Privacy Policy

Effective Date: April 1, 2025

Scope of this Privacy Policy

This Privacy Policy governs and explains how we collect and process your personal information when you (“you” or “User”) use our website at syntopia.ai (“Site”), services and products accessible through the Site (“Services”), and the associated web-based software provided by Syntopia (“Software”). The Site, the Services, and the Software are jointly referred to in this Privacy Policy as the “Platform”.
If you are a purchaser of our Services, you are a “Customer”. If you are authorized by a Customer to use our Services, or if you are simply visiting our Site, you are an “Authorized User”.
This Privacy Policy explains how we handle personal information submitted to us or that we collect through your use of the Platform. This includes Customer Data, and Other Information, which are both defined below.

Who We Are

Syntopia is owned and operated by Hifetch Ltd, a private limited company registered in England and Wales with company number 12601968. Our registered address is:
Hifetch Ltd (trading as Syntopia)
76 Portland Grove
London SW8 1JH
United Kingdom
We act as the controller of your personal data processed in connection with this Privacy Policy.
If you have any questions or concerns regarding this Privacy Policy or how we use your data, you may contact us at:
Email: [email protected]

Data Protection Officer: [email protected]

Identifying the Data Controller and Data Processor

Certain privacy laws distinguish between a “controller” and a “processor” of personal data:

A controller determines the purposes and means of processing personal data.
A processor acts on behalf of the controller in processing that data.

In general:

The Customer is the controller of Customer Data.
Syntopia is the processor of Customer Data and the controller of Other Information (defined below).

Definitions

For the purpose of this Privacy Policy:

“Personal data” means any information that identifies or could reasonably be used to identify an individual (data subject).
“Processing” means any action performed on personal data, whether automated or manual, such as collection, use, disclosure, transfer, or deletion.
“Customer Data” is data submitted to the Platform by or on behalf of a Customer or Authorized User while using the Services.
“Other Information” refers to any data Syntopia collects, generates, or receives that is not Customer Data (outlined in Section 5 below).

Personal Data We Collect and Process

Syntopia collects and receives both Customer Data and Other Information through your use of the Platform and your interactions with us.

Customer Data

Customers or their Authorized Users submit Customer Data to the Platform when using the Services. This can include, but is not limited to:

Uploaded content (e.g. text, images, video, audio)

Scripts, prompts, and project files

Metadata associated with video projects

User-generated edits, interactions, or annotations

We process Customer Data strictly on behalf of the Customer and according to our contractual agreement.

Other Information

Syntopia also collects and processes the following categories of personal data, collectively referred to as “Other Information”:

Contact Information

When you contact us, create an account, or otherwise communicate with us, we may process:
Full name

Email address

Phone number

Employer and job title (if provided)

Financial Data

When purchasing Services, we collect and process:

Billing contact details

Amount paid, refunded, or credited

Transaction dates

Payment method (processed securely via third-party providers)

Syntopia does not store full payment card numbers or bank account information. All payment processing is handled by certified third-party payment processors.

Account Information

When creating an account or using the Platform, we may process:

First and last name

Email address

Profile settings, time zone, and preferences

Session history and access logs

Usage Information

We automatically collect information about how you interact with the Platform, including:

Pages viewed, features used

Click paths and usage patterns

Time spent on specific activities

Preferences and performance behavior

Account activity timestamps

Technical Data

Collected automatically through server logs and analytical tools:
IP address

Device type and identifiers

Browser version and settings

Operating system

Referring URLs

Language and locale

Geographic region (approximate, derived from IP address)

Support and Communication

If you contact our support team, participate in feedback surveys, or respond to product research:
The content of your messages and feedback

