Legal

Privacy Policy

Plain-English. Last updated 1 May 2026. UK GDPR + Data Protection Act 2018 aligned.

Who we are

Syncsity Ltd ("Syncsity", "we", "us") is a UK-incorporated company providing AI-driven business assessment and transformation services. The data controller for this site is Syncsity Ltd. Our contact email is edward@syncsity.com.

What we collect

  • Email address — when you submit the assessment, request a magic link, or contact us.
  • Assessment answers — the responses you give in the conversational form.
  • Hashed IP and user agent — for rate limiting and abuse prevention. Raw IPs are never stored; we hash them with a server-side salt.
  • Anonymous analytics — page views, referrers, and aggregate device info. No third-party advertising trackers.

Why we collect it

  • To generate your Revenue Intelligence Report.
  • To email you the report and any follow-up you request.
  • To prevent abuse (rate limiting, magic-link expiry).
  • To improve the service in aggregate.

The lawful basis is legitimate interest (responding to your enquiry / providing the service you requested) and consent for any subsequent marketing communications, which you can withdraw at any time by replying "unsubscribe" to any email.

Who we share it with

We share the minimum necessary data with the following processors, each under data-processing agreements:

  • OpenRouter / underlying LLM providers — to generate your report. Your business answers and a non-identifying business profile are sent. We instruct providers not to train on this data where the option exists.
  • Google (Sheets / Workspace) — for an internal lead trail. Limited fields; access tightly scoped.
  • Hosting (Hetzner GmbH, EU) — server infrastructure, EU-based.

We do not sell your data, ever. We do not use it for advertising. We do not run third-party retargeting pixels.

How long we keep it

  • Assessments and reports — 3 years from your last interaction.
  • Magic-link tokens — 15 minutes, then deleted.
  • Audit log entries — 12 months.
  • Hashed IPs — 90 days.

Your rights

Under UK GDPR you have the right to access, correct, delete, or export your data, and to object to processing. Email edward@syncsity.com with the subject line "GDPR request" and we'll respond within 30 days. You can also complain to the ICO (ico.org.uk).

Cookies

We use only first-party, strictly-necessary cookies: a session cookie to keep you logged in (HttpOnly, SameSite=Lax), a CSRF token cookie, and a theme preference. No third-party trackers.

Changes

We update this page when our practices change and reset the "last updated" date. Significant changes will be flagged on the home page for at least 14 days.