Privacy Policy

How Synorix collects, processes, and protects your data.

1. Data Controller and Contact

SynorixAI OÜ (registry code 17519396), Telliskivi tn 57, 10412 Tallinn, Estonia. Email: [email protected]. We aim to respond to all privacy requests within 30 days.

2. Types of Data We Collect

We collect two categories of data: (a) Website interaction data: IP address, browser type, pages visited, and interaction patterns (collected via standard web server logs and analytics tools, only with consent). (b) Enrollment data: when you submit a pilot enrollment request, we collect company name, your name, work email, phone number, job title, and any details you provide in your message. We do NOT collect, store, or process any operational or internal business data from your organization. We do NOT access your files, systems, workflows, or databases.

3. Legal Basis for Processing (GDPR Art. 6)

(a) Consent — enrollment form submission and analytics cookies. (b) Legitimate interest — website security and service improvement. (c) Contractual necessity — delivering the pilot service to accepted participants.

4. How We Use Your Data

Website interaction data: analytics and security monitoring only. Enrollment data: evaluating your application, communicating enrollment decisions, delivering the pilot service. We do NOT use your data for marketing, profiling, or selling to third parties.

5. Data Retention

Website interaction logs: 90 days, then automatically deleted. Enrollment data: duration of pilot participation + 30 days after termination or rejection, then permanently deleted. During the 30-day period, you may request a data export at no cost.

6. Data Sharing and Third Parties

We do NOT sell your data. We may share data only with: (a) Essential service providers (cloud hosting, email delivery) who are contractually bound to protect your data. (b) Legal authorities, if required by law or court order. (c) A successor entity, in case of acquisition or merger (you will be notified in advance).

7. Data Security

We apply industry-standard technical and organizational measures: encryption in transit (TLS), secure storage, and access controls. In case of a data breach, we will notify affected individuals and relevant authorities within 72 hours of discovery.

8. Your Rights (GDPR)

You have the right to: access, rectify, erase, restrict processing, data portability, and object. To exercise any right, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee) or your local supervisory authority.

9. Cookies and Tracking

We use: Essential cookies: required for site functionality. Analytics cookies: only loaded after your consent via the cookie banner. We do NOT use advertising cookies, cross-site tracking, fingerprinting, or pixel tracking. You can withdraw consent at any time by clicking "Essential only" in the cookie banner.

10. International Data Transfers

Data is processed primarily within the EU/EEA. If any transfer outside the EU/EEA occurs, we ensure compliance via Standard Contractual Clauses or equivalent safeguards.

11. Changes to This Policy

We may update this policy periodically. The "last updated" date at the top reflects any changes. For material changes, pilot participants will be notified by email.

12. Data Protection Officer

Synorix has appointed a Data Protection Officer (DPO) to oversee compliance with data protection regulations. For DPO inquiries, contact us at [email protected]. Residents of the EU/EEA have the right to lodge a complaint with their local data protection authority if they believe we are not complying with their privacy rights.

13. Third-Party Integrations (LinkedIn)

When you connect your LinkedIn account through the platform settings, the following applies. Data collected via LinkedIn OAuth: your LinkedIn profile information (full name, email address, profile headline, LinkedIn member ID, profile URL) and an access token issued by LinkedIn. How we use this data: to identify your LinkedIn account within the platform; to post content to LinkedIn on your behalf, only when you explicitly instruct a Synorix AI agent to do so; and to list LinkedIn company pages you administer. Storage: your LinkedIn access token is encrypted at rest using AES-256-GCM on servers hosted within the EU. Profile information is stored solely to display your connection status. Revocation: you can disconnect your LinkedIn account at any time from Settings → Integrations → LinkedIn → Disconnect. Upon disconnection, your access token and associated profile data are permanently deleted. What we do not do: we do not sell, share, or transfer your LinkedIn data to any third party; we do not read your LinkedIn feed, messages, or connections; we do not post to LinkedIn without an explicit instruction from you.

14. Contact

SynorixAI OÜ · [email protected] · Telliskivi tn 57, 10412 Tallinn, Estonia

Start enrollment

Use enrollment to request pilot access for your organization.

Start enrollment