Legal

Privacy Policy

How we collect, use, and protect your data. We believe in transparency and minimal data collection.

Last updated: February 27, 2026

1. Introduction

Syslok, Inc. ("Syslok," "we," "us," or "our") operates the Syslok platform, including the website, desktop applications (Controller and Agent), mobile apps, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and hashed password. If you sign up via SSO, we receive your email and identity provider identifier.

Device Information

When you register devices, we collect device names, operating system type and version, and hostnames. Device tokens are stored as one-way hashes and cannot be reversed.

Session Data

Remote sessions are relayed through our servers using end-to-end encryption. We do not inspect, record, or store screen content unless Session Recording is explicitly enabled by an Enterprise plan operator. Session metadata (timestamps, duration, device IDs) is retained for audit logs.

Usage & Analytics

We collect anonymized usage metrics such as session counts, feature usage, and error rates to improve the Service. We do not sell or share analytics data with third parties for advertising purposes.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details on our servers. We retain your plan tier and billing status.

3. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Authenticate your identity and authorize access to devices
  • Process billing and subscriptions
  • Send transactional emails (account verification, password resets, session alerts)
  • Monitor and prevent abuse, fraud, and security threats
  • Improve the Service based on aggregated usage patterns

4. Data Sharing

We do not sell your personal data. We may share information with:

Service providers

Stripe (payments), email delivery services, cloud infrastructure providers

Legal compliance

When required by law, subpoena, or to protect our rights

Business transfers

In connection with a merger, acquisition, or sale of assets

5. Data Retention

Account data is retained while your account is active. Session metadata and audit logs are retained for 90 days on free plans and up to 1 year on paid plans. Session recordings (Enterprise) are retained per operator configuration. You may request deletion of your account and associated data at any time.

6. Security

End-to-end encrypted sessions
Encrypted data at rest
Strict access controls
Regular security reviews
Irreversible token hashing
Continuous monitoring

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise these rights, contact us at privacy@syslok.com.

8. Cookies

Our web dashboard uses essential cookies for authentication (JWT tokens). We do not use third-party tracking cookies or advertising pixels.

9. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service.

11. Contact

If you have questions about this Privacy Policy, contact us at privacy@syslok.com.