Last updated: 15th July 2024
Synerge uses certain third-party sub-processors to assist in providing our services. A sub-processor is a third-party data processor engaged by us who has or potentially will have access to or process customer data.
This page provides important information about the personal data we collect and transfer to our sub-processors. We require each sub-processor to maintain security and privacy controls to protect customer data.
- Maintain agreements with each sub-processor that ensure they follow appropriate privacy and security standards
- Regularly monitor and evaluate our sub-processors' security controls and practices.
- Update this list when we add or remove sub-processors.
- Provide notice of new sub-processors before we start using them.
Amazon Web Services (AWS)
- **Purpose:** Cloud infrastructure and hosting services
- **Data Processing Location:** United Kingdom, European Union
- **Website:** https://aws.amazon.com
- **Security & Privacy Info:** https://aws.amazon.com/compliance/gdpr-center/
- **Data Processed:**
- Application data
- Customer content
- Log files
- Backups
- **Purpose:** Web hosting and server infrastructure
- **Data Processing Location:** United Kingdom
- **Website:** www.guru.co.uk
- **Data Processed:**
- Website data
- Customer content
- Application data
- Server logs
- **Purpose:** Application hosting and deployment
- **Data Processing Location:** Based on deployment region
- **Website:** https://render.com
- **Security & Privacy Info:** https://render.com/privacy
- **Data Processed:**
- Application data
- Deployment configurations
- Log data
- Performance metrics
- **Purpose:** Website analytics and user behavior tracking
- **Data Processing Location:** Global (with EU/UK data protection measures)
- **Website:** https://analytics.google.com
- **Security & Privacy Info:** https://support.google.com/analytics/answer/6004245
- **Data Processed:**
- Website usage data
- User behavior metrics
- Performance data
- IP addresses (anonymized)
- Device information
- **Purpose:** Mobile app distribution and payment processing
- **Data Processing Location:** Global (with EU/UK data protection measures)
- **Website:** https://www.apple.com/app-store/
- **Security & Privacy Info:** https://www.apple.com/legal/privacy/
- **Data Processed:**
- User account information
- Payment information
- App usage data
- Device information
- Download statistics
- **Purpose:** Mobile app distribution and payment processing
- **Data Processing Location:** Global (with EU/UK data protection measures)
- **Website:** https://play.google.com
- **Security & Privacy Info:** https://policies.google.com/privacy
- **Data Processed:**
- User account information
- Payment information
- App usage data
- Device information
- Download statistics
- **Purpose:** Email marketing and communication
- **Data Processing Location:** United States (with EU/UK Standard Contractual Clauses)
- **Website:** https://mailchimp.com
- **Security & Privacy Info:** https://mailchimp.com/legal/privacy/
- **Data Processed:**
- Email addresses
- Contact information
- Marketing preferences
- Email engagement metrics
- Campaign analytics
- **Purpose:** Appointment scheduling and calendar management
- **Data Processing Location:** United States (with EU/UK Standard Contractual Clauses)
- **Website:** https://calendly.com
- **Security & Privacy Info:** https://calendly.com/privacy
- **Data Processed:**
- Name and contact information
- Scheduling preferences
- Calendar data
- Meeting details
- Time zone information
We may update our sub-processors from time to time. We will notify our customers of any new sub-processors according to our notification procedures:
1. This page will be updated with new sub-processor information
2. Customers will receive email notification at least 30 days before we authorise any new sub-processor
3. Customers can subscribe to sub-processor updates by emailing privacy@synerge.co.uk
All our sub-processors are required to:
- Maintain appropriate technical and organizational security measures
- Process personal data in accordance with GDPR and UK data protection laws
- Provide regular security assessments and audits
- Notify us promptly of any security incidents
- Support data subject rights requests
- Delete or return all personal data at the end of the service provision
Several of our sub-processors process data outside the UK/EEA. We ensure appropriate safeguards are in place through:
- EU Standard Contractual Clauses (SCCs)
- UK International Data Transfer Agreements (IDTAs)
- Adequacy decisions where applicable
- Additional technical and organizational measures
Customers may object to our use of a new sub-processor by notifying us promptly in writing within 30 days after we post the new sub-processor on this page. Objections should be sent to privacy@synerge.co.uk
For questions about our sub-processors or to report concerns:
- Email: privacy@synerge.co.uk
- Phone: +44 161 383 0250
- Address: Synerge Limited, Floor 1, 2 Chapel Street, Greater Manchester, OL2 5QL
We take the security of our systems seriously, and we value the security community. We believe that responsible disclosure of security vulnerabilities helps us ensure the privacy and safety of our users and systems.
This policy applies to all public-facing web and mobile applications operated by our company.
We request that you:
1. Notify us immediately when you discover a potential security issue
2. Make every effort to avoid privacy violations, degradation of user experience, and disruption to our systems
3. Only use testing methods that don't cause harm to our systems or data
4. Do not access or modify other users' data
5. Give us reasonable time to respond to your report before making any information public
6. Provide sufficient information to reproduce the problem
The following types of reports will not be considered:
- Automated vulnerability scanner reports
- Social engineering attacks
- Denial of Service (DoS) attacks
- Reports related to self-hosted installations by third parties
- Issues in third-party applications that integrate with our services
1. Send your findings to: security@synerge.co.uk
2. Encrypt sensitive information using a PGP key
3. Include detailed technical information about the vulnerability
4. Provide clear steps to reproduce the issue
- Description of the issue
- Steps to reproduce
- Impact of the vulnerability
- Any relevant screenshots or proof of concept
- Suggested fix (if possible)
We commit to:
1. Respond to your report within 2 business days
2. Keep you updated as we investigate the issue
3. Not take legal action against you if you follow this policy
4. Work with you to understand and resolve the issue quickly
5. Recognize your contribution if you want (unless you prefer to remain anonymous)
- We aim to resolve critical issues within 24 hours
- High-severity issues will be addressed within 7 days
- Other valid issues will be resolved within 30 days
- We will keep you informed of our progress
We consider security research conducted under this policy to be:
- Authorized under our terms of service
- Exempt from DMCA restrictions
- Exempt from Computer Misuse Act restrictions (for UK researchers)
As long as you comply with this policy:
- We will not initiate legal action against you
- We will not report you to law enforcement
- We will actively communicate with you to resolve the issue
While we do not currently operate a paid bug bounty program, we:
- Will publicly acknowledge your contribution (with your permission)
- May offer rewards for critical vulnerabilities at our discretion
- Will add you to our security hall of fame
Nothing in this policy is intended to grant permission for or encourage actions that would otherwise be prohibited by law.
---
Last updated: October 2024