This Privacy Policy explains how Synapse Group Corporation (“Syndeca,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards personal information in connection with our software-as-a-service platform and related websites (collectively, the “Services”). This Policy is designed to comply with applicable global privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and other similar data protection laws.
1. Who We Are
Synapse Group Corporation is a California-based technology company that provides tools for creating, managing, and publishing shoppable digital content, including shoppable images, lookbooks, digital catalogs, and similar visual commerce experiences.
Our Services are typically embedded on our customers’ own e-commerce websites or digital properties.
Contact: - Email: hello@syndeca.com
2. Our Role: Controller vs. Processor
Syndeca primarily operates as a data processor on behalf of its business customers.
For limited data related to our own website visitors, prospects, and account administrators, Syndeca acts as an independent data controller.
Syndeca does not provide consumer-facing user profiles and does not independently determine the purposes or means of processing end-user personal data. Content published using Syndeca may be publicly accessible on a customer’s own website or digital property, subject to the customer’s configuration and access controls.
3. Information We Collect
3.1 Information Collected from Business Users
When you create an account or interact with Syndeca directly, we may collect: - Name, business email address, company name - Account credentials - Billing and contract-related information - Communications and support inquiries
Syndeca supports enterprise authentication mechanisms, including single sign-on (SSO) integrations (such as Okta or Microsoft Entra ID). When SSO is enabled by a customer, Syndeca receives limited authentication identifiers from the identity provider solely for the purpose of verifying access.
3.2 Information Collected Automatically
We may collect limited technical data such as: - IP address - Device type, browser type, operating system - Log files and usage metadata
This data is used for security, performance monitoring, and service improvement.
3.3 End-User Data (Customer-Controlled)
When Syndeca content is embedded on a customer’s website: - Syndeca does not independently collect personal data about the customer’s consumers - Any analytics, cookies, or tracking technologies are implemented at the customer’s discretion - Syndeca may process aggregated or event-based interaction data (e.g., impressions, clicks) without direct identifiers
Customers are responsible for providing appropriate notices and obtaining consent from their end users.
4. Cookies and Tracking Technologies
4.1 Syndeca Websites
Syndeca uses only essential and analytics cookies on its own websites for: - Authentication and account access - Platform security and fraud prevention - Analytics and performance monitoring
Syndeca does not use advertising cookies or tracking technologies for personalized advertising.
4.2 Embedded Content
Syndeca does not set advertising cookies, tracking pixels, or personalization technologies within embedded experiences.
Content published using Syndeca is rendered within or alongside a customer’s own website or digital property. Any cookies, analytics tools, or tracking technologies present in that context are implemented and controlled by the customer or their selected third-party providers.
Syndeca may process aggregated, non-identifiable interaction data (such as impressions or clicks) solely to operate and improve the Services.
5. Legal Bases for Processing (GDPR)
Where applicable, Syndeca relies on the following legal bases: - Contractual necessity - Legitimate interests (security, service improvement) - Consent (where required) - Legal obligations
6. How We Use Information
We use personal information to: - Provide and operate the Services - Authenticate users and manage accounts - Provide customer support - Improve and secure our platform - Comply with legal and regulatory obligations
7. Data Sharing and Subprocessors
We may share personal data with trusted subprocessors who assist in operating our Services, such as: - Cloud infrastructure providers - Analytics and monitoring tools - Customer support and communication platforms
All subprocessors are bound by contractual data protection obligations consistent with applicable law.
Syndeca does not sell personal information.
8. International Data Transfers
Syndeca may transfer personal data outside of the country where it was collected. Where required, such transfers are protected by: - Standard Contractual Clauses (SCCs) - Adequacy decisions - Other lawful transfer mechanisms
9. Data Retention
We retain personal data only for as long as necessary to: - Provide the Services - Meet contractual and legal requirements - Resolve disputes and enforce agreements
Aggregated or anonymized data may be retained for analytics and benchmarking purposes.
10. Security Measures
We implement appropriate technical and organizational safeguards designed to protect personal data, including: - Access controls - Encryption in transit and at rest (where applicable) - Ongoing security monitoring
11. Your Privacy Rights
Depending on your jurisdiction, you may have rights to: - Access and receive a copy of your personal data - Correct inaccurate data - Request deletion - Object to or restrict processing - Data portability
California Residents (CCPA/CPRA)
California residents have the right to: - Know what personal information is collected - Request deletion of personal information - Opt out of sale or sharing (Syndeca does not sell personal data) - Non-discrimination for exercising privacy rights
Requests may be submitted to hello@syndeca.com.
12. Children’s Privacy
The Services are not directed to children under 16, and we do not knowingly collect personal data from children.
13. Updates to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on our website with an updated effective date.
14. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact:
hello@syndeca.com