GDPR Compliance Statement
Effective Date: [Insert Date]
Company: Syntra AI Solutions Ltd
Contact Email: support@syntrasolutions.tech

1. Our Commitment to GDPR

At Syntra AI Solutions Ltd, we are fully committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the UK GDPR. We recognise the importance of protecting the personal data of our clients and end-users and ensuring transparency, accountability, and security in all our data processing activities.

2. Who We Are

Syntra AI Solutions Ltd is a provider of AI-powered chatbot solutions for businesses across sectors including e-commerce, healthcare, finance, and hospitality. We operate primarily in the UK, EU, and US markets and are incorporated in the Isle of Man.

3. Legal Basis for Processing

We process personal data under the following lawful bases:

Consent – when users actively agree to data collection via chatbots or website cookies.

Contractual necessity – when processing is required to deliver our services to clients.

Legitimate interests – for improving our chatbot performance and customer experience.

Legal obligations – when required to comply with applicable law or regulation.

4. Types of Data We Collect

Depending on the chatbot implementation and client requirements, we may collect:

Name

Email address

Booking or inquiry details

IP address and device/browser data

Chat content and interactions

Payment-related information (via secure third-party processors like Stripe)

We do not knowingly collect sensitive personal data (e.g., health data, political views) unless explicitly required and consented to within a custom use case.

5. How We Use Personal Data

Personal data is used to:

Provide chatbot-based services

Deliver customer support

Improve bot performance through analytics and optimisation

Facilitate payments (via secure third-party providers)

Comply with legal obligations

6. Data Sharing and Processors

We may share data with trusted third-party processors that support our services, including:

Botpress – chatbot platform provider

OpenAI – for natural language processing (where used)

Ionos – website hosting and analytics

Stripe – payment processing

Each third-party provider is bound by their own GDPR-compliant agreements and data security protocols.

7. Data Transfers Outside the EU/UK

Where personal data is transferred outside the UK or EEA (e.g., to US-based service providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adherence to relevant adequacy decisions.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined above or as required by law. Retention periods vary depending on the service type and client agreements. For more details, please refer to our Data Retention Policy.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

Right to access your data

Right to rectify inaccurate data

Right to erasure (“right to be forgotten”)

Right to restrict processing

Right to data portability

Right to object to processing

Right to lodge a complaint with a supervisory authority

To exercise any of these rights, please contact: support@syntrasolutions.tech

10. Data Security

We apply strong administrative, technical, and physical safeguards to protect your data. This includes encryption, secure storage, access controls, and regular security audits of our systems and suppliers.

11. Contact Us

If you have questions about this GDPR Statement or how your data is handled, contact:

1. CCPA Privacy Policy

Effective Date: [Insert Date]
Applies To: California residents (USA)
Company: Syntra AI Solutions Ltd
Contact: support@syntrasolutions.tech

Introduction

Under the California Consumer Privacy Act (CCPA), California residents have specific rights regarding their personal information. Syntra AI Solutions Ltd is committed to respecting your privacy and complying with the CCPA where applicable.

Categories of Personal Information Collected

We may collect the following categories of personal information:

Identifiers: Name, email address, IP address

Commercial information: Records of chatbot interactions or services purchased

Internet activity: Browsing data, chat session logs

Geolocation data: Based on IP or device usage

Inferences: Derived from chatbot conversations to improve personalization

How We Use Your Information

We use your personal information to:

Provide our chatbot services

Offer customer support

Improve our products through analytics

Facilitate payments

Comply with legal obligations

Your CCPA Rights

As a California resident, you have the right to:

Know what personal data we collect and how we use it

Request access to the personal information we hold about you

Request deletion of your personal information

Opt-out of the sale of your personal data (we do not sell personal data)

Non-discrimination for exercising your privacy rights

To exercise these rights, email support@syntraai.com with the subject "CCPA Request".

Do Not Sell My Personal Information

Syntra AI Solutions Ltd does not sell your personal data. If this ever changes, we will update this policy and provide a clear opt-out option.

Data Security and Retention

We implement strong security measures to protect your data and only retain personal information as long as necessary for business, legal, or contractual purposes. See our Data Retention Policy for more.

