How do we protect confidential and personal information?

The complete protection of your confidential and sensitive information is a key element to our system. 


We utilize X reasonable safeguards include several layers of security for protecting your information, including, but not limited to:


  • security policies (internal/external to Xyntax),
  • human resources security,
  • physical security,
  • technical security,
  • network security,
  • incident management, and
  • business continuity planning


1. Risk Management

2. Internal Policies

3. External, Remote Backup Service & Disaster Recovery Service




1. System Security, Built-in System Administration & Security

Any confidential information contained in Xyntax is stored in very specific programs/areas and is only accessible by appointed individual(s), that you assign. In short, you control who has access to what, and when. In the background, the system always tracks who did it, when they did it, what they did, and to whom/what they did it to.


2. Internal, Federal and Provincial Privacy Policies

Should any Xyntax staff member otherwise come into contact or handle either your or your client's personal information, you are further protected under both the federal, Personal Information Protection and Electronic Documents Act (PIPEDA), and provincial, Personal Information Protect Act (PIPA) acts. Personal information as information about an identifiable individual, which means a person can be identified by the information, either directly (e.g. name, image, job title) or in combination with other information. For example, a health report about an unnamed individual would contain personal information if the individual could be identified through a street address, personal health number, phone number or other information that could link the information to the affected individual. Some personal information is more sensitive than others (e..g health information, government-issued pieces of identification such as social insurance numbers, driver's licence and health care numbers and financial account numbers such as credit or debit card number that could be used for identity theft). A combination of personal information is typically more sensitive than a single piece of personal information.


Personal information also includes employee personal information but does not include business contact information or work product information. Non-identifiable or aggregate information, such as statistical information about groups of individuals, is not personal information. PIPA does not apply to general information used to operate the business of an organization.

See British Columbia's guide: Guide to PIPA




These laws mandate the handling and storage of private information.


3. External, Remote Backup Service & Disaster Recovery Service

If you've subscribed to our Remote Backup and Disaster Recovery services, data transference of your information between your office and our offices in Cochrane, Alberta, is further protected using Advanced Encryption Standard (AES) 128-bit & 256-bit cryptography. We use AES to protect the authenticity, confidentiality, and integrity of information contained within.


If you're wondering how AES works, check out this clever illustration and explanation: 

A Stick Figure Guide to the Advanced Encryption Standard (AES)


Then, each night, between 9PM-3AM, your server automatically connects to our servers in Cochrane to perform the daily backup. Once complete, our server automatically transfers your data to an encrypted, read-writable DVD. Then we take the AES encrypted soft-copy of your data down to the bank and stored it in a fire/flood protected safety deposit box. 


For security and liability reasons, no trace or copy of your information is left on our servers or stored in "the-cloud".


https://www.oipc.bc.ca/guidance-documents/1437


If you have any concerns and or questions regarding our method, Privacy Policy, or procedures, please contact Xyntax Support, toll-free, 1 (866) 699-6829 or email support@xyntax.com ATTN: Privacy Officer.