[ syrakon ]
enesfrdeitplukja

legal · приватність

Політика приватності

Останнє оновлення: 2026-05-05.

1. Who we are

Syrakon is the data controller for the personal data we process directly (your account, billing, support correspondence). When you use the Service to process data about your own end users, you are the controller and Syrakon is the processor — that relationship is governed by the DPA available from legal@syrakon.com.

2. What we collect

  • Account data: email, name (if provided), org membership.
  • Billing data: handled by Paddle as merchant of record. We see transaction metadata, not card details.
  • Service data: what you store using the Service (repos, configs, logs). Encrypted in transit. Encrypted at rest where the underlying database supports it.
  • Support correspondence: emails and tickets you send us.
  • Operational logs: request metadata (IP, timestamp, endpoint) for security and debugging. Retained 90 days.

3. Why we process it

  • To provide the Service (contractual basis).
  • To bill you (legitimate interest, contractual basis).
  • To respond to support requests (contractual basis).
  • To secure the Service (legitimate interest).
  • To comply with legal obligations (e.g. tax, fraud prevention).

4. Where it lives

Customer data is hosted in the European Union. Application servers run in Gravelines, France (OVH). The database is hosted by Turso in Ireland. No data is transferred outside the EU/EEA without a valid transfer mechanism, and we avoid such transfers wherever possible.

5. Subprocessors

We use a small set of subprocessors. Current list:

  • Paddle (merchant of record, billing).
  • Turso (database hosting, Ireland).
  • OVH (application hosting, Gravelines, France).
  • Brevo (transactional email).

An updated subprocessor list is available on request and notified in advance for any change material to your contract.

6. Retention

We keep your account data while you have an active account, plus the period required by tax and accounting law (typically 5–7 years). Operational logs: 90 days. Support tickets: 3 years for institutional memory.

7. Your rights (GDPR)

You can request access, rectification, deletion, restriction, portability, or objection at legal@syrakon.com. We respond within 30 days. You also have the right to lodge a complaint with your supervisory authority.

8. Cookies

This site uses only the strictly necessary cookies required for the dashboard session. No analytics, no ad cookies, no third-party trackers.

9. Changes

Material changes will be notified by email at least 30 days in advance. Trivial changes (typos, clarifications) are reflected here without notice — see "last updated" above.

10. Contact

Privacy questions: legal@syrakon.com.