Start free trial

Login

Start free trial

Login

LEGAL

CCPA

Last Updated

Jan 9, 2026

CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

AND

CALIFORNIA PRIVACY RIGHTS ACT (CPRA) NOTICE

Effective Date: March 18, 2025

1. Introduction and Scope

This California Privacy Notice ("Notice") is provided by Syntari International, Inc. ("Syntari," "we," "us," or "our") to California residents pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA").

This Notice supplements our Privacy Policy and describes:

   •  The categories of personal information we collect and the purposes for collection

   •  The categories of personal information we "sell" or "share" for cross-context behavioral advertising

   •  The categories of sensitive personal information we collect and process

   •  Your rights as a California consumer under the CCPA

   •  How to exercise your rights, including the right to opt-out

This Notice applies to California residents who interact with our Services, including:

   •  Syntari Platform (app.syntari.ai) – Our AI-native consulting workflow platform

   •  Syntari Advisory Services – Professional management consulting services

   •  Syntari Academy – Educational courses, workshops, and training programs

   •  Syntari Websites – syntari.ai and all related subdomains

This Notice should be read in conjunction with our Terms of Service, Privacy Policy, Cookie Policy, and Acceptable Use Policy.

2. Key Definitions

The following definitions are used throughout this Notice consistent with CCPA terminology:

"Business" means Syntari International, Inc., a Delaware corporation that collects consumers' personal information and determines the purposes and means of processing.

"Consumer" means a California resident, as defined in California Civil Code Section 1798.140(i).

"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include publicly available information, deidentified or aggregated information, or information excluded from the CCPA's scope.

"Sensitive Personal Information" means personal information that reveals: social security number, driver's license, state ID, or passport number; account login credentials; financial account information; precise geolocation; racial or ethnic origin; religious beliefs; union membership; genetic data; biometric information; health information; or sex life/sexual orientation.

"Sale" means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information to a third party for monetary or other valuable consideration.

"Share" or "Sharing" means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information to a third party for cross-context behavioral advertising, whether or not for monetary consideration.

"Service Provider" means a person or entity that processes personal information on behalf of Syntari pursuant to a written contract that prohibits the person from retaining, using, or disclosing personal information for any purpose other than performing the services specified in the contract.

"Contractor" means a person or entity to whom Syntari makes available personal information for a business purpose pursuant to a written contract that includes CCPA-required restrictions.


 

3. Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information from California consumers:

Category (per CCPA §1798.140(v))

Examples Collected

Collected?

A. Identifiers

Real name, email address, account name, IP address, unique personal identifiers, online identifiers

YES

B. Personal Information (Cal. Civ. Code §1798.80(e))

Name, address, telephone number, employment, credit card number (processed by Stripe), bank account number (processed by Stripe)

YES

C. Protected Classification Characteristics

Age, gender (if voluntarily provided)

LIMITED

D. Commercial Information

Records of products or services purchased, purchasing or consuming histories, subscription details

YES

E. Biometric Information

N/A

NO

F. Internet or Other Electronic Network Activity

Browsing history, search history, interactions with our website and platform, click paths, session data

YES

G. Geolocation Data

Approximate location (IP-based); precise location only with explicit consent

YES

H. Sensory Data

Audio recordings (support calls, if recorded with consent); profile photos

LIMITED

I. Professional or Employment Information

Job title, company name, industry, professional experience

YES

J. Non-Public Education Information

Academy course enrollment, progress, certifications (non-FERPA)

YES

K. Inferences

Profiles reflecting preferences, characteristics, behavior, trends, interests

YES

L. Sensitive Personal Information

Account login credentials; precise geolocation (with consent)

YES

4. Sources of Personal Information

We collect personal information from the following categories of sources:

