Privacy Policy

1. Overview

SynOI Inc., a Delaware corporation (“SynOI,” “we,” “us,” or “our”), operates synoi.systems and all associated products and services (“Services”). This Privacy Policy explains what information we collect, how we use it, and the choices you have with respect to your data. We are committed to handling your information in compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

By using the Services, you agree to the collection and use of information as described in this policy. If you do not agree, do not use the Services.

2. Information We Collect

2.1 Account information

When you create an account, we collect your name, email address, and company name. Billing information is collected and processed by Paddle (our Merchant of Record). We do not store raw payment card numbers.

2.2 Customer Data

“Customer Data” refers to any data you submit to the Services for processing. Customer Data is processed on your behalf and is not used for any purpose other than providing and improving the Services to you. We process Customer Data only as a data processor acting on your instructions. You remain the data controller for any personal data contained within Customer Data.

2.3 Technical and log data

We automatically collect standard infrastructure logs including IP addresses, browser user agent strings, request timestamps, and error traces via AWS CloudFront. This data is used for security, debugging, and abuse prevention.

2.4 Usage data

We collect data about how you use the Services, including API call counts, feature interactions, and derived usage metrics. This data powers your dashboard, enforces plan limits, and informs billing.

2.5 Contact form submissions

Messages submitted via our contact form are collected and used solely to respond to your inquiry.

2.6 Cookies

Our marketing website (synoi.systems) currently uses no cookies and no client-side tracking scripts. Authenticated product surfaces may use strictly necessary session cookies to maintain your login state. We do not use advertising or behavioral tracking cookies. We will update this policy before deploying any non-essential cookies.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Services.
• Create and manage your account and process transactions via Paddle.
• Respond to your inquiries and provide customer support.
• Send transactional communications: receipts, security notices, service updates.
• Detect, investigate, and prevent security incidents and abuse.
• Improve and develop the Services using aggregated, de-identified data where possible.
• Comply with legal obligations.

We do not use your data for advertising and do not sell your data to any third party.

4. Legal Bases for Processing (GDPR)

For individuals in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:

• Contract performance: to provide and manage the Services you have subscribed to.
• Legitimate interests: for security, fraud prevention, and service improvement, where our interests are not overridden by your rights.
• Legal obligation: where processing is required to comply with applicable law.
• Consent: where we have asked for and received your consent (e.g., marketing emails). You may withdraw consent at any time.

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

• Paddle: as our Merchant of Record, Paddle processes payment and billing data. Paddle's privacy policy governs their handling of payment information.
• Amazon Web Services (AWS): our cloud infrastructure provider processes technical log and infrastructure data under a data processing agreement.
• Legal requirements: we may disclose information if required by law, court order, or to protect the rights, property, or safety of SynOI, our users, or the public.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is subject to a materially different privacy policy.

6. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this policy:

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including encryption in transit (TLS 1.2+), access controls, and our own signed governance infrastructure. No method of transmission over the Internet is 100% secure. If you discover a security vulnerability, please report it via our contact form - select “Security” as the inquiry type.

8. International Data Transfers

SynOI is based in the United States. If you access our Services from the EEA, UK, or Canada, your data may be transferred to and processed in the United States. We rely on the EU Standard Contractual Clauses (SCCs) and equivalent mechanisms where required to legitimize such transfers.

Enterprise customers requiring a Data Processing Agreement (DPA) or specific data residency arrangements should contact us via our contact form.

9. Your Rights

All users

• Access a copy of the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your personal data (subject to legal retention requirements).

EEA / UK users (GDPR)

• Restrict or object to certain processing activities.
• Data portability: receive your data in a structured, machine-readable format.
• Withdraw consent at any time without affecting prior lawful processing.
• Lodge a complaint with your local supervisory authority.

California residents (CCPA / CPRA)

• Know what personal information we collect, use, disclose, or sell.
• Delete personal information we hold about you (subject to exceptions).
• Correct inaccurate personal information.
• Opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
• Non-discrimination: we will not discriminate against you for exercising your CCPA rights.

Canadian residents (PIPEDA)

You have the right to access personal information we hold about you and to challenge its accuracy.

To exercise any of these rights, please use our contact form - select “Legal” as the inquiry type. We will respond within 30 days.

10. Children's Privacy

The Services are intended for users who are at least 18 years old. We do not knowingly collect personal data from persons under 18. If you believe we have inadvertently collected such data, please contact us immediately via our contact form and we will promptly delete it.

11. Third-Party Links

Our Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on this page and updating the effective date. Your continued use of the Services after changes are posted constitutes acceptance of the updated policy.

13. Contact

For privacy-related requests, questions, or complaints, please use our contact form - select “Legal” as the inquiry type. We will acknowledge your request within 5 business days and respond fully within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

Our full Terms of Service govern your use of the Services and are incorporated by reference into this policy.