Book a Demo

Privacy Policy

Last updated: March 2025

SOC 2 Type II
GDPR Compliant
CCPA Compliant
AES-256 Encryption
ISO 27001

At Synva LLC ("Synva," "we," "us," or "our"), we are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (synva.ai), AI workers, AI agents, and related services (collectively, the "Services").

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Data Sharing & Disclosure
  4. Data Security
  5. Data Retention
  6. AI & Machine Learning Data Practices
  7. International Data Transfers
  8. Your Privacy Rights
  9. Cookies & Tracking Technologies
  10. Children's Privacy
  11. Changes to This Policy
  12. Contact Us

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, company name, job title, phone number, and billing information when you create an account or purchase our Services.
  • Communication Data: Messages, emails, and support tickets when you contact us.
  • Customer Content: Data you upload or input into the Services, including CRM data, sales playbooks, customer lists, and business process information used to configure your AI workers.

Information Collected Automatically

  • Usage Data: Information about how you use the Services, including features accessed, interaction patterns, and performance metrics.
  • Device & Browser Data: IP address, browser type, operating system, device identifiers, and referral URLs.
  • Log Data: Server logs, error reports, and diagnostic information.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services
  • Configure and personalize your AI workers and agents
  • Process transactions and manage your account
  • Communicate with you about updates, support, and marketing (with your consent)
  • Analyze usage patterns to improve the Services
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

3. Data Sharing & Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

  • Service Providers: Trusted third-party vendors who assist in operating the Services (e.g., cloud hosting, payment processing, analytics), subject to strict confidentiality agreements.
  • AI Model Providers: We may transmit data to AI inference providers (e.g., OpenAI, Anthropic) to generate responses. This data is processed pursuant to our data processing agreements and is not used to train their models.
  • Legal Compliance: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
  • With Your Consent: In any other case where you have given explicit consent.

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Access Controls: Role-based access controls (RBAC) with multi-factor authentication for all internal systems.
  • Infrastructure: Services are hosted on SOC 2 Type II certified cloud infrastructure with regular penetration testing.
  • Monitoring: 24/7 security monitoring, automated threat detection, and incident response procedures.
  • Employee Training: All team members complete annual security awareness and data handling training.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Specifically:

  • Account Data: Retained for the duration of your account and up to 30 days after deletion.
  • Customer Content: Deleted within 30 days of account termination or upon request.
  • Usage & Log Data: Retained for up to 12 months for analytics and security purposes.
  • Billing Data: Retained as required by tax and financial regulations (typically 7 years).

6. AI & Machine Learning Data Practices

As an AI SaaS platform, we take special care with how AI processes your data:

  • Data Isolation: Each customer's data is logically isolated. Your data is never used to train or improve AI models for other customers.
  • No Cross-Customer Training: We do not use your proprietary data, sales playbooks, or customer information to train foundation models or shared AI systems.
  • Inference Only: Customer content is processed for real-time inference only (generating AI worker responses) and is not stored by AI model providers beyond the request lifecycle.
  • Model Fine-Tuning: If you opt into custom model fine-tuning (Enterprise plans), your fine-tuned model is exclusively dedicated to your organization.
  • Human Review: We do not perform human review of AI conversations unless you explicitly request it for quality assurance or unless required for safety compliance.

7. International Data Transfers

Synva is based in the United States. If you access the Services from outside the US, your data may be transferred to, stored, and processed in the US or other jurisdictions where our service providers operate.

For transfers from the European Economic Area (EEA), UK, or Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all sub-processors
  • Supplementary measures as recommended by the EDPB where necessary

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit processing of your data.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdrawal of Consent: Withdraw consent at any time where processing is consent-based.

California Residents (CCPA/CPRA): You have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. You may designate an authorized agent to make requests on your behalf.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (or within the timeframe required by applicable law).

9. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Required for the Services to function (authentication, security).
  • Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics).
  • Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (only with consent).

You can control cookie preferences through your browser settings. Note that disabling essential cookies may affect the functionality of the Services.

10. Children's Privacy

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification for significant changes
  • Displaying a notice within the Services

12. Contact Us

If you have any questions about this Privacy Policy, your data, or our privacy practices, please contact us:

Synva LLC

30 N Gould St Ste N, Sheridan, WY 82801

Email: [email protected]

Phone: (607) 232-2444