Privacy Policy

Our Commitment to Security & Privacy

Security and privacy are our top priorities. Synavistra is built on a zero-tracking, security-first architecture. We do not collect analytics data, tracking pixels, or persistent identifiers. We use secure HttpOnly cookies for authentication and encrypt all data in transit and at rest. Your data is your own.

1. Data Collection

Synavistra collects only the minimum data necessary to operate our Partnership and Learning Platform:

• Account Information: Email address and name (for account creation and communication)
• Course Data: Content you create, student enrollments, and opt-in learning progress
• Payment Information: Payment method details processed via secure third-party providers (not stored by us)
• Technical Logs: Server logs containing IP addresses and request timestamps (retained for 30 days)

What we do NOT collect:

• Analytics or behavioral tracking
• Tracking cookies or persistent identifiers
• Third-party data from social networks
• Geolocation data
• Device fingerprinting

2. GDPR Compliance

Synavistra operates in full compliance with the General Data Protection Regulation (GDPR). As a data controller, we:

• Process only data you provide or authorize
• Maintain data processing agreements with all sub-processors
• Implement appropriate technical and organizational safeguards
• Honor data subject rights (access, rectification, erasure, portability)
• Maintain records of all processing activities

3. Data Storage & Location

All personal data is stored on Cloudflare infrastructure with primary location hints set to Western Europe (weur), ensuring compliance with EU data residency requirements. Data is encrypted both in transit (TLS 1.3) and at rest.

4. Third-Party Services

Synavistra uses the following third-party services:

• Cloudflare: Infrastructure provider (Workers, D1, KV, R2) - Privacy Policy
• Payment Processors: Stripe or similar PCI-DSS compliant providers - payment data not stored by Synavistra
• Email Delivery: Transactional email services for account notifications only

All third-party processors are bound by data processing agreements ensuring GDPR compliance.

5. Your Rights

Under GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right of Rectification: Correct inaccurate data
• Right of Erasure: Delete your data (subject to legal obligations)
• Right of Data Portability: Export your data in a standard format
• Right to Object: Object to processing of your data

To exercise these rights, contact us at privacy@synavistra.ai.

6. Data Retention

We retain personal data only as long as necessary:

• Account Data: Retained for the lifetime of your account
• Technical Logs: Retained for 30 days
• Course Content: Retained until you delete your account or course
• Payment Records: Retained for 7 years (Austrian accounting requirements)

7. Security

Synavistra implements industry-standard security measures:

• HTTPS/TLS 1.3 encryption for all data in transit
• Encryption at rest for sensitive data
• Regular security audits and penetration testing
• Secure password requirements and multi-factor authentication support
• Access controls and role-based permissions

8. Cookies & Tracking

Synavistra does not use tracking cookies, analytics cookies, or third-party cookies. Our public marketing website is fully functional without any cookies. When you sign in to the portal, we use a single secure HttpOnly session cookie to maintain your authenticated session. This cookie contains no tracking data, expires when you close your browser or after 24 hours, and is never shared with third parties.

Under GDPR Article 6(1)(b), session cookies are classified as 'strictly necessary' for providing the service you requested (authenticated access). No consent is required for strictly necessary cookies.

9. Contact & Data Protection Officer

For privacy-related inquiries or to exercise your rights:

• Email: privacy@synavistra.ai
• Company: Synavistra GmbH, Feldkirch, Vorarlberg, Austria