SynectGEO · Legal
Privacy Policy
Last updated: 28 June 2026
This Privacy Policy explains how SYNECT LIMITED(“we”, “us”) collects, uses, and protects personal data when you use SynectGEO at synectgeo.io. We are the data controller for that processing and are committed to the EU General Data Protection Regulation (GDPR) and Irish data-protection law.
1. Data Controller
The controller responsible for your personal data is:
The Tara Building, 11-15 Tara Street, Dublin 2, D02 RY83, Ireland
Contact: hello@synectgroup.com
2. What Personal Data We Collect
- Account / sign-up data: name and email address (collected at Early Access sign-up).
- Usage data: the brand name, website URL, and custom prompts you submit, and the reports generated for you.
- Technical data: IP address, browser type, device identifiers, and session logs.
- Analytics data: page views and feature usage — collected via Google Analytics 4 only after you opt in through the cookie banner.
3. Why We Collect It (Lawful Basis — GDPR Article 6)
| Processing activity | Lawful basis |
|---|---|
| Early Access sign-up (email) | Consent |
| Delivering the AI visibility report | Contract (performance of service) |
| Sending transactional emails (report ready, account updates) | Contract |
| Product analytics / usage tracking | Consent |
| Marketing emails (if any) | Consent (separate, opt-in) |
| Security monitoring, fraud detection | Legitimate interests |
4. How the Product Works — Data Flow
5. Sub-Processors
We share data with the following sub-processors to operate the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| OpenAI (ChatGPT) | AI visibility queries | USA (SCCs apply) |
| Google (Gemini) | AI visibility queries | USA/EU (SCCs apply) |
| Anthropic (Claude) | AI visibility queries | USA (SCCs apply) |
| Perplexity AI | AI visibility queries | USA (SCCs apply) |
| Supabase | Database, authentication | eu-west-1, Ireland 🇮🇪 |
| Vercel / Cloudflare | Hosting, CDN | EU/USA (SCCs apply) |
| Brevo | Transactional email | EU |
| Google Analytics 4 | Usage analytics (only after consent) | USA (SCCs apply) |
| Stripe | Payment processing (when billing goes live) | USA/EU (SCCs apply) |
For all USA-based sub-processors, transfers rely on the EU Standard Contractual Clauses (SCCs) as the transfer mechanism under GDPR Chapter V.
6. Data Retention
- Account data: retained for the duration of your account and for 30 days after deletion.
- Report data: retained for 12 months, after which it is deleted; you may request earlier deletion at any time.
- Analytics data: retained per the Google Analytics 4 default (up to 14 months), or shorter where configured.
7. Your Rights (GDPR Articles 15–22)
You have the right to:
- Access your data (Article 15)
- Rectify inaccurate data (Article 16)
- Erasure — the “right to be forgotten” (Article 17)
- Data portability (Article 20)
- Object to processing (Article 21)
- Withdraw consent at any time (Article 7)
To exercise any right, contact hello@synectgroup.com. We respond to all rights requests within 30 days.
9. Data Breach Notification
In the event of a data breach likely to result in a risk to your rights, SYNECT LIMITED will notify the Irish Data Protection Commission within 72 hours and notify affected users without undue delay.
10. Supervisory Authority
If you believe your data-protection rights have been infringed, you may lodge a complaint with the Irish supervisory authority:
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by the “Last updated” date above. Continued use of SynectGEO after an update constitutes acceptance of the revised policy.