Privacy Policy

Last updated: April 15, 2026

This privacy policy describes how SynaLinks SAS ("Synalinks") collects, uses, and protects personal data of users of its website synalinks.com and services, in accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act of 6 January 1978 as amended.

Data Controller

SynaLinks SAS — 129 Chemin de la Butte, 31400 Toulouse, France — RCS Toulouse 979 650 090 — privacy@synalinks.com

Data Protection Contact

For any data-protection question or to exercise your rights: privacy@synalinks.com. We respond within 30 days as required by law.

Data Collected

  • Account information: name, email, company name, role, country.
  • Usage data: service interactions, feature usage, query patterns (anonymized).
  • Technical data: IP address, browser type, device information, access logs.
  • Payment data: billing information processed by our payment provider (Stripe).
  • User content: data you upload, concepts and rules you create.
  • Contact / newsletter form: name, email, message.
  • Cookies: see our Cookie Policy.

Purposes and Legal Bases

  • Service delivery (contract performance).
  • Billing and accounting obligations (legal obligation).
  • Commercial communication and newsletter (consent).
  • Service improvement and analytics (legitimate interest).
  • Security, fraud prevention, and moderation (legitimate interest).

No AI Model Training

Your data, queries, and generated responses are never used to train AI models.

Retention Periods

  • Account data: contract duration + 3 years (French statute of limitations for contractual claims, art. 2224 Civil Code).
  • Your data (tables, content): until you delete it or terminate your account.
  • Metadata (schemas, concepts, rules): until associated data is deleted or account terminated.
  • Usage logs: 12 months.
  • Invoices and payment records: 10 years (legal obligation).
  • Prospecting: 3 years from last contact.

Sub-processors (Recipients)

We use the following categories of sub-processors. By accepting the Terms, you authorize us to engage them:

  • Cloud infrastructure: hosting and compute (data stored in the EU).
  • Authentication: user identity and access management.
  • AI providers: natural language processing and data analysis (queries are sent without your raw data values unless required by the analysis).
  • Payment processing: Stripe (PCI-DSS compliant).

Material changes to sub-processors are notified at least 30 days in advance. No data is sold to third parties.

Transfers Outside the EU

Your data is stored on servers located within the European Union. Certain processing (notably AI inference) may involve transfers outside the EEA. In such cases, we implement appropriate safeguards: Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or Binding Corporate Rules.

Your Rights

You have the rights of access, rectification, erasure, objection, restriction, portability, and to set post-mortem directives. To exercise them: privacy@synalinks.com.

You may also lodge a complaint with the French data protection authority (CNIL): www.cnil.fr.

Security

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256).
  • Isolated, per-user backend infrastructure.
  • Secure credential storage using encrypted vaults.
  • Access controls and authentication mechanisms.
  • Regular security audits and penetration testing.
  • Employee training on data protection.