Confidentiality Policy

SyHash, LLC
Effective Date: 01/01/2025

1. Purpose

This Confidentiality Policy ("Policy") establishes the principles and obligations regarding the protection of confidential information, trade secrets, and personal data handled by SyHash ("Company"). The Policy ensures compliance with HIPAA, GDPR, and other applicable data protection regulations, safeguarding sensitive information from unauthorized access, disclosure, or misuse.

2. Definitions

For the purposes of this Policy, the following definitions apply:

  • Confidential Information: Any non-public information, including but not limited to business strategies, financial data, client records, intellectual property, trade secrets, and security measures.
  • Personal Data: Any information related to an identified or identifiable individual, as defined under GDPR and HIPAA.
  • Sensitive Information: Data classified as highly confidential, including Protected Health Information (PHI) under HIPAA, personally identifiable information (PII), security credentials, and proprietary security methodologies.
  • Authorized Personnel: Employees, contractors, vendors, and third parties with a legitimate business need to access Confidential Information.

3. Scope

This Policy applies to:

  • All employees, contractors, consultants, interns, and third parties engaged with SyHash.
  • Any individual or entity that has access to Confidential Information through agreements, partnerships, or business relationships.
  • All data processed, stored, transmitted, or accessed within SyHash’s systems, whether electronic, paper-based, or verbal communications.

4. Confidentiality Obligations

4.1 Employees and Contractors

All employees and contractors must:

  • Maintain strict confidentiality regarding all non-public information obtained during their engagement.
  • Use Confidential Information solely for business-related purposes.
  • Follow SyHash’s security protocols and policies for data protection.
  • Immediately report any actual or suspected breaches of confidentiality to the Data Protection Officer (DPO), Marie Enriquez at marie@syhash.com.

4.2 Third Parties and Vendors

Third parties handling Confidential Information must:

  • Sign a Non-Disclosure Agreement (NDA) before receiving access.
  • Implement technical and organizational measures to protect the data.
  • Adhere to relevant GDPR, HIPAA, and contractual obligations.

5. Data Protection Measures

To ensure compliance with HIPAA and GDPR, SyHash implements the following security measures:

  • Access Controls: Role-based access and multi-factor authentication for sensitive systems.
  • Data Encryption: Encryption of stored and transmitted data using industry-standard protocols.
  • Audits & Monitoring: Regular security audits, log monitoring, and anomaly detection.
  • Employee Training: Mandatory cybersecurity awareness training on data protection laws and security best practices.

6. Exceptions to Confidentiality

Confidential Information may only be disclosed under the following circumstances:

  • When required by law, regulatory obligations, or court order, after consultation with SyHash’s legal team.
  • With explicit written consent from the data subject or authorized entity.
  • When necessary to protect against fraud, cyber threats, or security risks, in compliance with legal requirements.

7. Duration of Confidentiality Obligation

The obligation to maintain confidentiality:

  • Applies during and after the termination of employment, contracts, or agreements.
  • Remains in effect for a minimum of five (5) years post-engagement, unless otherwise stated in a contract or applicable law.

8. Consequences of Breach

Failure to comply with this Policy may result in:

  • Disciplinary action, including termination of employment or contract.
  • Legal consequences, including civil or criminal liability under HIPAA/GDPR regulations.
  • Financial penalties imposed by regulatory authorities for non-compliance.

9. Compliance and Enforcement

The Data Protection Officer (DPO), Marie Enriquez, is responsible for enforcing this Policy and overseeing compliance with confidentiality and data protection laws. Questions or concerns should be directed to:

📩 marie@syhash.com | ☎ (864) 922-9210

For general inquiries, contact:

📩 contactus@syhash.com | ☎ (864) 922-9210

10. Amendments and Review

SyHash reserves the right to modify this Policy to reflect changes in laws, regulations, or business operations. All revisions will be communicated to affected parties in a timely manner.

Approval:

Alex Enriquez
CEO, SyHash
Date: 01/01/2025