Privacy Policy

1. Who We Are

Syncrasoft Ltd ("Syncrasoft", "we", "us", or "our") is a technology company registered in England and Wales. We provide mobile app development services and Microsoft Azure & Office 365 consultancy.

2. What Data We Collect

2.1 Information you provide directly

• Name and contact details (email address, phone number)
• Company name and job title
• Project or enquiry details submitted through our contact form
• Communication preferences (e.g. newsletter opt-in)

2.2 Information collected automatically

• Basic analytics data (page views, session duration) via Google Analytics 4
• IP address (anonymised where possible)
• Browser type, device type, and operating system
• Referring URL and pages visited

2.3 Mobile application data

Our mobile applications (Tiny Tot Tracker, Anchor Wellbeing) have their own in-app privacy notices that govern data collected within those applications. Please refer to the in-app notices for full details.

3. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

• Responding to enquiries — legal basis: legitimate interests (Article 6(1)(f) UK GDPR)
• Delivering contracted consultancy services — legal basis: contract performance (Article 6(1)(b) UK GDPR)
• Sending service updates or marketing communications — legal basis: consent (Article 6(1)(a) UK GDPR), where you have opted in
• Website analytics and improving our services — legal basis: legitimate interests (Article 6(1)(f) UK GDPR)
• Complying with legal obligations — legal basis: legal obligation (Article 6(1)(c) UK GDPR)

4. Data Retention

We retain personal data only for as long as necessary for the purposes set out in this policy:

• Contact form enquiries: retained for up to 2 years from the date of enquiry, or until the matter is resolved
• Client project records: retained for 6 years from the end of the engagement (in line with UK statutory limitation periods)
• Marketing consent records: retained until you withdraw consent or unsubscribe
• Analytics data: retained for up to 14 months in Google Analytics 4 (Google's default retention period)

When data is no longer required, it is securely deleted or anonymised.

5. Who We Share Your Data With

We do not sell your personal data. We may share it with the following categories of recipient, only where necessary:

• Google LLC — for analytics (Google Analytics 4). Google processes data under a Data Processing Agreement with Syncrasoft.
• Microsoft Corporation — for email and productivity tools (Microsoft 365). Data is processed under Microsoft's Data Processing Agreement.
• Legal or regulatory authorities — where required by law or to protect our legal rights.

All processors are subject to appropriate contractual and technical safeguards.

6. International Transfers

Some of our processors (including Google and Microsoft) may transfer data outside the UK or EEA. Where this occurs, transfers are made under the UK International Data Transfer Agreement (IDTA) or adequacy decisions recognised by the UK Information Commissioner's Office (ICO).

7. Your Rights

Under UK GDPR (and EU GDPR where applicable), you have the following rights in relation to your personal data:

• Right of access — to request a copy of the data we hold about you (Subject Access Request)
• Right to rectification — to have inaccurate data corrected
• Right to erasure ("right to be forgotten") — to request deletion of your data in certain circumstances
• Right to restriction — to restrict our processing in certain circumstances
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent — where processing is based on consent, to withdraw it at any time without affecting prior processing

To exercise any of these rights, or to submit a data deletion request, please contact us at sales@syncrasoft.com. We will respond within 30 days.

8. Data Subject Access Requests (DSAR)

To request access to your personal data, email us at sales@syncrasoft.com with the subject line "Subject Access Request". We will acknowledge your request within 5 working days and respond within one calendar month (30 days) as required by UK GDPR.

Requests are free of charge unless they are manifestly unfounded or excessive.

9. Data Deletion Requests

If you wish to request the deletion of your personal data (where this right applies under Article 17 UK GDPR), please email us at sales@syncrasoft.com with the subject line "Erasure Request". We will respond within 30 days and confirm what action has been taken.

Please note that we may be required to retain some data to meet legal obligations (e.g. financial records) even where an erasure request is made.

10. Cookies and Tracking

Our website uses Google Analytics 4 to understand how visitors use our site. Google Analytics sets cookies to collect anonymised usage data. No advertising or third-party tracking cookies are used on our website.

You can opt out of Google Analytics tracking at any time by installing the Google Analytics Opt-out Browser Add-on.

11. Global Privacy Control (GPC)

We acknowledge Global Privacy Control (GPC) browser signals as an opt-out of any data sale or sharing for targeted advertising. As we do not sell or share personal data for advertising purposes, GPC signals do not change our data processing practices. We commit to honouring GPC signals in compliance with applicable US state privacy laws (including California CCPA/CPRA).

12. Jurisdiction Coverage

This policy is designed to meet the requirements of the following frameworks:

• UK GDPR and the Data Protection Act 2018 (primary jurisdiction)
• EU GDPR (Regulation 2016/679) — for visitors from EU member states
• CCPA / CPRA (California Consumer Privacy Act / Privacy Rights Act) — for California residents

If you are located in a jurisdiction not listed above and have questions about how your local privacy law applies, please contact us.

13. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These include:

• TLS encryption for all data in transit
• Access controls limiting who can access personal data
• Use of industry-standard cloud infrastructure with security controls
• Regular review of data handling practices

14. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with this policy or applicable law, you have the right to lodge a complaint with the relevant supervisory authority:

• UK: Information Commissioner's Office (ICO) — ico.org.uk — 0303 123 1113
• EU: Your local Data Protection Authority (list at edpb.europa.eu)

We would, however, appreciate the opportunity to address your concerns before you contact a regulator — please reach out to us first.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated via a notice on our website where practicable.

16. Contact Us

For any questions about this Privacy Policy, or to exercise your data rights, please contact us: