Monitored by earli AI

Trust center

Explore our security, compliance, and T&A.

Compliance standards

We maintain the highest industry standards.

Aligned

ISO 27001

Certified information security management system (ISMS) with risk-based controls for confidentiality, integrity, and availability.

Audit pending

Request access

Compliant

GDPR

EU regulation that governs personal data protection and privacy for within the EU. Applies globally to anyone handling EU data.

Monitored

Request access

Resource library

Access our security documentation, policies, and compliance reports.

PDF

Data Security Whitepaper

Security Overview

Request access

PDF

Master Service Agreement

DPA, SLA and License Agreement

Request access

PDF

MS365 Workflow

How Syncast Works with MS365

Request access

PDF

Service Level Agreement

Request access

PDF

Acceptable Use Policy

Request access

PDF

Information Security Policy

Request access

PDF

Access Control Policy

Request access

PDF

Data Protection Policy

Request access

PDF

Change Management Policy

Request access

+19 more

Access all

Subprocessors directory

We carefully select and monitor all third-party services that process data on our behalf.

OpenAI

AI & ML Services

PostHog

Business Apps & Productivity

GitHub

Code & Build Security

Microsoft Azure

Business Apps & Productivity

Render

Cloud & Platform Services

Frequently asked questions

Find answers to common questions about our security and compliance practices.

How are emergency changes handled?

Emergency changes that can't follow regular processes due to urgency require immediate attention and discussion with a relevant service manager. Such changes are formally approved retrospectively after implementation. These emergency changes are later reviewed in periodic meetings to analyze lessons learned, root causes, and impacts.

How do you monitor vendor performance and compliance?

Management performs reviews of SOC 2 reports from service providers at onboarding and annually to assess the appropriateness of scope and impact of identified exceptions. For critical vendors without SOC 2 reports but with access to company data, regularly scheduled risk assessments are performed to evaluate performance and compliance with security commitments.

What is your approach to security patching?

All systems are patched and updated on a documented, regular, and timely schedule using the Common Vulnerability Scoring System (CVSS) to aid in setting patching guidelines. Critical security vulnerabilities must be patched as soon as possible regardless of CVSS score.

How do we manage risks associated with third-party vendors?

Our organization actively manages vendor risks through a structured approach that includes maintaining a critical third-party vendor inventory and conducting risk assessments before initiating third-party work. These assessments are repeated annually to identify any gaps between third-party security controls and our information security standards.

How are security incidents handled?

The organization maintains an incident response plan that defines responsibilities, detection methods, and corrective actions during security incidents. Various monitoring tools are used for early detection, and the plan is tested, reviewed, and updated at least annually.

What background verification is performed for new personnel?

The organization carries out background and/or reference checks on all new employees and contractors prior to joining in accordance with relevant laws, regulations and ethics. Management utilizes a pre-hire checklist to ensure the hiring manager has assessed the qualification of candidates to confirm they can perform the necessary job requirements.

How are emergency changes handled?

Emergency changes that can't follow regular processes due to urgency require immediate attention and discussion with a relevant service manager. Such changes are formally approved retrospectively after implementation. These emergency changes are later reviewed in periodic meetings to analyze lessons learned, root causes, and impacts.

How do you monitor vendor performance and compliance?

Management performs reviews of SOC 2 reports from service providers at onboarding and annually to assess the appropriateness of scope and impact of identified exceptions. For critical vendors without SOC 2 reports but with access to company data, regularly scheduled risk assessments are performed to evaluate performance and compliance with security commitments.

What is your approach to security patching?

All systems are patched and updated on a documented, regular, and timely schedule using the Common Vulnerability Scoring System (CVSS) to aid in setting patching guidelines. Critical security vulnerabilities must be patched as soon as possible regardless of CVSS score.

How do we manage risks associated with third-party vendors?

Our organization actively manages vendor risks through a structured approach that includes maintaining a critical third-party vendor inventory and conducting risk assessments before initiating third-party work. These assessments are repeated annually to identify any gaps between third-party security controls and our information security standards.

How are security incidents handled?

The organization maintains an incident response plan that defines responsibilities, detection methods, and corrective actions during security incidents. Various monitoring tools are used for early detection, and the plan is tested, reviewed, and updated at least annually.

What background verification is performed for new personnel?

The organization carries out background and/or reference checks on all new employees and contractors prior to joining in accordance with relevant laws, regulations and ethics. Management utilizes a pre-hire checklist to ensure the hiring manager has assessed the qualification of candidates to confirm they can perform the necessary job requirements.

Got more questions?

Questions?

Contact our Security Team

Contact our Security Team

Contact our Security Team

Contact our Security Team

Contact our Security Team

Contact our Security Team

Our security commitment

At earli AI, security isn’t a checkbox — it’s the backbone of everything we build. Our security-first mindset guides how we design features, choose infrastructure, and set internal policies.

Monitored by earli AI