Updated: April 15, 2026
This Privacy Policy explains how Synthelio Group sp. z o.o. collects, uses, and protects personal data when you visit our website, contact us, or use the Synthelio platform. It applies to personal data for which Synthelio is the controller. For personal data that Synthelio processes on behalf of its business customers, see our Data Processing Addendum.
Synthelio Group spółkaz ograniczoną odpowiedzialnością (“Synthelio,” “we,” “us,” or“our”), a Polish limited liability company with its registered seat at Postępu10/140, 02-676 Warszawa, Poland, registered in the National Court Register(KRS) under number 0000821558, NIP 5213886390, is the controller of personaldata described in this Policy.
Contact for privacymatters: privacy@synthelio.com
This Policy applies when:
• you visit synthelio.com or related websites;
• you contact us through forms, email, or chat;
• you register for or use the Synthelio platform (the“Services”);
• you interact with us at events or through our marketingcommunications.
Where Synthelio processespersonal data on behalf of a business customer using the Services, thatcustomer is the data controller and Synthelio acts as a processor. Suchprocessing is governed by the Synthelio Data Processing Addendum, not thisPolicy.
• Account data: name, business email address, password,organization name, job title (when you register for the Services).
• Contact form and inquiry data: name, business email,company name, message content (when you contact us via the website or email).
• Marketing data: business email address (when yousubscribe to our newsletter or download resources).
• Communications data: messages, attachments, andmetadata when you communicate with us by email, support tickets, or chat.
• Usage data: pages visited, time on site, referring URL,actions taken, and similar analytics data.
• Technical data: IP address, browser type, device type,operating system, language settings.
• Cookie data: see Section 9 (Cookies and SimilarTechnologies).
• Authentication data from Google or Microsoft when yousign in using single sign-on (limited to identifiers and basic profileinformation you authorize).
• Business contact data from publicly available sources(e.g., LinkedIn, company websites) for prospecting and sales outreach, wherepermitted by law.
We process personal dataon the following legal bases under Article 6 of the GDPR:
Purpose
Personal Data Used
Legal Basis
Providing and maintaining the Services (account creation, authentication, support)
Account data, communications data, usage data
Contract (Article 6(1)(b) GDPR)
Billing and payment processing
Account data, billing contact details
Contract (Article 6(1)(b) GDPR); legal obligation for tax/accounting (Article 6(1)(c) GDPR)
Responding to inquiries and contact form submissions
Contact form data, communications data
Legitimate interests (Article 6(1)(f) GDPR) – responding to your request
Website analytics and performance
Usage data, technical data, cookie data
Consent (Article 6(1)(a) GDPR) for non-essential cookies
Marketing emails and newsletters
Email address, name
Consent (Article 6(1)(a) GDPR); withdrawable at any time
Sales outreach to business contacts
Business contact data (name, work email, company, role)
Legitimate interests (Article 6(1)(f) GDPR) – B2B prospecting
Security, fraud prevention, and abuse detection
Technical data, usage data, account data
Legitimate interests (Article 6(1)(f) GDPR) – protecting our systems and users
Legal compliance, dispute resolution, enforcement of agreements
All categories as relevant
Legal obligation (Article 6(1)(c) GDPR); legitimate interests (Article 6(1)(f) GDPR)
Product improvement and aggregated analytics
Usage data (aggregated and de-identified where possible)
Legitimate interests (Article 6(1)(f) GDPR)
You have the right toobject to processing based on legitimate interests; see Section 8 (YourRights).
We do not sell personaldata. We share personal data only with the following categories of recipients,under appropriate safeguards:
We engage trusted thirdparties to process personal data on our behalf, including:
• Hosting and infrastructure: Supabase, Inc. and AmazonWeb Services, Inc. (United States and European Union).
• Email delivery: Amazon Web Services (SES) fortransactional email.
• Customer support: Atlassian (Jira Service Management)for support tickets.
