continuity
Synclo maintains backup and recovery practices designed to support business continuity, service reliability, and data restoration in the event of technical failure, accidental loss, service disruption, or other operational issues.
Backup frequency, retention, recovery options, and restoration timelines may vary depending on Synclo’s infrastructure, service providers, client configuration, subscription terms, and applicable agreements. Synclo may update its backup and continuity practices as the platform, infrastructure, and operational requirements evolve.
11. Third-Party Service Providers
Synclo may use trusted third-party service providers to support hosting, infrastructure, email, SMS, analytics, monitoring, customer support, payment or billing, security, AI infrastructure, and other services required to operate and improve the platform.
These providers are expected to process information only for the services they provide to Synclo and are subject to appropriate confidentiality, security, contractual, and data protection obligations. Where a client company enables third-party integrations, the client company is responsible for reviewing and authorizing the use of those connected services.
12. AI and Alci Security
Synclo’s AI-assisted features, including Alci, are designed to operate within the user’s authorized access, role, permissions, enabled modules, and client workspace configuration. Alci should only process or surface information that the user is permitted to access within Synclo.
AI-assisted outputs are intended to support users through summaries, recommendations, classifications, drafts, workflow assistance, and other productivity features. Users should review AI-generated outputs before relying on them for business, HR, financial, legal, employment, customer, vendor, or operational decisions.
Synclo does not use client-controlled business data, employee data, candidate data, customer data, vendor data, financial records, uploaded documents, or other workspace data to train public AI models. Where third-party AI infrastructure is used, such providers are expected to process information under appropriate confidentiality, security, and data protection obligations.
13. Security Incident Response and Vulnerability Reporting
Synclo takes suspected or confirmed security incidents seriously and will take reasonable steps to investigate, contain, mitigate, and remediate incidents involving unauthorized access, disclosure, loss, misuse, alteration, or destruction of information processed through the platform.
Where required by applicable law, contract, or relevant obligation, Synclo will notify affected client companies about security incidents involving their client-controlled data and may provide reasonable assistance to support investigation, remediation, or notification processes.
Users, client companies, and security researchers should report suspected unauthorized access, account compromise, platform misuse, security weaknesses, or potential vulnerabilities to Synclo through the appropriate security or support contact channel.
14. Security Documentation and Trust Resources
As Synclo’s security and compliance program evolves, Synclo may make additional security documentation, compliance materials, audit summaries, certifications, security questionnaires, or trust resources available to eligible clients where available.
Access to certain security materials may be subject to confidentiality requirements, contractual terms, client eligibility, or Synclo’s internal review process.
15. Data Retention and Deletion Summary
Synclo retains and deletes information in accordance with its Privacy Policy, applicable agreements, client configurations, legal obligations, backup cycles, security requirements, and operational needs.
Client-controlled data is generally retained while the client company’s account or subscription remains active, unless deleted earlier by the client company, its authorized users, or in accordance with applicable terms. After account cancellation or closure, data may be retained for a limited period to support export, migration, backup, recovery, or administrative purposes, and may then be deleted, de-identified, or made inaccessible from active systems, subject to applicable exceptions.
For more information, please refer to Synclo’s Privacy Policy and applicable data retention or deletion terms.
16. Client Responsibilities
Security is a shared responsibility between Synclo and client companies. Client companies are responsible for managing how their organization uses Synclo and for applying appropriate internal controls to protect their workspace and users.
This includes assigning appropriate roles and permissions, removing access when users leave or change responsibilities, using strong passwords, enabling available authentication protections, managing integrations carefully, reviewing exports and downloads, protecting devices used to access Synclo, training users, and ensuring that their use of Synclo complies with applicable laws, contracts, and internal policies.
17. Changes to This Security Overview
Synclo may update this Security Overview from time to time to reflect changes in our platform, infrastructure, security practices, service providers, legal requirements, or business operations.
When we update this Security Overview, we will revise the effective date at the top of the document. Where appropriate, we may notify client companies or account administrators through email, in-app notice, website notice, or other communication channels.
18. Contact Us
If you have any questions about this Security Overview or wish to report a security concern, you may contact us at:
Email: legal@synclo.com
Phone: +1 (833) 201-7494
Address: Bu Haleeba Gold Building, Office M2, Hor Al Anz East, Dubai