Contact method and follow-up

Support tickets or transcripts

Cookies and Tracking Technologies

We use cookies and similar technologies to:
Maintain session state

Authenticate users

Store preferences

Analyze traffic and usage

Measure performance and user experience

Purposes and Legal Bases for the Processing of Personal Data

Syntopia processes your personal data in accordance with applicable data protection laws, including the UK GDPR, EU GDPR, and other relevant regulations. The legal basis for processing your data depends on the nature of your relationship with us, the type of data being processed, and the context in which it was collected. We generally rely on the following lawful bases to process personal data:

Performance of a Contract

We process personal data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This applies when you (as a Customer or Authorized User) use our Platform, create or manage an account, or engage with any paid services.
Under this legal basis, we process your data to:
Provide and maintain access to the Platform;

Enable functionality and configuration of your account;

Deliver the services you have subscribed to or licensed;

Support and troubleshoot technical issues;

Manage billing and transactions;

Communicate operationally about your account and service.

The categories of personal data processed may include:
Contact information;

Account information;

Financial data;

Usage data;

Technical data.

Legitimate Interests

We may process personal data when it is necessary for the purposes of our legitimate interests or those of a third party, provided these interests are not overridden by your fundamental rights or freedoms. Our legitimate interests include:
Understanding how users interact with the Platform in order to improve it;

Ensuring the security and integrity of our systems;

Communicating important information, such as product updates or system notices;

Protecting our intellectual property, preventing fraud, and maintaining platform integrity;

Promoting and growing our business through responsible marketing.

We may also process data to enforce our rights under any agreement entered into with you, or to defend ourselves in case of a legal dispute.
Data processed on the basis of legitimate interest may include:
Technical and usage data;

Account identifiers;

Interaction history;

Communication logs.

You have the right to object to any processing that relies on this legal basis (see your rights in Part 5).

Legal Obligation

We may process your personal data where necessary to comply with a legal obligation to which we are subject, such as:
Tax, accounting, and financial reporting requirements;

Responding to lawful requests from public authorities and regulators;

Complying with applicable data protection and consumer protection legislation;

Investigating illegal activities or misuse of the Platform.

In these cases, we may retain certain records even after your account is closed to fulfill compliance or audit obligations.

Consent

In some situations, we process personal data based on your freely given, specific, informed, and unambiguous consent. This typically applies in cases where:
You opt in to receive marketing communications;

You participate in beta features or research initiatives;

You submit certain types of feedback, surveys, or optional forms;

Your biometric or sensitive data (if applicable) is processed, and explicit consent is required.

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Examples of Why and How We Process Your Personal Data

Below are specific examples of how Syntopia uses personal data, categorized by purpose:

Purpose	Categories of Data Processed	Legal Basis
Creating and managing accounts	Contact information, Account information, Technical data	Performance of contract
Delivering and maintaining services	Usage data, Account configuration, Preferences	Performance of contract
Providing customer support	Account info, Usage data, Communications	Performance of contract
Processing transactions	Contact info, Financial data, Transaction metadata	Performance of contract / Legal obligation
Securing the Platform	IP address, Device ID, Browser data, Session activity	Legitimate interest
Analyzing usage to improve features	Usage patterns, Interaction metrics, Session behavior	Legitimate interest
Complying with law	Billing records, IP logs, Legal communication history	Legal obligation
Marketing communications	Contact info, User role, Preferences	Consent / Legitimate interest

Marketing Communications and Preferences

Where permitted by law or where you have provided your consent, we may contact you with promotional materials related to Syntopia’s services. This includes:

Product announcements and improvements;
Exclusive offers or limited-time campaigns;
Invitations to webinars, events, or workshops;
Customer case studies or success stories.

You can manage your preferences or opt out of marketing emails at any time by:

Clicking the “unsubscribe” link in our email footer;
Contacting us directly at: [email protected] note that even if you opt out of marketing emails, we may still send you non-promotional messages regarding your account or important operational notices.

Cookies and Analytics

As detailed in our separate Cookie Policy, we use cookies and other technologies to:
Maintain login sessions;

Measure engagement and product performance;
Understand how users navigate the site;
Personalize content delivery and onboarding.
Some cookies are essential for the operation of the Platform. Others, including analytics cookies, require consent, which can be managed through your browser settings or via consent banners on our website.