• CRM and marketing communications: HubSpot, Inc.
• Website hosting: Webflow, Inc.
• Website analytics: Google LLC (Google Analytics 4).
These providers arecontractually bound to process personal data only on our instructions and tomaintain appropriate security measures.
When you sign in usingGoogle or Microsoft single sign-on, those providers act as independentcontrollers of your authentication data, subject to their own privacy policies.
We may disclose personaldata to legal, accounting, or other advisors bound by confidentiality, and togovernment authorities or law enforcement where required by law or to protectour legal rights.
In the event of a merger,acquisition, reorganization, or sale of assets, personal data may betransferred to the successor entity, subject to confidentiality and continuedapplication of this Policy or an equivalent.
Some of our serviceproviders are located outside the European Economic Area (“EEA”), including inthe United States. Where we transfer personal data outside the EEA to a countrythat has not been deemed by the European Commission to provide an adequate levelof data protection, we rely on appropriate safeguards, in particular:
• the EU Standard Contractual Clauses (CommissionImplementing Decision (EU) 2021/914);
• supplementary technical and organizational measureswhere appropriate;
• the EU-US Data Privacy Framework, where the recipientis certified.
You may request a copy ofthe safeguards in place by contacting privacy@synthelio.com.
We retain personal dataonly as long as necessary for the purposes set out in this Policy or asrequired by law. Specific retention periods include:
Category
Retention Period
Account data (active customers)
For the duration of your subscription, plus 90 days after termination (subject to backup retention cycles)
Billing and tax records
Up to 5 years from the end of the relevant fiscal year, as required by Polish tax law
Contact form and inquiry data
Up to 24 months from last contact, unless we have an ongoing relationship
Marketing subscriber data
Until you unsubscribe or withdraw consent
Sales prospect data
Up to 24 months from last meaningful interaction, unless you object earlier
Website analytics (Google Analytics 4)
14 months
Server logs and security data
Up to 12 months
Legal acceptance audit logs
For the duration of the agreement, plus 6 years (statute of limitations under Polish civil law)
After the retentionperiod, we delete or anonymize personal data, except where longer retention isrequired by law or to defend legal claims.
Subject to applicable law,you have the following rights regarding your personal data:
• Access: obtain confirmation of whether we process yourpersonal data and a copy of that data.
• Rectification: request correction of inaccurate orincomplete data.
• Erasure: request deletion of your personal data incertain circumstances (“right to be forgotten”).
• Restriction: request that we restrict processing ofyour personal data in certain circumstances.
• Portability: receive your personal data in astructured, commonly used, machine-readable format, and have it transmitted toanother controller where technically feasible.
• Objection: object to processing based on legitimateinterests, including profiling and direct marketing.
• Withdraw consent: where processing is based on consent,you may withdraw it at any time without affecting the lawfulness of priorprocessing.
• Lodge a complaint: with a supervisory authority, inparticular the President of the Personal Data Protection Office of the Republicof Poland (Prezes Urzędu Ochrony Danych Osobowych).
To exercise your rights,email privacy@synthelio.com. We will respond within one month (extendable bytwo months for complex requests, with notice). We may need to verify youridentity before responding.
Our website uses cookiesand similar technologies (pixel tags, web beacons, local storage; collectively,“cookies”) to operate the site, analyze usage, and improve your experience. Wedo not use cookies for cross-site advertising or behavioral profiling.
Cookies are small textfiles placed on your device when you visit a website. They can be first-party(set by Synthelio) or third-party (set by an organization on our behalf), andsession (deleted when you close your browser) or persistent (remain until theyexpire or are deleted).
These cookies areessential for the website and Services to function. They cannot be disabled anddo not require consent under GDPR or the Polish Telecommunications Law.
