Privacy Policy
Synkra takes privacy seriously. This policy explains what personal data we collect, why, how long we keep it and who we share it with. It is written under the EU General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).
1. Data controller
- Controller: [REGISTERED COMPANY NAME], S.L.
- Tax ID: [CIF]
- Address: [FISCAL ADDRESS]
- Privacy contact email: [PRIVACY EMAIL]
2. What data we collect
We only collect data we actually need to run the site:
- Contact form: your email address.
- Technical data: IP address, user-agent, selected locale and submission timestamp. Used to prevent form abuse (rate-limit) and for diagnostics.
- Admin panel access (authorized staff only): email and minimal session data managed by Supabase Auth.
- Browser preferences: dark/light theme and locale, stored locally on your device.
We do not collect special-category data (health, ideology, etc.), use advertising cookies or perform profiling.
3. Processing purposes
- Reply to enquiries submitted via the form.
- Maintain service security and integrity.
- Manage authorized staff access to the internal admin panel.
4. Legal basis
- Explicit consent (Art. 6(1)(a) GDPR) and/or pre-contractual measures at the data subject's request (Art. 6(1)(b)), when submitting the form.
- Legitimate interest (Art. 6(1)(f)) to prevent fraud and maintain site security.
5. Data retention
- Form enquiries: up to 24 months from the last contact. Deleted afterwards unless a legal retention obligation or active commercial relationship applies.
- Rate-limit technical data: up to 60 minutes in Redis. Automatically deleted afterwards.
- Admin sessions: while the session is active.
6. Data processors
We rely on the following processors who act on our instructions with equivalent GDPR-grade safeguards:
| Provider | Purpose | Location |
|---|---|---|
| Resend, Inc. | Send notification email on new lead. | USA (SCCs) |
| Supabase, Inc. | Lead database and admin authentication. | EU / USA (SCCs) |
| Upstash, Inc. | Distributed cache for rate-limit. | USA (SCCs) |
| Vercel, Inc. | Hosting and content delivery. | EU / USA (SCCs) |
International transfers to the USA rely on the European Commission's Standard Contractual Clauses (SCCs).
7. Your rights
As a data subject you can exercise the following rights at any time by emailing [PRIVACY EMAIL] with subject "Privacy":
- Access your personal data.
- Rectify inaccurate data.
- Erase (right to be forgotten).
- Object to processing.
- Restrict processing.
- Data portability.
- Withdraw consent at any time.
We respond within one month. If you believe processing does not comply with the law, you can lodge a complaint with the Spanish Data Protection Agency (aepd.es).
8. Security measures
We apply appropriate technical and organizational measures: encryption in transit (HTTPS/TLS), admin access via magic-link authentication, anti-abuse rate-limiting, input sanitization and database role separation (RLS) so data is not readable client-side.
9. Changes to this policy
We may update this policy to reflect legal or service changes. Updates will be published here with a refreshed "Last updated" date. Substantial changes will be communicated where appropriate.
← Back to home