LEGAL
Privacy Policy
Last Updated
SYNTARI AI
Privacy Policy
Version 3.0 | Effective Date: February 23, 2026
Table of Contents
Introduction and Scope
Information We Collect
Legal Basis for Processing
How We Use Your Information
4.1 Service Providers and AI ProcessorsCookies and Tracking
Data Retention
Data Security
Your Rights
International Transfers
Children's Privacy
Third-Party Links
Contact Information
Policy Updates
AI and Automated Processing
14.7 AI TransparencyIntroduction and Scope
Syntari AI ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, and interact with our AI-powered products and features. Please read this policy carefully. If you do not agree with our policies and practices, please do not use our services.
This Privacy Policy applies to all information collected through our website, mobile applications, and any related services that link to this policy. It covers personal data processing activities conducted by Syntari AI and our authorized service providers, including artificial intelligence vendors who process customer data as subprocessors.Information We Collect
2.1 Information You Provide
Account Registration Data: Name, email address, password, company name, job title, and phone number
Profile Information: Photo, biographical information, preferences, and communication settings
Payment Information: Billing address, payment method details (processed securely via third-party processors)
Customer Support: Communications with our support team, including emails, chat logs, and file attachments
User-Generated Content: Documents, files, prompts, queries, and outputs created through our services
Survey and Feedback: Responses to surveys, feedback forms, and service evaluation requests
2.2 Information Collected Automatically
Device Information: Browser type, operating system, device model, and device identifiers
Usage Data: Pages visited, features accessed, time spent, clicks, and interactions with our services
Location Data: Approximate location derived from IP address
Cookies and Tracking: Identifiers stored on your device to remember preferences and track behavior
Server Logs: IP address, access times, referring page, and error information
Performance Data: Application performance metrics and crash reports
2.3 Information from Third Parties
Service Providers: Payment processors, hosting providers, and analytics services
Social Media: If you connect your social media account, we receive basic profile information
Publicly Available Sources: Information from public databases or directories for verification purposesLegal Basis for Processing
We process personal data under the following legal bases:
Contract Performance: Processing necessary to provide the services you have requested
Consent: Processing based on your explicit consent, which you may withdraw at any time
Legal Obligation: Processing required to comply with applicable laws and regulations
Legitimate Interests: Processing for purposes such as fraud prevention, system security, and service improvement
Public Interest: Processing required in the public interest or for law enforcement purposesHow We Use Your Information
We use the information we collect for the following purposes:
Service Delivery: Providing, maintaining, and improving our AI-powered services and features
Account Management: Creating and managing your account, processing transactions, and providing customer support
Communication: Sending service announcements, updates, and customer support responses
Marketing: With your consent, sending promotional content and offers tailored to your interests
Analytics: Understanding how users interact with our services to optimize performance and user experience
Security: Detecting, preventing, and addressing fraud, abuse, and security incidents
Compliance: Meeting legal and regulatory obligations, including data protection laws
Aggregate Analytics: Creating anonymized, aggregated insights about service usage patterns
4.1 Service Providers and AI Processors
We engage the following service providers to process customer data as subprocessors. These service providers have committed to maintaining appropriate security measures and data confidentiality:
AI Provider Primary Use Data Categories
Anthropic (Claude API) AI model inference, content generation, analysis Customer Data (prompts, outputs)
OpenAI AI model inference, content generation, analysis Customer Data (prompts, outputs)
Google (Gemini API) AI model inference, content generation, analysis Customer Data (prompts, outputs)
All AI providers listed above are subject to Data Processing Agreements (DPAs) that govern the use of customer data. These agreements include obligations to delete customer data upon termination of service (except as required by law) and restrictions on using customer data for purposes other than providing the specified services.
Additional service providers include: Amazon Web Services (AWS) for infrastructure and hosting, Stripe for payment processing, SendGrid for email communications, and Google Analytics for usage analytics.Cookies and Tracking Technologies
We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience, analyze usage patterns, and deliver targeted content.
5.1 Types of Cookies
Essential Cookies: Required for website functionality and cannot be disabled
Performance Cookies: Collect information about how you use our site to improve performance
Functional Cookies: Remember your preferences and settings for a personalized experience
Marketing Cookies: Track browsing behavior to display relevant advertisements
Third-Party Cookies: Set by our partners for analytics, advertising, and content delivery
5.2 Your Cookie Choices
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, blocking essential cookies may impair your ability to use certain service features. You may also opt out of interest-based advertising through industry opt-out tools.Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.