4.1 Directly from You

   •  Account registration and profile creation

   •  Subscription purchases and payment processing

   •  Documents, files, and content you upload to our platform

   •  Prompts, queries, and interactions with AI features

   •  Communications with customer support

   •  Survey responses, feedback, and event registrations

   •  Academy course enrollments and submissions

4.2 Automatically Collected

   •  Cookies, pixels, and similar tracking technologies

   •  Server logs and analytics data

   •  Device and browser information

   •  IP address and approximate geolocation

4.3 From Third Parties

   •  Authentication providers (Google, Microsoft, Apple)

   •  Integration services (Google Workspace, Microsoft 365, Slack, Notion, Box)

   •  Payment processors (Stripe)

   •  Analytics providers (Google Analytics)

   •  Marketing and advertising partners

   •  Business contact data providers (for B2B marketing)


 

5. Business and Commercial Purposes for Collection

We collect and use personal information for the following business and commercial purposes:

5.1 Service Delivery

   •  Creating and managing your account

   •  Providing access to the Syntari Platform and AI features

   •  Delivering Advisory Services and consulting deliverables

   •  Processing payments and managing subscriptions

   •  Providing Academy courses, workshops, and certifications

   •  Customer support and technical assistance

5.2 Platform Operations

   •  Maintaining, improving, and optimizing our Services

   •  Personalizing user experience and AI agent responses

   •  Analytics, research, and benchmarking

   •  Debugging and error detection

   •  AI model improvement (with appropriate safeguards)

5.3 Security and Fraud Prevention

   •  Detecting and preventing fraudulent activity

   •  Protecting against security threats and abuse

   •  Verifying user identity and account security

   •  Enforcing our Terms of Service and Acceptable Use Policy

5.4 Communications

   •  Sending transactional emails (account, billing, support)

   •  Product updates, feature announcements, and service notices

   •  Marketing communications (with consent where required)

5.5 Advertising

   •  Delivering targeted advertisements on third-party platforms

   •  Measuring advertising effectiveness and ROI

   •  Creating lookalike audiences for customer acquisition

   •  Retargeting website visitors

5.6 Legal Compliance

   •  Complying with applicable laws and regulations

   •  Responding to legal requests and court orders

   •  Establishing, exercising, or defending legal claims

6. Disclosure of Personal Information

In the preceding twelve (12) months, we have disclosed the following categories of personal information to third parties for business purposes:

Category

Categories of Recipients

Business Purpose

A. Identifiers

Service providers, payment processors, analytics providers, AI/LLM providers

Service delivery, analytics, AI features

B. Personal Information

Payment processors (Stripe)

Payment processing

D. Commercial Information

Service providers, analytics providers

Service delivery, analytics

F. Internet Activity

Analytics providers, advertising partners

Analytics, advertising

G. Geolocation Data

Analytics providers

Analytics, personalization

I. Professional Information

Service providers, AI/LLM providers

Service delivery, AI features

K. Inferences

Analytics providers, advertising partners

Analytics, targeted advertising

7. "Sale" and "Sharing" of Personal Information

7.1 Sale of Personal Information

Syntari does NOT sell personal information for monetary consideration.

We do not sell your personal information to data brokers, lead generation companies, or other third parties for money.

7.2 Sharing for Cross-Context Behavioral Advertising

Under the CCPA's broad definition of "sharing," we may share the following categories of personal information with advertising partners for cross-context behavioral advertising:

Category Shared

Third Parties

Purpose

A. Identifiers (online identifiers, device IDs, cookie IDs)

Google Ads, LinkedIn, Facebook/Meta

Targeted advertising

F. Internet Activity (browsing history, interactions)

Google Ads, LinkedIn, Facebook/Meta

Targeted advertising

K. Inferences (interests, preferences)

Google Ads, LinkedIn, Facebook/Meta

Targeted advertising

This sharing occurs through cookies and tracking technologies when you visit our website. You have the right to opt-out of this sharing. See Section 10 for opt-out instructions.

7.3 No Sale or Sharing of Minors' Information

We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age. Our Services are not directed to individuals under 16.


