SyntrixOne is in closed beta. Live platform status: syntrixone.com/status
SyntrixOne
Legal

Privacy Policy

Last updated: June 20, 2026· v0.1-draft

Draft — pending legal review

This document is a placeholder. SyntrixOne, Inc. has not yet executed final terms. Customers in a closed beta should refer to the signed mutual beta agreement provided by SyntrixOne for binding terms.

1. Introduction

This Privacy Policy explains how SyntrixOne, Inc. (“SyntrixOne,” “we,” “us”) collects, uses, shares, and protects your personal information when you visit our websites, use our platform, or otherwise interact with us. By using the Service you acknowledge this Policy.

2. Our Role

We act as a data controller for visitors to our marketing sites, prospects, and the individuals who sign up for an account. We act as a data processor for personal data that our customers ingest into the Service (e.g., your customers’ messages, contacts, tickets). Processing on behalf of customers is governed by our Data Processing Addendum.

3. Information We Collect

3.1 Information You Provide

  • Account data: name, email, phone, password (hashed), company, role, country.
  • Workspace data: workspace name, branding, billing address, payment details (handled by our payment processor; we never receive raw card numbers).
  • Content: messages, attachments, knowledge-base articles, contacts, tickets that you submit.
  • Support & sales communications: messages you send us via /contact, /demo, email, or chat.

3.2 Information Collected Automatically

  • Usage data: page views, feature interactions, timestamps, referring URL.
  • Device data: IP address (truncated for storage), user-agent, browser language, OS.
  • Cookies: session cookies, preference cookies, and (with consent) analytics cookies.

4. How We Use Information

  • Provide, secure, and improve the Service.
  • Authenticate you and protect your account.
  • Send transactional emails (verification, billing, alerts) and operational notices.
  • Send marketing communications, with opt-out at any time.
  • Detect abuse, fraud, and policy violations.
  • Comply with legal obligations and enforce our Terms.

We do not use your content or your end-users’ messages to train foundation models. We may use anonymized, aggregated usage statistics to improve the product.

For EU/EEA/UK individuals, we rely on:

  • Contract — to provide the Service you signed up for.
  • Legitimate interests — to secure, improve, and market the Service (balanced against your rights).
  • Consent — for optional analytics cookies and marketing emails.
  • Legal obligation — to comply with tax, accounting, and law-enforcement requirements.

6. How We Share

We share information with:

  • Subprocessors who provide infrastructure, payment processing, communications, and AI inference (see Section 7).
  • Other workspace members when you invite them or assign them to a conversation.
  • Authorities when required by valid legal process — we challenge overbroad requests.
  • Successors in a merger, acquisition, or asset sale; the acquirer is bound by this Policy.

We do not sell personal information.

7. Subprocessors

A current list of subprocessors is published and updated at /legal/subprocessors (coming soon). Current categories include:

  • Cloud hosting & database: AWS / GCP / Mongo Atlas (EU + US regions).
  • Payments: Stripe, Inc.
  • Email delivery: Resend.
  • Telephony / SMS / WhatsApp: Twilio.
  • AI inference: OpenAI, Anthropic, Google (no customer data used for model training).
  • Error tracking & observability: internal logging (no third-party APM in beta).

8. Cookies & Tracking

We use strictly-necessary cookies for sign-in (syntrix_token) and preference cookies (theme, locale). We do not place analytics cookies before consent. EU/EEA/UK visitors see a cookie banner on first visit; preferences can be changed any time at /legal/cookies.

9. Data Retention

  • Account data: retained while your account is active and for 30 days after closure (then deleted).
  • Customer Data: retained per your workspace settings; you can export and erase any time via the API or by request.
  • Billing & tax records: 7 years, per applicable tax law.
  • Audit logs & security telemetry: up to 18 months for fraud and abuse investigations.

10. Security

We use encryption in transit (TLS 1.2+) and at rest, strict RBAC, audit logging, MFA for staff, and least-privilege access. We are working toward SOC 2 Type II attestation. Report security issues to security@syntrixone.com; please do not test for vulnerabilities on production until you have written authorization.

11. International Transfers

We process data primarily in the US and EU. Where we transfer personal data outside the EEA, UK, or Switzerland, we rely on the EU Standard Contractual Clauses (2021), the UK International Data Transfer Addendum, and additional safeguards (encryption, access controls, transparency reports).

12. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and receive a copy of your personal data.
  • Correct inaccurate data.
  • Delete your data (subject to legal retention requirements).
  • Restrict or object to certain processing.
  • Withdraw consent at any time.
  • Lodge a complaint with your data protection authority.

To exercise these rights, email privacy@syntrixone.com from the email address on file. We respond within 30 days.

13. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we hold such data, contact privacy@syntrixone.com and we will delete it.

14. US State Rights (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA)

California, Virginia, Colorado, Connecticut, and Utah residents have specific rights, including the right to know, delete, correct, and opt out of “sale” or “sharing” of personal information. We do not sell personal information. Submit requests via privacy@syntrixone.com; we will verify your identity before fulfilling.

15. Changes to this Policy

We may update this Policy. Material changes are announced 30 days in advance via email or in-product banner.

16. Contact

SyntrixOne, Inc. — Privacy
privacy@syntrixone.com
EU representative (Art. 27 GDPR): to be appointed prior to public launch.
UK representative: to be appointed prior to public launch.

Questions about this document? Contact us.