Last updated:
privacy policy
🍪 Cookie Policy
Effective Date: 05/06/2026 Last Updated: 05/06/2026
What Are Cookies?
Cookies are small text files placed on your device when you visit our website. They help us deliver core functionality and remember your preferences.
Cookies We Use
Strictly Necessary Cookies These cookies are essential for the website to function and cannot be disabled.
Cookie Name
Purpose
Duration
session_id
Maintains your session state across pages
Session
csrf_token
Protects against cross-site request forgery
Session
framer_consent
Stores your cookie consent preference
12 months
We do not use analytics, tracking, or advertising cookies. No third-party cookies are placed on your device.
How We Use Cookie Data
Data collected via cookies is used solely to maintain the functionality of our website. It may be processed by our API infrastructure hosted on Microsoft Azure. No cookie data is sold or shared with third parties.
Your Choices
You may manage cookies at any time by:
Clicking "Manage Cookies" in the footer of our website
Adjusting your browser settings to block or delete cookies
Note: Disabling strictly necessary cookies may affect core website functionality.
Contact
For cookie-related queries, contact us at: info@synthetica.ai
🔒 Privacy Policy
Effective Date: 05/06/2026 Last Updated: 05/06/2026 Version: 1.0
1. Who We Are
Synthetica SMPC ("we", "our", "us") is the data controller responsible for your personal data.
Registered Address: Agiou Konstantinou 40, Marousi 15124 Greece
Data Protection Contact: info@synthetica.ai
Website: synthetica.ai
2. Data We Collect
2.1 Data You Provide Directly
Name, email address, and contact details (e.g., via forms)
Account credentials (if applicable)
Any content or files you submit through our platform
2.2 Data Collected Automatically
IP address and approximate geolocation
Browser type, operating system, device identifiers
Pages visited and time on site
API request logs (timestamps, endpoints accessed, response codes)
2.3 Data We Do Not Collect We do not use analytics tools or place tracking cookies. We do not collect special category data (health, ethnicity, biometrics, political views) unless explicitly required and consented to.
3. How We Use Your Data
Purpose
Legal Basis
Retention
Delivering our service
Contract (Art. 6.1.b GDPR)
Duration of service + 30 days
Responding to inquiries
Legitimate interest (Art. 6.1.f)
12 months
Security monitoring & incident response
Legal obligation / Legitimate interest
90 days
Legal/compliance obligations
Legal obligation (Art. 6.1.c)
As required by law
4. Infrastructure & Data Storage
Our website is built and served via Framer (framer.com), and our backend API is hosted on Microsoft Azure, operating within [EU West / specify your region]. Both platforms maintain:
ISO/IEC 27001 certification for information security management
Encryption in transit (TLS 1.2+) and at rest (AES-256)
Regular penetration testing and vulnerability management
Access controls aligned with the principle of least privilege
A full record of sub-processors is available upon request.
5. Data Sharing
We do not sell your personal data. We may share data with:
Microsoft Azure — API hosting and infrastructure
Framer Inc. — Website delivery and hosting
Legal authorities — Where required by law or court order
All third-party processors are contractually bound to handle data in compliance with applicable data protection law.
6. International Transfers
Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms.
7. Your Rights
Under GDPR and applicable law, you have the right to:
Access — Request a copy of the data we hold about you
Rectification — Correct inaccurate or incomplete data
Erasure — Request deletion of your data ("right to be forgotten")
Restriction — Ask us to limit how we process your data
Portability — Receive your data in a machine-readable format
Object — Object to processing based on legitimate interest
Withdraw Consent — At any time, without affecting prior processing
To exercise any right, contact us at info@synthetica.ai We will respond within 30 days.
You also have the right to lodge a complaint with your national supervisory authority (e.g., the ICO in the UK, or your local DPA in the EU).
8. Security Measures
We apply technical and organisational measures in line with ISO/IEC 27001 principles, including:
Role-based access control (RBAC) on all systems
Encrypted communications between client and Azure API
Audit logging of access and data processing activities
Incident response procedures with defined RTO/RPO targets
Regular staff training on data handling and security
9. Data Retention
We retain personal data only as long as necessary for the stated purpose or as required by law. Upon expiry of the retention period, data is securely deleted or anonymised.
10. Children's Privacy
Our website is not directed at children under 16. We do not knowingly collect data from minors. If you believe a minor has submitted data, contact us immediately.
11. Changes to This Policy
We may update this policy periodically. The "Last Updated" date at the top reflects the most recent revision. Material changes will be communicated via email or a banner on our website.
12. Contact Us
Synthetica Agiou Konstantinou 40, Marousi, 15124 Greece
📞 +30 210 61 99 553