6.1 Retention Schedules by Data Type
Account Data: Retained for the duration of your account and twelve (12) months after account closure for legal and audit purposes
Transaction Records: Retained for seven (7) years to comply with financial regulations
Support Communications: Retained for three (3) years from the last interaction
Marketing Communications: Retained until you unsubscribe, plus thirty (30) days thereafter
Log Files: Retained for one (1) year for security and performance purposes
Cookies: Retained according to their individual expiration dates (typically 1-24 months)
6.2 AI Provider Data Retention
AI providers engaged by Syntari AI maintain independent retention policies for customer data processed through their services:
Standard Retention: All AI providers (Anthropic, OpenAI, Google) delete customer data (prompts and outputs) within thirty (30) days of service termination or explicit deletion requests
Abuse Monitoring: AI providers retain minimal identifiers and metadata for thirty (30) days to monitor for abuse and policy violations
Grace Period: Syntari AI systems maintain a ninety (90) day grace period after termination to allow account recovery, during which data remains accessible for account restoration
Post-Termination Access: After the ninety (90) day grace period, Syntari AI will not retain copies of data previously transmitted to AI providers
6.3 Permanent Deletion
Upon your written request, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law or necessary for contractual obligations. Some data may remain in backup systems for up to ninety (90) days.Data Security
We implement comprehensive security measures to protect your personal data from unauthorized access, alteration, disclosure, and destruction. Security measures include:
Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
Access Controls: Personal data is restricted to authorized personnel who need access to perform their duties
Authentication: Multi-factor authentication is available for account protection
Network Security: Firewalls, intrusion detection, and regular penetration testing protect our infrastructure
Data Minimization: We collect only the minimum personal data necessary for specified purposes
Incident Response: We maintain a documented incident response plan and notify affected users of breaches as required by law
While we employ industry-standard security practices, no system is entirely secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials.Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
8.1 General Rights
Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data subject to legal obligations
Portability: Request your data in a structured, commonly-used format for transfer to another service
Restriction: Request that we limit processing of your data while you contest its accuracy
Objection: Object to processing based on legitimate interests or direct marketing
Withdrawal of Consent: Withdraw consent for specific processing activities
8.2 Data Subject Requests (DSR)
To exercise your rights, submit a written request to privacy@syntari.ai with documentation of your identity. We will respond within thirty (30) days, though response may be extended due to request complexity or coordination requirements with third-party service providers, particularly AI providers who maintain independent data copies.
Note that data subject rights encompass information held by AI subprocessors. Some customer data may be automatically deleted within the thirty (30) day AI provider retention cycle, which may limit the scope of data available for DSR responses. We will provide information about data subject to automatic deletion by AI providers and the timeline for such deletion.
8.3 California Consumer Rights
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt-out of the sale of personal information. These rights apply to consumers whose data meets CCPA definitions.
8.4 European Rights
Residents of the European Union, United Kingdom, and Switzerland have rights under applicable data protection regulations including GDPR and UK DPA. These include rights to access, rectification, erasure, restriction, portability, and objection to processing.International Data Transfers
Syntari AI operates globally, and your personal data may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from your home country.
9.1 Legal Framework for Transfers
We transfer personal data internationally under the following legal frameworks:
EU-US Data Privacy Framework (DPF): For transfers from the EU, UK, and Switzerland to the United States, Syntari AI relies on the EU-US DPF, UK-US DPF, and Swiss-US DPF. We certify annual compliance with DPF requirements and participate in annual recertification reviews
Standard Contractual Clauses (SCCs): Where available, we use SCCs approved by the European Commission to govern international data transfers
Adequacy Decisions: We rely on data protection adequacy decisions where available
Explicit Consent: For transfers to jurisdictions lacking protective frameworks, we obtain your explicit consent
9.2 AI Provider Transfer Mechanisms
AI providers engaged by Syntari AI process customer data in the United States and other countries. Data transfers to AI providers are governed by:
Anthropic (Claude API): Data transferred to U.S. servers under DPA incorporating standard contractual clauses and AI-specific data processing terms
OpenAI: Data transferred to U.S. servers under DPA and OpenAI's data processing agreements
Google (Gemini API): Data transferred to U.S. and Google Cloud infrastructure under Google's standard data processing terms and DPA
9.3 US-Based AI Processing
Customer data transmitted to AI providers is processed in the United States. This includes customer prompts, queries, and generated outputs. These transfers occur under legal frameworks designed to provide an adequate level of data protection. However, you acknowledge that the United States may not provide equivalent legal protections to those available in the European Union or other jurisdictions with comprehensive data protection laws.Children's Privacy
Our services are not directed to individuals under the age of thirteen (13), and we do not knowingly collect personal data from children under thirteen. If we become aware that we have collected data from a child under thirteen, we will delete such data immediately and terminate the child's account.
For users aged thirteen to eighteen (18), additional parental consent and notification requirements may apply depending on jurisdiction. We encourage parents and guardians to be involved in their children's online activities.Third-Party Links and Services
Our website and services may contain links to third-party websites and services that are not operated by Syntari AI. This Privacy Policy does not apply to third-party websites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services before providing personal information.
