Privacy Policy

SyHash, LLC
Effective Date: 01/01/2025

1. Introduction

SyHash, LLC ("Company," "we," "us," or "our") is committed to protecting the privacy and security of personal information collected from clients, employees, partners, and website visitors. This Privacy Policy explains how we collect, use, store, and protect personal data, ensuring compliance with HIPAA, GDPR, and other applicable privacy laws.

By accessing or using our services, you agree to the terms outlined in this Privacy Policy.

2. Information We Collect

We collect different types of personal data, including:

2.1 Personal Data Provided by You

  • Contact Information: Name, email, phone number, company details.
  • Account Credentials: Usernames, passwords, and security questions.
  • Payment Information: Billing details, credit/debit card information (processed securely through third-party payment processors).

2.2 Automatically Collected Information

  • Technical Data: IP addresses, browser type, operating system, device information.
  • Usage Data: Pages visited, actions taken on our website, log files, session data.
  • Cookies & Tracking Technologies: Used to enhance user experience (see Section 7 on Cookies).

2.3 Sensitive Information

  • Protected Health Information (PHI): If applicable, in compliance with HIPAA.
  • Security Credentials: Encrypted login credentials and authentication data.
  • Client Confidential Data: Only processed under contractual agreements and with consent.

3. How We Use Your Information

We process personal data for the following purposes:

  • To provide, maintain, and improve our cybersecurity services.
  • To communicate with clients, including responding to inquiries and support requests.
  • To conduct security audits, risk assessments, and compliance monitoring.
  • To comply with legal and regulatory obligations under HIPAA, GDPR, and other laws.
  • To detect and prevent fraud, cyber threats, and unauthorized access.
  • To improve our website, marketing, and customer engagement strategies.

4. Legal Basis for Processing (GDPR Compliance)

We process personal data based on the following legal grounds:

  • Consent: When users voluntarily provide information (e.g., signing up for services).
  • Contractual Necessity: When processing is necessary for the performance of a contract.
  • Legal Obligation: When required by law or regulatory frameworks (HIPAA, GDPR).
  • Legitimate Interests: When processing is necessary for business operations, cybersecurity, or fraud prevention.

5. How We Share Information

We do not sell or rent personal data. However, we may share data under the following circumstances:

  • With Service Providers: Trusted third-party vendors assisting with IT security, cloud storage, analytics, and legal compliance.
  • For Legal & Regulatory Compliance: When required by law, subpoenas, or government investigations.
  • With Business Partners: When collaborating on cybersecurity projects with strict data protection agreements in place.

All third parties handling personal data must comply with HIPAA, GDPR, and SyHash’s Confidentiality Policy.

6. Data Protection & Security Measures

To protect personal data, SyHash implements:

  • Encryption: Data is encrypted at rest and in transit.
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication.
  • Regular Audits: Security monitoring, penetration testing, and compliance audits.
  • Data Minimization: We collect only the necessary data for service provision.
  • Incident Response Plan: A protocol to handle data breaches, in compliance with GDPR and HIPAA.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to improve website functionality and user experience. You can manage cookie preferences through browser settings.

Types of Cookies We Use

  • Essential Cookies: Required for website security and performance.
  • Analytics Cookies: Help analyze website traffic and improve services.
  • Marketing Cookies: Used for targeted advertising (only if consent is given).

For more details, see our Cookie Policy [insert link if applicable].

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required by law. Once data is no longer needed, it is securely deleted or anonymized.

Retention Period Examples:

  • Client records: 5 years after contract termination
  • Website analytics data: 12 months
  • Financial records: 7 years (for tax compliance)

9. International Data Transfers (GDPR Compliance)

If personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards, such as:

  • EU Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Data Transfer Agreements (DTA)

10. Your Privacy Rights

For GDPR (EU Residents):

You have the right to:
✅ Access your personal data.
✅ Request data correction or deletion.
✅ Object to or restrict processing.
✅ Withdraw consent at any time.
✅ Request data portability.

Requests can be submitted to marie@syhash.com.

For HIPAA (U.S. Residents Handling PHI):

You have the right to:
✅ Request access to your health data.
✅ Restrict disclosures under certain conditions.
✅ File complaints regarding PHI mishandling.

To exercise HIPAA rights, contact marie@syhash.com.

11. Third-Party Links

Our website may contain links to external websites. SyHash is not responsible for third-party privacy practices. We recommend reviewing their privacy policies before sharing data.

12. Children's Privacy

SyHash does not knowingly collect personal data from children under 13 years old (U.S.) or 16 years old (EU/EEA). If a parent or guardian believes a child has provided personal data, contact us at contactus@syhash.com for removal.

13. Changes to This Privacy Policy

We may update this Policy periodically to reflect regulatory changes. Any modifications will be communicated via email or website notice.

Last Updated: 01/01/2025

14. Contact Information

If you have questions or concerns about this Privacy Policy, contact:

📩 Data Protection Officer (DPO): Marie Enriquez
✉️ marie@syhash.com | ☎ (864) 922-9210

📩 General Inquiries: contactus@syhash.com
(864) 922-9210

Approval:

Alex Enriquez
CEO, SyHash
Date: 01/01/2025