Contact Us

Questions about your CCPA rights?
📧 Email: support@syntrasolutions.tech
 

📂 2. Data Retention Policy

Effective Date: [Insert Date]
Company: Syntra AI Solutions Ltd
Contact: support@syntrasolutions.tech

Purpose

This policy outlines how long Syntra AI Solutions Ltd retains personal data collected via our chatbot services, websites, and customer interactions, in compliance with GDPR, UK data protection law, and applicable US regulations.

Retention Periods

Data Type

Retention Period

Justification

Chat logs / interactions

12 months

Improve services, support inquiries, audit logs

Customer account data (name, email)

Active subscription + 2 years

Legal compliance, audit, potential renewals

Payment records

7 years

Financial/tax regulations

Website analytics & cookies

6 months

Performance and marketing insights

Email communications

24 months

Support records, client history

Data Deletion

Data is securely deleted or anonymised after the retention period ends. Clients can request earlier deletion of personal data in line with GDPR and CCPA rights.

Exceptions

We may retain data beyond these periods if:

Required by law or litigation

Necessary for contractual enforcement or fraud prevention

Contact

To request deletion or inquire about retention:
📧 support@syntrasolutions.tech

🔒 3. Data Processing Agreement (DPA)

Effective Date: [Insert Date]
Between:

Client (“Data Controller”)

Syntra AI Solutions Ltd (“Data Processor”)

1. Subject Matter

This DPA governs the processing of personal data by Syntra AI Solutions Ltd on behalf of the Client, in accordance with Article 28 of the GDPR and other applicable data protection laws.

2. Nature and Purpose of Processing

Syntra AI processes data solely to provide chatbot services, including:

Capturing and handling customer queries

Analyzing user interactions

Storing communication logs

Integrating with third-party systems

3. Types of Personal Data Processed

Names, emails, and contact details

Chat content and session metadata

Booking or transactional details

IP addresses and device/browser info

Sensitive personal data is not intentionally processed unless agreed in writing.

4. Responsibilities

Data Controller (Client):

Determines the purpose and legal basis of data collection

Ensures users are informed and consent is obtained

Data Processor (Syntra AI Solutions Ltd):

Processes data only as instructed

Ensures confidentiality and security of data

Notifies the controller of any breach within 72 hours

Assists with subject access or erasure requests

5. Sub-Processors

Syntra AI may use approved sub-processors (e.g., Botpress, OpenAI, Stripe, Ionos). A current list is available upon request. Clients will be notified of any new sub-processors.

6. Security Measures

Syntra AI implements:

Data encryption in transit

Access controls and authentication

Secure hosting environments

Regular system updates and monitoring

7. International Transfers

If personal data is transferred outside the UK or EEA, Syntra AI will ensure appropriate safeguards (e.g., SCCs) are in place.

8. Duration and Termination

This DPA remains in effect while the Client uses Syntra AI services. Upon termination, all client data will be returned or securely deleted, unless otherwise required by law.

9. Governing Law

This DPA is governed by the laws of the Isle of Man and applicable data protection laws of the UK and EU.

AI Transparency & Regulation Policy Effective Date: [Insert Date]
Company: Syntra AI Solutions Ltd

1. AI Use Disclosure

Syntra AI Solutions Ltd uses AI technology including OpenAI's language models and Botpress for powering chatbot services. Customers will be clearly informed when they are interacting with AI, in compliance with the EU AI Act.

2. Intended Purpose

Our AI chatbots assist with:

Customer support

Bookings and FAQs

Form filling

E-commerce queries

They are not intended to:

Provide medical, legal, or financial advice

Make autonomous decisions without human oversight

3. Risk Management & Monitoring

Continuous human oversight for Pro Suite

Logs stored securely for auditability

Regular reviews of AI behavior and hallucination risks

4. Data Handling

Personal data is processed in accordance with GDPR, CCPA, and our Privacy Policy. All interactions are encrypted and stored within EU/UK-compliant infrastructure.