 

8. Sensitive Personal Information

8.1 Categories of Sensitive Personal Information Collected

We collect the following categories of sensitive personal information:

Sensitive Category

Purpose of Collection

Use Limitation

Account login credentials (username + password)

Account authentication and security

Limited to service delivery

Precise geolocation (with consent)

Location-based features (if enabled)

Limited to service delivery

8.2 Use of Sensitive Personal Information

We use sensitive personal information only for purposes permitted under CCPA Section 1798.121:

   •  Performing services or providing goods reasonably expected by an average consumer

   •  Ensuring security and integrity

   •  Short-term, transient use (not disclosed to third parties, not used for profiling)

   •  Performing services on behalf of the business

   •  Activities to verify or maintain quality or safety

We do NOT use sensitive personal information for purposes that would trigger the right to limit use (e.g., inferring characteristics about you, profiling, or advertising).

9. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.

Data Category

Retention Period

Criteria

Account data

Duration of account + 90 days

Contract duration

Payment and billing records

7 years

Legal/tax requirements

Platform usage logs

18 months

Analytics, fraud prevention

AI conversation history

90 days (or user deletion)

Service functionality

Marketing consent records

Until opt-out + 30 days

Consent documentation

Security and audit logs

2 years

Security compliance

Cookie identifiers (advertising)

Up to 13 months

ePrivacy compliance

10. Your California Privacy Rights

As a California consumer, you have the following rights under the CCPA:

10.1 Right to Know (Access)

You have the right to request that we disclose:

   •  The categories of personal information we have collected about you

   •  The categories of sources from which personal information is collected

   •  The business or commercial purpose for collecting, selling, or sharing personal information

   •  The categories of third parties to whom we disclose personal information

   •  The specific pieces of personal information we have collected about you

10.2 Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to certain exceptions under CCPA Section 1798.105(d), including:

   •  Completing the transaction for which the information was collected

   •  Detecting security incidents or protecting against malicious activity

   •  Debugging to identify and repair errors

   •  Exercising free speech or another legal right

   •  Complying with the California Electronic Communications Privacy Act

   •  Engaging in research in the public interest

   •  Internal uses reasonably aligned with your expectations

   •  Complying with a legal obligation

10.3 Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes for processing.

10.4 Right to Opt-Out of Sale/Sharing

You have the right to direct us not to "sell" or "share" your personal information to third parties. To exercise this right:

   •  Click "Do Not Sell or Share My Personal Information" on our website

   •  Visit: syntari.ai/do-not-sell

   •  Email: privacy@syntari.ai with subject line "Opt-Out Request"

   •  Enable Global Privacy Control (GPC) in your browser – we honor GPC signals automatically

10.5 Right to Limit Use of Sensitive Personal Information

You have the right to limit our use of sensitive personal information to purposes necessary for performing services or providing goods. However, we currently use sensitive personal information only for such permitted purposes, so no limitation is required.

10.6 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. We will not:

   •  Deny you goods or services

   •  Charge you different prices or rates

   •  Provide a different level or quality of goods or services

   •  Suggest you may receive different prices or quality

However, we may offer financial incentives for the collection, sale, or deletion of personal information. If we do, we will provide notice and require opt-in consent.


11. How to Exercise Your Rights

11.1 Submitting Requests

You may submit requests to exercise your rights through the following methods:

   •  Online Form: syntari.ai/privacy-request

   •  Email: privacy@syntari.ai

   •  Toll-Free Number: 1-855-SYNTARI (1-855-796-8274)

   •  Mail: Syntari International, Inc., Attn: Privacy Team, One Marina Park Drive, Suite 1410, Boston, MA 02210

11.2 Verification

To protect your personal information, we must verify your identity before fulfilling your request. Verification methods may include:

   •  Confirming your email address through an email verification link

   •  Matching information you provide against information we have on file

   •  For requests to access specific pieces of personal information, heightened verification measures (e.g., signed declaration under penalty of perjury)

If we cannot verify your identity, we may ask for additional information or deny your request.

