Privacy policies for specific Syncrent services
This Policy covers our website, marketing communications, contact forms, help desk, and all general interactions with Syncrent that are not governed by a service-specific policy.
The entity responsible for the processing of your personal data (the data controller) is:
Syncrent Technologies Limited
Piazzale Biancamano 8
Milano MI 20121
Italy
Email: legal@syncrent.io
Registration number: 16876112 (England and Wales)
ICO Registration: ZC068780
Syncrent has appointed Data Protection Officers (DPOs) for the EU and for England and Wales to ensure that personal data is handled in compliance with applicable law. You may contact our DPOs directly for any data protection concerns.
EU Data Protection Officer
DP-Dock DPO Services GmbH
Grüffkamp 10
24159 Kiel
Germany
Email: syncrent@dp-officer.com
Phone: +49 (0)40 9999 93430
UK Data Protection Officer
Bulletproof Cyber Ltd
Unit H, Gateway 1000
Whittle Way, Stevenage
Herts SG1 2FP
United Kingdom
Email: dposupport@worknest.com
Syncrent is deeply committed to privacy, security, and compliance. Where feasible, we use self-hosted infrastructure or EU-based processors rather than large US-based cloud providers. We apply a data minimisation approach throughout our operations: we collect only what we need, retain it only for as long as necessary, and share it only with processors who provide adequate safeguards.
This section describes the categories of personal data we process, the purposes for which we process them, and the legal bases we rely on.
When you visit our website, our infrastructure providers process technical data such as your IP address, browser type, operating system, referring URL, and the pages you visit. This data is used to ensure the technical availability and security of our website and is not used to create personal profiles.
Legal basis: Legitimate interests under Article 6(1)(f) GDPR and UK GDPR (ensuring website security and functionality) / Article 31(1) revDSG (legitimate interests).
We use Pirsch Analytics to understand how visitors use our website. Pirsch Analytics is cookieless by design and does not track users across websites or create individual user profiles. It processes aggregated statistical data such as page views, referrer sources, and device types. No personal data is linked to individual users in our analytics.
Legal basis: Legitimate interests under Article 6(1)(f) GDPR and UK GDPR (understanding website usage in order to improve our services and user experience) / Article 31(1) revDSG.
When you contact us via our contact form, by email, or through forms hosted on Heyflow or OnePage, we process your name, email address, and the content of your message. We use this data to respond to your inquiry and, where applicable, to manage an emerging or existing business relationship with you.
Legal basis: Performance of a contract or pre-contractual steps under Article 6(1)(b) GDPR and UK GDPR (where the inquiry relates to our services) as well as legitimate interests under Article 6(1)(f) GDPR and UK GDPR (responding to inquiries and managing relationships) / Article 31(1) revDSG.
If you subscribe to our newsletter, we process your email address and, where provided, your name. We use Pipedrive and Lettermint to manage our newsletter and transactional email distribution. You may unsubscribe at any time by clicking the unsubscribe link at the bottom of any marketing email or by contacting us directly.
Legal basis: Consent under Article 6(1)(a) GDPR and UK GDPR / Article 31(1) revDSG. You may withdraw your consent at any time without affecting the lawfulness of any processing that took place before withdrawal.
If you engage with us in a business context (for example, by requesting a demo, attending a sales call, or as a prospective or existing customer), we store relevant contact details and communication history in our CRM system (Pipedrive). This data is used to manage our commercial relationship with you and to follow up on opportunities or requests.
Legal basis: Performance of a contract or pre-contractual steps under Article 6(1)(b) GDPR and UK GDPR as well as legitimate interests under Article 6(1)(f) GDPR and UK GDPR (managing business relationships) / Article 31(1) revDSG.
When you enter into a contract with us, we may use Paperless to manage contract execution and collect electronic signatures. In this context, we process your name, email address, and electronic signature.
Legal basis: Performance of a contract under Article 6(1)(b) GDPR and UK GDPR / Article 31(1) revDSG.