5. EU AI Act Compliance

Systems are classified as limited-risk AI

Transparent user notices are displayed

Human fallback and escalation paths are ensured

Liability Disclaimer Effective Date: [Insert Date]
Company: Syntra AI Solutions Ltd

Security & Data Protection Policies

Effective Date: 29th May 2025
Company: Syntra AI Solutions Ltd

Security Policy

Syntra AI Solutions Ltd is committed to maintaining the confidentiality, integrity, and availability of customer data. We implement industry-standard security measures to protect against unauthorized access, disclosure, alteration, and destruction of data processed through our AI chatbot services.

Key security measures include:

Use of encryption protocols (TLS/SSL) for data in transit and at rest

Secure data centers compliant with ISO 27001 or equivalent standards

Regular security audits and vulnerability assessments

Strict access controls and employee training on data security

Multi-factor authentication for administrative access

Continuous monitoring and incident detection systems

Customers are responsible for securing their own accounts and credentials and notifying Syntra AI Solutions Ltd immediately if any security breach is suspected.

Data Breach Notification Policy

In the event of a data breach involving customer data processed by Syntra AI Solutions Ltd, we will act promptly to:

Assess and contain the breach

Notify affected customers without undue delay and within the timeframes required by applicable laws (e.g., GDPR requires notification within 72 hours of awareness)

Provide details of the breach, its potential impact, and remedial actions taken

Cooperate with regulatory authorities as required

Customers should report suspected breaches to our designated Data Protection Officer at [dpo@syntrasolutions.tech] or [support@syntrasolutions.tech].

Subprocessor Disclosure

Syntra AI Solutions Ltd uses third-party subprocessors to deliver and maintain chatbot services, including:

Botpress (chatbot platform provider)

OpenAI (language model provider)

IONOS (website hosting and infrastructure)

All subprocessors are carefully selected and contractually bound to comply with applicable data protection regulations (e.g., GDPR, CCPA) and maintain adequate security measures. A current list of subprocessors is available upon request by contacting [support@syntraai.com].

Change Management & Versioning Policy

Syntra AI Solutions Ltd is committed to maintaining high-quality, reliable, and secure AI chatbot services through structured change management and version control processes.

Purpose:
To ensure that all changes to software, infrastructure, and chatbot configurations are planned, tested, documented, and communicated effectively to minimize disruption and maintain service integrity.

Scope

This policy applies to all updates, enhancements, bug fixes, security patches, and configuration changes across our chatbot services, platforms, and related systems.

Change Management Process

Change Request:
All changes must be formally requested through our internal change management system, detailing the nature, reason, and impact of the change.

Impact Assessment:
Each change undergoes a risk and impact assessment to evaluate potential effects on service availability, security, and user experience.

Approval:
Changes require approval from the designated Change Advisory Board (CAB) or authorized personnel based on risk level.

Testing:
Changes are thoroughly tested in a controlled environment before deployment to production to ensure stability and performance.

Communication:
Customers and relevant stakeholders are notified in advance about scheduled changes or maintenance windows that may affect service.

Implementation:
Approved changes are deployed following established protocols, with monitoring to detect and respond to any issues.

Documentation:
All changes, including rollbacks and incidents, are documented for auditing and continuous improvement.

Versioning

All software releases and chatbot configuration updates follow semantic versioning principles (e.g., MAJOR.MINOR.PATCH).

Version history is maintained and accessible internally to track updates, fixes, and enhancements.

Customers on the Pro Suite receive detailed version release notes and have options for scheduling upgrades to minimize impact.

Emergency Changes

In case of critical security vulnerabilities or urgent fixes, emergency changes may be implemented rapidly following a streamlined approval and testing process, with retrospective documentation.

Review & Audit

This policy and change logs are reviewed regularly to ensure compliance, effectiveness, and alignment with industry best practices.

Jurisdiction & Governing Law

These Terms and any disputes arising out of or in connection with them shall be governed by and construed in accordance with the laws of the Isle of Man, where Syntra AI Solutions Ltd is incorporated.

You agree that any legal action or proceeding arising out of or related to these Terms shall be brought exclusively in the courts of the Isle of Man, and you hereby submit to the exclusive jurisdiction of such courts.