Privacy policy.
This page explains what we collect when you visit syntorium.com or send us a brief, why we collect it, who we share it with, and how to exercise your rights.
1. Who we are
This site is operated by Syntorium FZ-LLC, a free-zone establishment registered at SPC Free Zone (Sharjah Publishing City), United Arab Emirates. For the purposes of applicable data-protection law (including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, the UK GDPR, and the EU GDPR where it applies), Syntorium FZ-LLC is the data controller of personal information collected through this website.
You can reach us at any time:
- Email: hello@syntorium.com
- Postal address: Syntorium FZ-LLC, SPC Free Zone, E311, Sheikh Mohammed Bin Zayed Rd, Al Zahia, Sharjah, United Arab Emirates
- Phone: +971 52 820 0903
2. What we collect, and when
We try to collect the minimum we need to do our work. There are three places personal data enters our systems:
2.1 When you submit the contact form
The form on /contact asks for your name and work email (required), and optionally your company, the services you are interested in, your indicative budget, and a free-text message. When you submit it, we receive those fields plus the timestamp of submission.
2.2 When you email or call us directly
If you contact us through any of the channels above, we receive whatever information you choose to send (your name, contact details, the content of your message, any attachments). That correspondence is stored in our email and phone systems.
2.3 Server logs
When you load any page on this site, our hosting provider (Cloudflare) processes basic request metadata: your IP address, the user-agent string your browser advertises, the page you requested, and the timestamp. This is standard for any web server and is necessary to deliver the page, defend against abuse, and meet our security obligations. Logs are retained for a short period and then deleted; we do not link them to identified individuals.
2.4 What we do not collect
- We do not use third-party advertising or analytics scripts on syntorium.com (no Google Analytics, no Meta Pixel, no PostHog, no Mixpanel).
- We do not set first-party tracking cookies for analytics or marketing.
- We do not buy contact lists, scrape personal data from social platforms, or enrich your details from third-party data brokers.
3. Why we use it (lawful basis)
- To respond to your enquiry. When you submit a contact form or email us, we use the information you provided to reply, prepare a written estimate, schedule a call, and (if we go on to work together) negotiate and perform a contract. The lawful basis is performance of a contract or steps taken at your request prior to entering one.
- To run and secure the website. We use server logs to deliver pages, detect abuse, mitigate attacks, and improve reliability. The lawful basis is our legitimate interest in operating a secure, functioning service.
- To comply with law. We may retain or disclose information where we are legally required to do so (for example, in response to a valid legal request, or to comply with tax and accounting obligations once you become a client).
We do not use your data for marketing, profiling, or automated decision-making. We do not send unsolicited promotional emails.
4. Who we share it with
We share data only with the small set of service providers that help us operate the site and respond to enquiries. Each of these acts as our data processor under a written agreement, processes data only on our instructions, and applies appropriate security measures.
- Cloudflare, Inc. — hosting, content delivery, and DDoS / WAF protection. Processes server logs and request metadata.
- Our email provider — receives and stores email correspondence sent to and from hello@syntorium.com.
- Our contact-form transport — when you submit the form, the contents are transmitted to our team inbox via a transactional email service. The form does not store data in any third-party database.
- Professional advisors — accountants, auditors, and legal counsel where required to operate the business or comply with law.
We do not sell, rent, or trade personal data with third parties for their own purposes. We do not transfer data to advertising networks.
5. International transfers
We are based in the United Arab Emirates. Some of our service providers (e.g. Cloudflare, our email provider) operate globally and may process data on servers located in the EU, the UK, the US, or other jurisdictions. Where we transfer personal data outside the UAE, we rely on the safeguards permitted under applicable law — typically standard contractual clauses, adequacy decisions, or your explicit consent — to ensure your data remains protected to the same standard.
6. How long we keep it
- Contact-form submissions and enquiry emails: retained for up to 24 months after our last interaction with you, then deleted, unless we are obliged to keep them for longer (for example, where they form part of a contract or legal record).
- Client correspondence and contracts: retained for the duration of the engagement and for a period of up to 7 years after, in line with UAE accounting and tax record-keeping requirements.
- Server logs: retained by Cloudflare in accordance with their default retention periods (typically a few days to a small number of weeks).
7. How we protect it
We apply reasonable and proportionate technical and organisational measures, including:
- HTTPS on every page; HSTS where supported.
- Access controls on the email and storage systems where enquiries land — accounts are protected with strong passwords and multi-factor authentication.
- Principle-of-least-privilege access; only team members who need the data to do their work can access it.
- Regular dependency updates and security patching of our infrastructure.
- Vendor due diligence — we choose processors that publish credible security practices and offer data-processing agreements.
No system can be guaranteed perfectly secure. If we ever become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant authority and, where required, you, in accordance with applicable law.
8. Your rights
Depending on where you are located, you have some or all of the following rights in relation to the personal data we hold about you:
- Access — ask for a copy of the data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Deletion — ask us to delete your data, subject to legal-retention obligations.
- Restriction — ask us to limit the way we use your data.
- Portability — receive a copy of your data in a structured, machine-readable format.
- Objection — object to processing carried out on the basis of legitimate interest.
- Withdraw consent — where we rely on your consent, withdraw it at any time.
- Lodge a complaint — with the UAE Data Office or, if you are in the EU / UK, with your local supervisory authority.
To exercise any of these rights, email hello@syntorium.com with the subject line "Data request". We will respond within 30 days. We may need to verify your identity before acting on a request.
9. Children
This site and our services are not directed at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it.
10. Cookies
syntorium.com is a static marketing site. It does not set first-party cookies for analytics, advertising, or personalisation. Our hosting provider (Cloudflare) may set a small number of strictly-necessary cookies for security and abuse-mitigation purposes (for example, to identify and block automated traffic). These cookies do not track individuals across sites and are exempt from consent requirements under most cookie regimes. If we add other categories of cookies in the future, we will add a consent banner before they are set.
11. Third-party links
This site links out to other websites — our portfolio clients' sites, technologies we use, social profiles, and so on. Once you click an external link, you are subject to that site's own privacy policy, which we do not control.
12. Changes to this policy
We update this policy when our practices change or when the law requires us to. The "Last updated" date at the top of this page reflects the most recent revision. Significant changes will also be announced on the homepage or by email to active clients.
13. Contact us
Questions, requests, or concerns? Email hello@syntorium.com with the subject line "Privacy" and we will respond within five working days.