When you make a payment to us, we use Mollie and/or Stripe as our payment service providers. These providers process your payment details directly and securely. We receive only the minimum information necessary to confirm and record the transaction (such as your name, the amount, and an invoice reference). We do not store full payment card data on our systems.
Legal basis: Performance of a contract under Article 6(1)(b) GDPR and UK GDPR as well as compliance with legal obligations (tax and accounting law) under Article 6(1)(c) GDPR and UK GDPR / Article 31(1) revDSG.
For certain services or as required by applicable regulations, we may need to verify your identity. We use Veriff as our identity verification provider. Veriff may process government-issued identity documents and biometric data (such as a live selfie) on our behalf. This processing is also subject to Veriff's own privacy notice, which is available on their website.
Legal basis: Compliance with legal obligations under Article 6(1)(c) GDPR and UK GDPR as well as performance of a contract under Article 6(1)(b) GDPR and UK GDPR. Where biometric data is processed, explicit consent under Article 9(2)(a) GDPR and UK GDPR will be obtained / Article 31(1) revDSG.
When you contact our support team, we process your name, email address, and the details of your support request. We retain support tickets to resolve your issue and to maintain a record for quality assurance and audit purposes.
Legal basis: Performance of a contract under Article 6(1)(b) GDPR and UK GDPR as well as legitimate interests under Article 6(1)(f) GDPR and UK GDPR (resolving support requests and improving service quality) / Article 31(1) revDSG.
Our Trust Center at trust.syncrent.io is hosted by Wolfia. It provides information about our security and compliance posture and allows you to request our Data Processing Agreements (DPAs). If you submit a request through the Trust Center, we process your name and email address in order to fulfil your request.
Legal basis: Performance of a contract or pre-contractual steps under Article 6(1)(b) GDPR and UK GDPR (for DPA requests) as well as legitimate interests under Article 6(1)(f) GDPR and UK GDPR / Article 31(1) revDSG.
We use Statuspal to operate our public status page and communicate planned maintenance and incidents. If you voluntarily subscribe to status notifications, we process your email address for that purpose.
Legal basis: Consent under Article 6(1)(a) GDPR and UK GDPR / Article 31(1) revDSG.
We use FriendlyCaptcha on certain forms to verify that submissions originate from humans rather than automated bots. FriendlyCaptcha operates without tracking cookies and is designed with privacy in mind. It processes limited technical data (such as a puzzle challenge response) and does not build user profiles.
Legal basis: Legitimate interests under Article 6(1)(f) GDPR and UK GDPR (protecting our systems from abuse and spam) / Article 31(1) revDSG.
We use Langdock as an internal platform for accessing and working with Large Language Models (LLMs). Langdock processes data only on our instructions and within EU-based infrastructure. We have implemented internal policies to ensure that personal data is not unnecessarily introduced into LLM prompts.
Legal basis: Legitimate interests under Article 6(1)(f) GDPR and UK GDPR (improving internal operational efficiency) / Article 31(1) revDSG.
We use Proton AG to store encrypted cold backups of our systems. Backup data is encrypted before transmission and Proton AG has no access to the contents of these backups.
Legal basis: Legitimate interests under Article 6(1)(f) GDPR and UK GDPR (ensuring data resilience and business continuity) / Article 31(1) revDSG.
We are committed to a minimal cookie footprint. We do not use any advertising or tracking cookies.
Session Cookies (strictly necessary)
We use session cookies that are strictly necessary to operate certain functions of our website. These cookies are temporary and are automatically deleted when you close your browser. They do not collect any personal data that is stored after your session ends and are not used for tracking or profiling.
Local Storage
Some features of our website use local storage (a browser storage mechanism) to remember preferences such as display settings. Data stored in local storage is not transmitted to third parties and is stored only in your browser.
Live Chat Cookies
Our live chat widget may set cookies when you actively engage with it. These cookies are used solely to maintain the continuity of your chat session. The live chat is operated entirely on our own infrastructure and no data is transmitted to any third party. The cookies are set only when you interact with the live chat and are deleted when your session ends.
