Legal & Trust Center
Last updated: 30 September 2025
360 Synergy — a platform for managing reputation (reviews and leaderboards), HR/culture and check-ins/marketing publications. This page outlines terms of use, privacy, security, authenticity of reviews, and fairness of HR data.
1) Terms of Service
- Customer = Controller, 360 Synergy = Processor/Service Provider.
- Fake reviews, manipulated check-ins, or leaderboard gaming are prohibited.
- Customer is responsible for lawful content (photos, videos, text).
- We may restrict access for policy violations, security risks, or legal requests.
- Monthly/annual subscriptions auto-renew; USD payments; customer responsible for taxes.
- Applicable law: U.S. & Pennsylvania. Arbitration under AAA rules; no class actions.
2) Privacy Policy
2.1 Processed Data
- Account: name, email, phone, role, company.
- HR/culture: profiles, KPI/OKRs, goals, peer reviews, logs.
- Reputation: reviews, ratings, review requests, sources.
- Check-ins: photos/videos, descriptions, linked jobs/locations, geodata (if enabled).
- Technical: IP, device/browser, cookies.
2.2 Purposes
- Provide platform functionality, analytics, quality improvement.
- Publishing content to catalog/widgets/Google Business Profile if enabled.
- Compliance with laws, security, audits, incident investigations.
2.3 Rights (GDPR/CCPA/CPRA)
- Access, correction, deletion, restriction, portability, objection, Do Not Sell or Share, limit sensitive PI.
- Minors under 16: consent via parent/guardian (CPRA).
- COPPA: not for children under 13; data deleted upon request.
- Requests: privacy@360synergy.net.
2.4 Hosting
AWS hosting (Ashburn, Virginia, us-east-1). EU region (eu-central-1 Frankfurt) optional for HR/reputation data.
3) Review Authenticity & Anti-Fraud
- Reviews from real customers; incentives disclosed and allowed only if not prohibited.
- Algorithms/manual moderation detect duplicates, suspicious patterns, conflicts; excluded until resolved.
- Contact sources must be lawfully collected.
- Manipulation attempts result in suspension, deletion of fake data, account block.
4) Leaderboard Methodology
- Leaderboards based on validated reviews per chosen period (day/week/month/custom).
- Optional: only public Google reviews included (if enabled).
- Suspicious/disputed entries flagged and excluded until resolved.
- Admins may request methodology/log exports.
5) Employee Data & Fair Use
- Employee HR data belongs to customer; access by RBAC & least privilege.
- Employees may review, comment, or dispute data; audit trail kept.
- No discriminatory use; data supports learning, growth, motivation.
6) Check-ins & Marketing Content
- Publishing check-ins (photos/videos, text, geo) enabled by customer in admin panel.
- Personal data (faces, addresses, phones) not published without consent/legal basis.
- Content rights remain with customer; 360 Synergy holds limited license for service use.
7) Data Retention & Deletion
- HR Profiles: retained for contract term; deleted/returned upon request.
- Reviews & Check-ins: up to 3 years by default, then deleted/anon.
- Backups: up to 180 days, then erased.
- Delivery logs (Twilio/Sinch/SendGrid): usually ≤30 days unless law requires longer.
8) Security
- Encryption: TLS 1.2+ transit; AES-256 rest; AWS KMS keys.
- Access: RBAC, MFA/SSO, least privilege.
- Resilience: daily backups; RPO ≤24h, RTO ≤4h.
- Monitoring: logs, alerts, vulnerability mgmt.
- Compliance: GDPR/CCPA/CPRA; SOC 2, ISO 27001 roadmap.
- Shared Responsibility: AWS infra; 360 Synergy app/config; customer data accuracy & access.
9) SLA & Incident Response
- Uptime: 99.9% monthly target.
- Incidents: EU notify ≤72h; US notify "without unreasonable delay."
- Messaging: opt-in required; STOP/HELP immediate; quiet hours set by sender; email per CAN-SPAM.
10) Transparency & Compliance
- Status/maintenance posted publicly (coming soon).
- GDPR: SCCs for cross-border; EU rep per Art.27 when expanded.
- CCPA/CPRA: Do Not Sell/Share + sensitive PI limitations.
- ADA/WCAG: accessible formats on request.
Messaging Policy — Summary
- Opt-in: required; documented.
- STOP/HELP: STOP unsubscribes immediately; HELP = support info.
- Quiet hours: avoid 9pm–8am local time.
- Registration: Trust Hub; send only after Approved.
11) Subprocessors
- AWS — hosting, DB, storage (us-east-1; eu-central-1 optional).
- Twilio / Sinch — SMS/voice APIs (A2P 10DLC, Toll-Free, Short Code, WhatsApp). Used for review requests, service notifications, and marketing if enabled.
- SendGrid — transactional email.
- Stripe — payments (PCI DSS; no PAN data stored).
- Google APIs — Business Profile, Maps, Calendar.
12) Company & Contact
- Company: 360 Synergy LLC
- EIN: 33-4009077
- Address: 1207 OLD JORDAN RD, Holland, PA 18966-2600, USA
- Hosting: AWS Ashburn, Virginia
- Support: support@360synergy.net
- Privacy: privacy@360synergy.net
- Security: security@360synergy.net