11.3 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. To do so:

   •  Provide the agent with written, signed permission

   •  The agent must submit proof of authorization with the request

   •  We may verify your identity directly and confirm you authorized the agent

Registered agents with proof of valid power of attorney under California Probate Code Sections 4000-4465 do not need separate signed authorization.

11.4 Response Timeframes

We will acknowledge receipt of your request within 10 business days.

We will respond to verifiable requests within 45 calendar days of receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.

11.5 Request Limitations

You may make a request to know or delete twice within a 12-month period.

We are not required to provide personal information more than twice in a 12-month period.

12. Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals as a valid opt-out request for the "sale" or "sharing" of personal information under the CCPA.

If your browser or device sends a GPC signal, we will:

   •  Automatically treat the signal as an opt-out of sale/sharing

   •  Disable non-essential tracking cookies

   •  Stop sharing your personal information with advertising partners

   •  Apply your preference to all interactions from that browser/device

Learn more about GPC at: https://globalprivacycontrol.org

13. Financial Incentives

We may offer programs, benefits, or other offerings that involve the collection, retention, or deletion of personal information ("financial incentives").

Currently, we do not offer financial incentive programs that would require disclosure under CCPA Section 1798.125.

If we introduce such programs in the future, we will:

   •  Provide clear notice describing the program

   •  Require opt-in consent

   •  Explain how the value of the incentive relates to the value of your data

   •  Allow you to withdraw from the program at any time

14. Other U.S. State Privacy Laws

In addition to California, Syntari honors privacy rights under other state privacy laws, including:

   •  Virginia Consumer Data Protection Act (VCDPA)

   •  Colorado Privacy Act (CPA)

   •  Connecticut Data Privacy Act (CTDPA)

   •  Utah Consumer Privacy Act (UCPA)

   •  Iowa Consumer Data Protection Act

   •  Montana Consumer Data Privacy Act

   •  Oregon Consumer Privacy Act

   •  Texas Data Privacy and Security Act

   •  Delaware Personal Data Privacy Act

   •  Indiana Consumer Data Protection Act

   •  Tennessee Information Protection Act

   •  Nebraska Data Privacy Act

   •  New Jersey Data Privacy Act

   •  New Hampshire Privacy Act

   •  Kentucky Consumer Data Protection Act

   •  Rhode Island Data Transparency and Privacy Protection Act

   •  Maryland Online Data Privacy Act

   •  Minnesota Consumer Data Privacy Act

Residents of these states may exercise similar rights (access, correction, deletion, opt-out of targeted advertising) using the methods described in Section 11.

15. Changes to This Notice

We may update this California Privacy Notice periodically to reflect changes in our practices or legal requirements.

15.1 Notification of Changes

For material changes, we will:

   •  Provide at least 30 days' advance notice via email

   •  Post a prominent notice on our website

   •  Update the "Effective Date" at the top of this Notice

15.2 Annual Review

We review this Notice at least annually to ensure accuracy and compliance with CCPA requirements, including the Attorney General's regulations and any future California Privacy Protection Agency regulations.

16. Contact Information

For questions about this California Privacy Notice or to exercise your rights:

 

Online Form: syntari.ai/privacy-request

Email: privacy@syntari.ai

Toll-Free Number: 1-855-SYNTARI (1-855-796-8274)

 

Mailing Address:

Syntari International, Inc.

Attn: Privacy Team

One Marina Park Drive, Suite 1410

Boston, MA 02210

United States

 

For AI & LLM Privacy Inquiries: ai-privacy@syntari.ai

For Opt-Out Requests: syntari.ai/do-not-sell

 

END OF CCPA/CPRA NOTICE

© 2025 Syntari International, Inc. All rights reserved.