Analytics (Cookieless)
Our website analytics provider, Pirsch Analytics, does not use cookies and does not track users across websites. It processes only aggregated, anonymised data.
Because we use only strictly necessary session cookies and do not deploy non-essential cookies (except for live chat cookies activated by your own interaction), we do not display a cookie consent banner for most uses of our website. You may delete or block cookies through your browser settings at any time.
We share personal data with the following third-party service providers who act as data processors on our behalf. All processors are bound by Data Processing Agreements (DPAs) and are required to process personal data only on our instructions and to maintain appropriate technical and organisational security measures. Our DPAs are available for download from our Trust Center .
| Category | Processor | Purpose | Contact information | Privacy Policy |
|---|---|---|---|---|
| Infrastructure | Cloudflare | Technical infrastructure, Hosting, DNS, DDoS protection, CDN | Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107, USA | Privacy Policy |
| Hetzner | Technical infrastructure, Hosting, DNS, DDoS protection | Hetzner Online GmbH Industriestr. 25, 91710 Gunzenhausen, Germany | Privacy Policy | |
| Scaleway | Technical infrastructure, Hosting, DNS, DDoS protection | Scaleway S.A.S. 8 rue de la Ville l'Évêque, 75008 Paris, France | Privacy Policy | |
| Supabase* | Technical infrastructure, Hosting | Supabase, Inc. 65 Chulia Street #38-02/03, OCBC Centre, Singapore 049513 | Privacy Policy | |
| Auth0* | Technical infrastructure, Hosting, Security | Okta, Inc. (owns Auth0) 100 First Street, Suite 600, San Francisco, CA 94105, USA | Privacy Policy | |
| Proton AG | Cold storage for encrypted system backups | Proton AG Route de la Galaise 32, 1228 Plan-les-Ouates, Switzerland | Privacy Policy | |
| Analytics | Statuspal | Incident management and monitoring | E.M. StatusPal UG Rheinsberger Str. 76/77, 10115 Berlin, Germany | Privacy Policy |
| Pirsch Analytics | Analytics | Emvi Software GmbH Nickelstraße 1b, 33378 Rheda-Wiedenbrück, Germany | Privacy Policy | |
| Communication | Pipedrive | CRM, Newsletter, Marketing | Pipedrive OÜ Mustamäe tee 3a, 10615 Tallinn, Estonia | Privacy Policy |
| Proton AG | Mail and communications provider | Proton AG Route de la Galaise 32, 1228 Plan-les-Ouates, Switzerland | Privacy Policy | |
| Heyflow | Forms and funnels | Heyflow GmbH Jungfernstieg 49, 20354 Hamburg, Germany | Privacy Policy | |
| Lettermint | Processing of transactional emails and newsletters | Lettermint B.V. Willemsvaart 16 B, 8019 AB Zwolle, Netherlands | Privacy Policy | |
| OnePage | Forms, funnels and marketing pages | Onepage GmbH Hanauer Landstraße 172, 60314 Frankfurt am Main, Germany | Privacy Policy | |
| Payments | Mollie | Payments, invoices, pay links | Mollie B.V. Keizersgracht 126, 1015 CW Amsterdam, Netherlands | Privacy Policy |
| Stripe | Payments, invoices, pay links | Stripe, Inc. 354 Oyster Point Blvd, South San Francisco, CA 94080, USA | Privacy Policy | |
| Paperless | Contracts and electronic signatures | Paperless GmbH Große Friedberger Strasse 13-17, 60313 Frankfurt am Main, Germany | Privacy Policy | |
| Miscellaneous | Veriff | Identity verification provider | Veriff OÜ Niine 11, 10414 Tallinn, Estonia | Privacy Policy |
| Langdock | Provisioning of Large Language Models (LLMs) | Langdock GmbH Greifswalder Straße 212, 10405 Berlin, Germany | Privacy Policy | |
| Proton AG | Provisioning of Large Language Models (LLMs) | Proton AG Route de la Galaise 32, 1228 Plan-les-Ouates, Switzerland | Privacy Policy | |
| FriendlyCaptcha | Captchas and bot protection | Friendly Captcha GmbH Am Anger 3-5, 82237 Wörthsee, Germany | Privacy Policy | |
| Wolfia | Hosting of Trust Center | Wolfia, Inc. United States | Privacy Policy | |
| Cyberday | Hosting of Trust Center | Cyberday Inc. Kalevantie 2, 33100 Tampere, Finland | Privacy Policy |
* Services marked with an asterisk have hosting enabled in the EU region.