We may integrate third-party services (analytics, payment processors, social media) into our platform. Use of these services is governed by their respective privacy policies and terms of service.Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Syntari AI, Inc. Privacy and Data Protection Office Email: privacy@syntari.ai Website: www.syntari.ai Mailing Address: [Company Address] Data Protection Officer (EU/UK/CH): dpo@syntari.ai
We will respond to your inquiry within thirty (30) days. If you are unsatisfied with our response, you may have the right to lodge a complaint with your local data protection authority.Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a new effective date and, where required by law, by obtaining your consent.
Your continued use of our services after changes become effective constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy regularly to stay informed about how we protect your privacy.AI and Automated Processing
Syntari AI provides AI-powered services that process customer data through automated means, including machine learning algorithms and large language models. This section describes our practices regarding AI processing and automated decision-making.
14.1 AI Processing Activities
Our AI services process the following categories of data:
User Prompts and Queries: Text input provided to AI models for analysis, generation, or processing
Generated Outputs: Responses and content created by AI models based on user inputs
Context and Metadata: File names, timestamps, user preferences, and session information used to provide context
Interaction History: Previous interactions used to maintain conversation context and improve user experience
Performance Metrics: Data about feature usage and AI model performance
14.2 Paid vs. Unpaid Tier Differences
Syntari AI offers both paid and unpaid service tiers with different data processing and retention policies:
Unpaid Tier: Data may be retained longer for service improvement purposes and statistical analysis
Paid Tier: Enhanced data protection with stricter retention limits and enhanced privacy controls
Enterprise Tier: Custom data handling agreements with dedicated data privacy terms
14.3 Data Usage for Model Training
For paid subscription tiers, Syntari AI explicitly commits that:
Customer data (prompts and outputs) is NOT used to train or improve our AI models or any third-party AI models
Customer data is processed solely to provide the requested service
Customer data is not used for behavioral analysis or profiling beyond what is necessary for service delivery
All AI processing occurs within the constraints of applicable Data Processing Agreements
For unpaid tiers, limited anonymized usage data may be used to improve service quality, though personally identifiable information is not used for model training.
14.4 Automated Decision-Making and Profiling
Syntari AI may use automated decision-making in the following contexts:
Fraud Detection: Automated systems identify suspicious activity patterns to prevent fraud and abuse
Content Moderation: Automated systems flag potentially harmful content for human review
Access Control: Automated systems verify authentication and authorization
Spam Filtering: Automated systems filter spam and malicious content
Recommendation Systems: Automated systems recommend features and content based on usage patterns
For significant automated decisions that affect you (e.g., account suspension), you have the right to request human review and to contest the decision. We will provide explanation and opportunity for remediation.
14.5 AI Subprocessor Audit Rights
For customers on paid tiers, we provide audit rights regarding AI subprocessor compliance:
SOC 2 Type II Reports: Access to SOC 2 Type II audit reports from our AI providers (Anthropic, OpenAI, Google) documenting security, availability, and processing integrity controls
ISO 27001 Certification: Verification of ISO 27001 compliance where available from AI subprocessors
Data Processing Agreements: Complete DPAs between Syntari AI and AI subprocessors, including data processing obligations and restrictions
Audit Requests: Upon request, we can facilitate third-party audit requests to our AI subprocessors (subject to their audit policies)
Compliance Documentation: Annual attestations of compliance with contractual data processing obligations
14.6 AI Provider Breach Notification
In the event of a data breach or unauthorized access involving AI provider systems, we maintain the following notification protocol:
Notification Timeline: AI providers are contractually required to notify Syntari AI within forty-eight (48) hours of becoming aware of a breach
Cascade Notification: Syntari AI will notify affected customers within seventy-two (72) hours of learning of a breach, consistent with regulatory requirements
Breach Content: Notifications include the nature of the breach, data categories affected, likely consequences, and mitigation measures
Regulatory Reporting: We will cooperate with regulatory authorities and report breaches as required by applicable law
14.7 AI Transparency
We are committed to transparency regarding AI processing. Upon request, we will provide the following information:
AI Provider Identification: Identification of all AI providers processing your data
Processing Purposes: Specific purposes for which your data is processed by each AI provider
Data Categories: Detailed description of data categories processed by AI providers
Retention Details: Specific data retention practices of each AI provider
Processing Location: Geographic location where data is processed by AI providers
Legal Mechanisms: Legal frameworks (DPF, SCCs, etc.) governing data transfers to AI providers
Rights Limitations: Any limitations on exercising data subject rights due to AI provider data retention cycles
To request AI transparency information, contact privacy@syntari.ai with the subject line "AI Processing Information Request."
Copyright © 2026 Syntari AI, Inc. All rights reserved.
This Privacy Policy is provided in English. In case of any conflict between the English version and any translated version, the English version shall prevail.
Last Updated: February 23, 2026
Version 3.0
For the most current version of this Privacy Policy, please visit: www.syntari.ai/privacy