Syntorium
Home Services Work About Blog Contact
Start a project
Home Services Work About Blog Contact
// privacy

Privacy policy.

This page explains what we collect when you visit syntorium.com or send us a brief, why we collect it, who we share it with, and how to exercise your rights.

Last updated: 6 May 2026 · Effective: 6 May 2026

1. Who we are

This site is operated by Syntorium FZ-LLC, a free-zone establishment registered at SPC Free Zone (Sharjah Publishing City), United Arab Emirates. For the purposes of applicable data-protection law (including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, the UK GDPR, and the EU GDPR where it applies), Syntorium FZ-LLC is the data controller of personal information collected through this website.

You can reach us at any time:

  • Email: hello@syntorium.com
  • Postal address: Syntorium FZ-LLC, SPC Free Zone, E311, Sheikh Mohammed Bin Zayed Rd, Al Zahia, Sharjah, United Arab Emirates
  • Phone: +971 52 820 0903

2. What we collect, and when

We try to collect the minimum we need to do our work. There are three places personal data enters our systems:

2.1 When you submit the contact form

The form on /contact asks for your name and work email (required), and optionally your company, the services you are interested in, your indicative budget, and a free-text message. When you submit it, we receive those fields plus the timestamp of submission.

2.2 When you email or call us directly

If you contact us through any of the channels above, we receive whatever information you choose to send (your name, contact details, the content of your message, any attachments). That correspondence is stored in our email and phone systems.

2.3 Server logs

When you load any page on this site, our hosting provider (Cloudflare) processes basic request metadata: your IP address, the user-agent string your browser advertises, the page you requested, and the timestamp. This is standard for any web server and is necessary to deliver the page, defend against abuse, and meet our security obligations. Logs are retained for a short period and then deleted; we do not link them to identified individuals.

2.4 What we do not collect

  • We do not use third-party advertising or analytics scripts on syntorium.com (no Google Analytics, no Meta Pixel, no PostHog, no Mixpanel).
  • We do not set first-party tracking cookies for analytics or marketing.
  • We do not buy contact lists, scrape personal data from social platforms, or enrich your details from third-party data brokers.

3. Why we use it (lawful basis)

  • To respond to your enquiry. When you submit a contact form or email us, we use the information you provided to reply, prepare a written estimate, schedule a call, and (if we go on to work together) negotiate and perform a contract. The lawful basis is performance of a contract or steps taken at your request prior to entering one.
  • To run and secure the website. We use server logs to deliver pages, detect abuse, mitigate attacks, and improve reliability. The lawful basis is our legitimate interest in operating a secure, functioning service.
  • To comply with law. We may retain or disclose information where we are legally required to do so (for example, in response to a valid legal request, or to comply with tax and accounting obligations once you become a client).

We do not use your data for marketing, profiling, or automated decision-making. We do not send unsolicited promotional emails.

4. Who we share it with

We share data only with the small set of service providers that help us operate the site and respond to enquiries. Each of these acts as our data processor under a written agreement, processes data only on our instructions, and applies appropriate security measures.

  • Cloudflare, Inc. — hosting, content delivery, and DDoS / WAF protection. Processes server logs and request metadata.
  • Our email provider — receives and stores email correspondence sent to and from hello@syntorium.com.
  • Our contact-form transport — when you submit the form, the contents are transmitted to our team inbox via a transactional email service. The form does not store data in any third-party database.
  • Professional advisors — accountants, auditors, and legal counsel where required to operate the business or comply with law.

We do not sell, rent, or trade personal data with third parties for their own purposes. We do not transfer data to advertising networks.

5. International transfers

We are based in the United Arab Emirates. Some of our service providers (e.g. Cloudflare, our email provider) operate globally and may process data on servers located in the EU, the UK, the US, or other jurisdictions. Where we transfer personal data outside the UAE, we rely on the safeguards permitted under applicable law — typically standard contractual clauses, adequacy decisions, or your explicit consent — to ensure your data remains protected to the same standard.

6. How long we keep it

  • Contact-form submissions and enquiry emails: retained for up to 24 months after our last interaction with you, then deleted, unless we are obliged to keep them for longer (for example, where they form part of a contract or legal record).
  • Client correspondence and contracts: retained for the duration of the engagement and for a period of up to 7 years after, in line with UAE accounting and tax record-keeping requirements.
  • Server logs: retained by Cloudflare in accordance with their default retention periods (typically a few days to a small number of weeks).

7. How we protect it

We apply reasonable and proportionate technical and organisational measures, including:

  • HTTPS on every page; HSTS where supported.
  • Access controls on the email and storage systems where enquiries land — accounts are protected with strong passwords and multi-factor authentication.
  • Principle-of-least-privilege access; only team members who need the data to do their work can access it.
  • Regular dependency updates and security patching of our infrastructure.
  • Vendor due diligence — we choose processors that publish credible security practices and offer data-processing agreements.

No system can be guaranteed perfectly secure. If we ever become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant authority and, where required, you, in accordance with applicable law.

8. Your rights

Depending on where you are located, you have some or all of the following rights in relation to the personal data we hold about you:

  • Access — ask for a copy of the data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Deletion — ask us to delete your data, subject to legal-retention obligations.
  • Restriction — ask us to limit the way we use your data.
  • Portability — receive a copy of your data in a structured, machine-readable format.
  • Objection — object to processing carried out on the basis of legitimate interest.
  • Withdraw consent — where we rely on your consent, withdraw it at any time.
  • Lodge a complaint — with the UAE Data Office or, if you are in the EU / UK, with your local supervisory authority.

To exercise any of these rights, email hello@syntorium.com with the subject line "Data request". We will respond within 30 days. We may need to verify your identity before acting on a request.

9. Children

This site and our services are not directed at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it.

10. Cookies

syntorium.com is a static marketing site. It does not set first-party cookies for analytics, advertising, or personalisation. Our hosting provider (Cloudflare) may set a small number of strictly-necessary cookies for security and abuse-mitigation purposes (for example, to identify and block automated traffic). These cookies do not track individuals across sites and are exempt from consent requirements under most cookie regimes. If we add other categories of cookies in the future, we will add a consent banner before they are set.

11. Third-party links

This site links out to other websites — our portfolio clients' sites, technologies we use, social profiles, and so on. Once you click an external link, you are subject to that site's own privacy policy, which we do not control.

12. Changes to this policy

We update this policy when our practices change or when the law requires us to. The "Last updated" date at the top of this page reflects the most recent revision. Significant changes will also be announced on the homepage or by email to active clients.

13. Contact us

Questions, requests, or concerns? Email hello@syntorium.com with the subject line "Privacy" and we will respond within five working days.

Software, marketing, and the infrastructure under both.
Designed, shipped, and operated by one team.

Founded
2019 · Dubai
Currently working with
11 retained clients
Hours
Sun–Thu · 09:00–18:00 GST

Syntorium

Production-grade software, marketing, and digital infrastructure for serious teams.

Available · Now
Services
  • Backend platforms & ERPs
  • Web app development
  • Mobile & desktop apps
  • API & integrations
  • WhatsApp Business
  • E-commerce
  • Cloud / DevOps
  • AI & automation
  • WordPress development
  • Digital marketing
Company
  • About
  • Case studies
  • Journal
  • Contact
  • Careers
Office
  • SPC Free Zone, E311
  • Sheikh Mohammed Bin Zayed Rd
  • Al Zahia, Sharjah · UAE
  • +971 52 820 0903
  • hello@syntorium.com
© 2026 Syntorium FZ-LLC · Registered in UAE
Privacy Terms Security
SYNTORIUM