Our core infrastructure is located in the EU or Switzerland. However, some of our service providers are based in or may transfer data to countries outside the European Economic Area (EEA), the United Kingdom, or Switzerland (for example, the United States). The United States is not currently subject to an adequacy decision under the UK GDPR.
Where personal data is transferred to third countries, we ensure that appropriate safeguards are in place, including one or more of the following:
You can request copies of our Data Processing Agreements (DPAs), including applicable transfer mechanisms, at our Trust Center: trust.syncrent.io
We retain personal data only for as long as is necessary to fulfil the purposes described in this Privacy Policy and to comply with our legal obligations. The following indicative retention periods apply:
| Data Category | Indicative Retention Period |
|---|---|
| Website log and technical data | Up to 90 days |
| Inquiry and contact data | Up to 3 years from last contact, unless a longer period is required by law or an ongoing business relationship |
| Newsletter subscriber data | Until you unsubscribe or withdraw consent |
| CRM and sales data | Duration of the business relationship plus up to 3 years thereafter |
| Contract and signature data | Up to 10 years in accordance with applicable commercial and tax law |
| Payment records | Up to 10 years in accordance with applicable tax law |
| Support tickets | Up to 3 years from closure of the ticket |
| Identity verification data | As required by applicable regulation, typically as specified by the verification provider and applicable law |
After the applicable retention period, personal data is deleted or anonymised. Where deletion is not immediately possible (for example, because data is contained in backup archives), the data will be securely isolated and deleted as soon as technically feasible.
Depending on where you are located, you have the following rights regarding the processing of your personal data. We will respond to any request within 30 days (or within one month as required under GDPR). If we need to extend this period, we will notify you in advance.
If you are located in the European Union or the European Economic Area, you have the following rights under Regulation (EU) 2016/679 (the GDPR):
If you are located in the United Kingdom, you have equivalent rights under the UK GDPR (the retained version of the EU GDPR as part of UK law) and the Data Protection Act 2018, including all rights listed in section 9.1 above as they apply under UK law. In addition:
If you are located in Switzerland, you have the following rights under the revised Federal Act on Data Protection (Datenschutzgesetz / revDSG):
You can exercise any of your rights by using one of the following channels:
We will respond to your request within 30 days of receipt. In complex cases or where we receive a high volume of requests, we may extend this period by a further two months. We will inform you of any extension and the reason for it within the initial 30-day period.
In order to protect your personal data, we may need to verify your identity before we can process your request. We will aim to make this verification process as straightforward as possible.
Syncrent takes the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These measures include encryption in transit (TLS) and at rest, access controls, DDoS protection, regular backups, and ongoing security monitoring. Our security practices and certifications are documented in our Trust Center at trust.syncrent.io.
Our website and services are not directed at children under the age of 16, and we do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data relating to a child, please contact us immediately using the details in section 14 and we will take steps to delete such data.
We may update this Privacy Policy from time to time to reflect changes in our processing activities, applicable law, or our services. The date of the most recent update is shown at the bottom of this page. We encourage you to review this Privacy Policy periodically.
Where changes are material, we will take additional steps to inform affected data subjects, for example by placing a notice on our website or by sending a notification to affected individuals where we hold their contact details and it is appropriate to do so.
If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:
Email: legal@syncrent.io
Contact form: syncrent.io/contact/
Data request form: syncrent.io/data-request/
Syncrent Technologies Limited
Piazzale Biancamano 8
Milano MI 20121
Italy
Last updated: 15.02.2026