Privacy Policy

Utopia Digital is committed to protecting the privacy and security of the personal information we collect and process. Our Privacy Policy outlines our practices regarding collecting, using, and safeguarding your data, emphasising our dedication to transparency, responsible data management, and secure-by-design principles.

Our Commitment

Data Collection:
We collect personal information fairly and legally, limited to what is necessary to support secure authentication, service performance monitoring, and operational analytics. CDE Sync does not store or process customer content or files; only sync-related metadata and system telemetry are handled.

Data Use:
Collected information is used exclusively to deliver and improve our services, manage platform security, and ensure operational continuity. We do not use or claim ownership over customer-derived data.

Data Protection:
Utopia Digital employs robust, multi-layered security controls including:

  • Azure Key Vault for credential storage

  • Role-based access control (RBAC)

  • TLS 1.2+ encryption in transit, AES-256 at rest

  • Continuous monitoring, logging, and alerting through Azure Defender and Log Analytics

  • Incident response and business continuity planning (BCP, DRP)

User Rights:
You have the right to access, correct, delete, or restrict processing of your personal data. Requests are addressed promptly in accordance with our SLA commitments.

Transparency:
We do not use your data for analytics, marketing, or profiling. All metadata and telemetry collected is scoped to ensure minimalism, necessity, and privacy by design.

Compliance:
Our operations are guided by industry best practices, including ISO 27001, GDPR, and the NIST Cybersecurity Framework. We are currently progressing through the certification process to formalize our compliance.

Key Actions

  • Conducting regular internal security audits and working toward third-party assessments

  • Reviewing and updating privacy and security policies in alignment with regulatory changes

  • Notifying clients of security incidents impacting service within defined SLAs

  • Ensuring all personnel sign Confidentiality and Acceptable Use Policies

  • Requiring MFA and secure identity practices across all environments

Your Involvement

We encourage you to review our Privacy Policy and use the tools and controls we provide to manage your personal information and exercise your privacy rights. For more information or to request access to your data, please contact our support team.