Sharing and Disclosure of Personal Data

We treat personal data with a high level of confidentiality and care. However, there are certain circumstances in which we may share or disclose your personal information with third parties in order to provide our Services effectively, meet legal obligations, or protect our legitimate business interests.

Sharing with Our Service Providers (Sub-processors)

We may share your personal data with trusted third-party service providers who act on our behalf to deliver specific components of the Platform. These providers perform functions such as infrastructure hosting, cloud computing, payment processing, data analytics, customer support tools, security and monitoring, and communication systems. These entities are bound by strict confidentiality agreements and data processing contracts and are only permitted to process personal data in accordance with our instructions and applicable laws. A current list of our sub-processors may be made available upon request. Examples include (but are not limited to):

Cloud infrastructure providers (e.g. AWS, Google Cloud)
Email service providers
Customer relationship management (CRM) platforms
Secure payment processors
Log analytics and performance monitoring tools We conduct due diligence on each vendor, including security and privacy evaluations, to ensure that they maintain appropriate technical and organizational measures.

Sharing with Our Affiliates

We may share personal data with subsidiaries or affiliated entities under common ownership or control. This sharing is subject to the same privacy commitments outlined in this policy. For example, such sharing may be necessary for centralized customer support, platform development, marketing coordination, or internal reporting purposes.

Sharing with Authorities or for Legal Reasons

We may disclose your information if we believe in good faith that such action is necessary to:

Comply with a legal obligation, such as a subpoena, court order, or lawful request from public authorities;
Protect and defend our rights, property, or safety, or that of our users or the public;
Prevent or investigate possible wrongdoing in connection with the Platform;
Detect or prevent fraud, security, or technical issues;
Enforce our Terms of Service or other agreements.

Such disclosures are made only to the extent required or permitted by applicable law.

Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or bankruptcy, we may transfer personal data as part of that transaction. We will ensure that the recipient agrees to protect your personal data in a manner consistent with this Privacy Policy. You will be notified via email and/or a prominent notice on our website if such a transfer occurs, along with any material changes to the policy that may affect your rights.

Other Authorized Disclosures

With your explicit consent, we may disclose your personal data for any other purpose that is not otherwise covered by this policy. For example, we may publish your name and testimonial on our website only after obtaining your permission.

International Data Transfers

Syntopia is based in the United Kingdom but operates globally. This means your personal data may be transferred to, and processed in, countries outside of your jurisdiction, including locations where data protection laws may differ or offer less protection than those in your country.
When we transfer personal data internationally, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable privacy laws. These safeguards include:

Adequacy Decisions: If the recipient country has been deemed by the UK or European Commission to provide an adequate level of data protection, your personal data may be transferred on that basis.
Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions, we rely on SCCs approved by relevant authorities to ensure that your data is subject to equivalent protection.
Supplementary Measures: Where required, we may implement additional security and legal measures to further protect your information.
If you would like more information about international transfers or copies of SCCs in use, please contact us at: [email protected].

Retention of Personal Data

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with applicable legal, regulatory, tax, accounting, or reporting requirements.
The retention period for different types of data may vary depending on:

The nature of the data;
The reason it was collected;
Our legal obligations;
The existence of any disputes or enforcement needs.
In general:
Customer Data is retained for the duration of the Customer’s subscription and deleted or anonymized upon termination or at the Customer’s request (subject to applicable laws).
Account information is retained for the life of the account and deleted shortly after the account is closed, unless we are required to retain it longer.
Communication data (e.g. support tickets, emails) is retained for the time necessary to manage the relationship and to defend against legal claims.
Financial and billing records may be retained for up to seven (7) years, or longer if required by law.
We may also anonymize certain data for analytical or statistical purposes. Once anonymized, the data is no longer considered personal and may be retained indefinitely.

