Section 02

Privacy Notice

Compliant with GDPR (EU), CCPA/CPRA (California), and applicable U.S. federal law

Last updated: March 21, 2026

1. Data Controller

Sinex LLC is the data controller for personal information collected through our services.

Contact: privacy@synex.technology
Registered address: 30 N Gould St Ste R Sheridan, WY 82801
Principal place of business: 390 NE 191st St STE 19494, 33179, Miami, FL

EU/UK users: if you require a local representative, contact us at the email above and we will provide the applicable contact details.

2. Information We Collect

2.1. Information you provide directly

  • Account registration: name, email address, username, and password.
  • Payment information: processed exclusively by Stripe. We do not store full card numbers or CVV codes.
  • Newsletter subscription: email address and communication preferences.
  • Contact form: name, email, and message content.

2.2. Information collected automatically

  • Usage data: pages visited, features used, session duration, and referring URLs.
  • Device and browser data: IP address, browser type, operating system, and device identifiers.
  • Analytics data: collected via Google Analytics and/or Mixpanel (see Cookie Policy, Section 03).

2.3. Information from third parties

  • Payment status, transaction identifiers, and risk signals from Stripe and dLocal.
  • dLocal may share additional data points related to local payment method verification (e.g., national ID format validation for certain LatAm markets), strictly for fraud prevention purposes.

We do not purchase or acquire personal data from data brokers.

3. How We Use Your Information

  • To create and manage your account.
  • To process payments and deliver purchased services.
  • To send transactional emails (receipts, password resets, account alerts).
  • To send marketing communications, newsletters, and product updates (with your consent).
  • To analyze usage patterns and improve our services.
  • To detect, prevent, and respond to fraud, abuse, and security incidents.
  • To comply with applicable legal obligations.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b)): account management, payment processing, service delivery.
  • Legitimate interests (Art. 6(1)(f)): fraud prevention, security, and service improvement.
  • Consent (Art. 6(1)(a)): marketing emails, newsletter subscription, and non-essential cookies.
  • Legal obligation (Art. 6(1)(c)): tax records, legal compliance.

5. Data Retention

  • Account data: retained for the duration of the account and for 3 years after deletion, for legal compliance purposes.
  • Payment records: retained for 7 years in accordance with U.S. tax law requirements.
  • Analytics data: retained per the default settings of Google Analytics (14 months) and/or Mixpanel (up to 36 months).
  • Marketing data: retained until you unsubscribe or request deletion.

6. Data Sharing and Transfers

We do not sell your personal information. We share data only with:

  • Stripe, Inc. — payment processing. Data processed under Stripe’s Privacy Policy.
  • Google LLC — analytics (Google Analytics). Data may be transferred to the U.S. under Standard Contractual Clauses (SCCs).
  • Mixpanel, Inc. — product analytics. Subject to Mixpanel’s Privacy Policy and SCCs.
  • Legal authorities — when required by law, court order, or to protect our rights.

Where transfers of EU/UK personal data occur outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions as the legal transfer mechanism.

7. Your Rights

7.1. Rights for all users

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion: request erasure of your personal data, subject to legal retention obligations.
  • Objection: object to processing based on legitimate interests.
  • Portability: receive your data in a structured, machine-readable format.
  • Withdraw consent: at any time, for processing based on consent.

7.2. Additional rights for California residents (CCPA/CPRA)

California residents have the following additional rights:

  • Right to know: the categories and specific pieces of personal information collected, used, disclosed, or sold.
  • Right to opt out of sale or sharing: we do not sell personal information. We do not share personal information for cross-context behavioral advertising.
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination: we will not discriminate against you for exercising your CCPA/CPRA rights.

To submit a California privacy request, email privacy@synex.technology with subject “California Privacy Request.” We will respond within 45 days.

7.3. How to exercise your rights

Submit requests to privacy@synex.technology. We will respond within 30 days (GDPR) or 45 days (CCPA/CPRA). We may ask you to verify your identity before processing the request.

EU/UK users who are unsatisfied with our response may lodge a complaint with their local data protection authority (e.g., the relevant EU supervisory authority or the UK ICO at www.ico.org.uk).

8. Children’s Privacy

Our services are not directed to children under 13 years of age (or under 16 for users in the EEA). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will delete it promptly. Parents or guardians who believe their child has provided us with personal data should contact us immediately.

9. Security

We implement industry-standard technical and organizational measures to protect your personal data, including encryption in transit (TLS), access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. CAN-SPAM Compliance

All marketing emails sent by the Company comply with the CAN-SPAM Act. Each marketing email includes:

  • A clear identification of the message as a commercial communication.
  • Our valid physical mailing address.
  • A clear and conspicuous unsubscribe mechanism.

We will honor unsubscribe requests within 10 business days. To opt out of marketing emails, click the “Unsubscribe” link in any email or contact us at the address below.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes via email at least 14 days before the changes take effect. The date of the last update is indicated at the bottom of this document.

12. Contact

Privacy inquiries: privacy@synex.technology
Sinex LLC — Registered address: 30 N Gould St Ste R Sheridan, WY 82801
Principal place of business: 390 NE 191st St STE 19494, 33179, Miami, FL

Last updated: March 21, 2026 — Sinex LLC — www.synex.technology