Cookie
Provider
Purpose
Duration
Session cookie
Synthelio
Maintains your session while you use the Services
Session
Authentication token
Synthelio / Supabase
Keeps you signed in to the Services securely
Up to 30 days
Cookie consent preference
Synthelio (or cookie banner provider)
Remembers your cookie consent choice
Up to 12 months
CSRF protection
Synthelio
Prevents cross-site request forgery attacks
Session
These cookies help usunderstand how visitors interact with the website. We use Google Analytics 4.They are set only with your consent; if you decline, no analytics cookies willbe set.
Cookie
Provider
Purpose
Duration
_ga
Google LLC (GA4)
Distinguishes unique users
2 years
_ga_<container-id>
Google LLC (GA4)
Maintains session state for analytics
2 years
_gid
Google LLC (GA4)
Distinguishes users for analytics
24 hours
Google Analytics 4 data isprocessed in the United States and the European Union. We have configuredGoogle Analytics to anonymize IP addresses where required. Google acts as ourprocessor under the Google Ads Data Processing Terms. Transfers outside the EEAare protected by the EU Standard Contractual Clauses and, where applicable, theEU-US Data Privacy Framework.
These cookies rememberyour preferences (such as language or display settings) to provide a morepersonalized experience. Set only with your consent. Synthelio currently doesnot use functional cookies beyond strictly necessary ones; this section is includedfor completeness and may apply as the website evolves.
When you first visit ourwebsite, a cookie banner allows you to accept all cookies, reject allnon-essential cookies, or customize your preferences by category. Your choiceis remembered for up to 12 months, after which the banner will reappear so youcan confirm or change your preferences.
You can change your cookiepreferences at any time by clicking “Cookie Settings” in the website footer.
Most browsers also allowyou to view, manage, delete, and block cookies. Please note that disablingstrictly necessary cookies may prevent the website or Services from functioningproperly. Browser-specific instructions:
• Chrome: https://support.google.com/chrome/answer/95647
• Firefox:https://support.mozilla.org/kb/cookies-information-websites-store-on-your-computer
• Safari:https://support.apple.com/guide/safari/manage-cookies-sfri11471
• Edge:https://support.microsoft.com/microsoft-edge/delete-cookies-in-microsoft-edge
Some browsers offer a “DoNot Track” signal. Because there is no industry-standard interpretation of thissignal, we currently do not respond to it. You can manage cookies through thecookie banner and your browser settings.
• Strictly necessary cookies: necessary for the operationof the website and Services; no consent required under Article 173 of thePolish Telecommunications Law and the ePrivacy Directive.
• Analytics and functional cookies: your consent, givenvia the cookie banner. You may withdraw consent at any time without affectingprior processing.
We implement appropriatetechnical and organizational measures to protect personal data againstaccidental or unlawful destruction, loss, alteration, unauthorized disclosure,or access. These measures include encryption in transit and at rest, access controls,multi-factor authentication for administrative access, regular securitytesting, and incident response procedures. No system is 100% secure; in theevent of a personal data breach affecting your data, we will notify you and thecompetent supervisory authority where required by law.
The Services are intendedfor business use and are not directed to children under the age of 16. We donot knowingly collect personal data from children. If you believe a child hasprovided us with personal data, please contact privacy@synthelio.com and wewill take steps to delete it.
We do not make decisionsbased solely on automated processing that produce legal effects concerning youor similarly significantly affect you.
We may update this Policyfrom time to time. Material changes will be communicated by email (toregistered users) or by a prominent notice on our website at least 14 daysbefore they take effect. The version number and effective date at the top ofthis Policy indicate when it was last updated.
If you have any questions,concerns, or requests regarding this Policy or your personal data, pleasecontact us at:
Synthelio Inc.
Email: privacy@synthelio.com
Address: Postępu 10/140, 02-676 Warszawa, Poland
You also have the right tolodge a complaint with the Polish Personal Data Protection Office (UrządOchrony Danych Osobowych), ul. Stawki 2, 00-193 Warszawa, Poland,https://uodo.gov.pl.
[End of Privacy Policy]
.svg)
.svg)