Data Security

We are committed to protecting your personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Syntopia employs a combination of technical, organizational, and administrative measures to secure data across the Platform.
Our security framework includes:

Data encryption in transit and at rest;
Secure cloud infrastructure with access controls;
Firewall protections and intrusion detection systems;
Multi-factor authentication for internal systems;
Access controls based on role and need-to-know principles;
Regular system updates and security patching;
Annual third-party penetration testing and internal risk assessments;
Ongoing employee security awareness training.
Despite our best efforts, no system is completely immune from security threats. If you suspect any misuse or unauthorized access to your data or account, please notify us immediately at [email protected] so that we can investigate and take appropriate action.

Your Data Protection Rights

Depending on your location and applicable privacy laws (such as the UK GDPR, EU GDPR, or other local legislation), you may have the following rights with respect to your personal data:

Right to Access

You have the right to request access to your personal data and to receive a copy of the information we hold about you, along with related processing details.

Right to Rectification

You may request that we correct or complete inaccurate or incomplete personal data held about you.

Right to Erasure ("Right to be Forgotten")

You may ask us to delete your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent (where applicable).

Right to Restrict Processing

You may request that we temporarily suspend the processing of your personal data, for example, if you contest the accuracy of the data or object to its use.

Right to Data Portability

You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible.

Right to Object

You may object to the processing of your personal data where we rely on legitimate interests as the legal basis. If we process your data for direct marketing purposes, you have an absolute right to object.

Right to Withdraw Consent

Where we rely on your consent to process your data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing (including profiling) that produces legal or similarly significant effects on you, unless such processing is necessary for entering into or performing a contract, is authorized by law, or you have given explicit consent.
To exercise any of these rights, please contact us at [email protected] or via your account settings (where applicable). We may need to verify your identity before fulfilling your request. We aim to respond within one calendar month, but we may extend this period if your request is particularly complex.

Children’s Privacy

Syntopia’s Platform is not directed to or intended for use by children under the age of 16. We do not knowingly collect or solicit personal data from anyone under the age of 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information promptly. If you are a parent or legal guardian and believe that your child has provided personal data to us without your consent, please contact us immediately at [email protected].

Accuracy and Updates to Personal Data

We rely on you to provide accurate and complete personal data. If you believe that any of the information we hold about you is incorrect, outdated, or incomplete, please contact us so that we can correct or update it. If you maintain a user account on the Platform, you can view and update your information directly by logging into your account. For any other changes, or if your account has been deactivated, please reach out to our support team.

How to Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, you may contact us using the details below:
Hifetch Ltd (trading as Syntopia)
76 Portland Grove
London SW8 1JH
United Kingdom
📧 Email: [email protected]
🔐 Data Protection Officer: [email protected]
We recommend contacting our Data Protection Officer for all data protection-related inquiries or complaints.

Supervisory Authority and Complaints

If you are located in the United Kingdom or the European Union, you have the right to lodge a complaint with your local data protection authority if you believe that our processing of your personal data infringes applicable data protection laws.
In the UK, the relevant authority is:

Information Commissioner’s Office (ICO)

Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
📞 Telephone: 0303 123 1113
🌐 Website: https://ico.org.uk
You are encouraged to contact us first so we can attempt to resolve your concern before escalating to a supervisory authority.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to legal, technical, or business developments. When we make changes, we will:

Update the “Effective Date” at the top of this document;
Post the revised policy to https://syntopia.ai/privacy-policy;
Notify you by email or through the Platform, where required or appropriate.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Continued use of the Platform after an updated Privacy Policy becomes effective constitutes your agreement to the revised policy.

Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of England and Wales, without regard to conflict of laws principles.
Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in England and Wales, unless you are a resident of another jurisdiction entitled to alternative protection under local law.

Final Remarks

We are committed to being transparent about our data practices and upholding your rights. Your trust is important to us, and we are dedicated to safeguarding your personal data in line with the highest standards.

Thank you for choosing Syntopia.

Strategy and Planning