Privacy Policy

1. Scope and Roles (GDPR)

This policy explains how Cyntrix Ltd handles personal data under GDPR and related EU/UK privacy laws.

For your account and billing data, Cyntrix Ltd is generally the data controller. For guest and reservation data entered by your business, your business is the data controller and Cyntrix Ltd acts as a data processor.

2. Information We Collect

We collect account and business information you provide, such as name, email, property code, subscription details, and reservation-related guest data entered by your team.

3. Legal Bases for Processing

We process personal data under one or more of these legal bases: performance of a contract, compliance with legal obligations, legitimate interests (for example service security and fraud prevention), and consent where required.

4. How We Use Information

We use information to provide and secure the service, process subscriptions, send operational notifications, maintain platform reliability, and improve product performance.

5. Payments

Subscription payments are processed by Stripe. We do not store full card numbers on our systems.

6. Data Sharing and Processors

We do not sell your personal data. We share data only with trusted providers needed to operate the service (for example, payment and email providers), and only as required under contract and confidentiality obligations.

7. International Data Transfers

Where personal data is transferred outside the EEA/UK/Switzerland, we apply appropriate safeguards, including Standard Contractual Clauses (or equivalent approved mechanisms).

8. Data Retention

We retain data while your account is active and as needed for legal, tax, or security purposes. You may request deletion, subject to legal and contractual retention requirements.

9. Security

We apply reasonable administrative, technical, and organizational safeguards to protect your data. No method of transmission or storage is guaranteed to be 100% secure.

10. Your GDPR Rights

Subject to applicable law, you may have the right to access, rectify, erase, restrict processing, object to processing, and data portability. You may also withdraw consent where processing is based on consent.

You have the right to lodge a complaint with your local supervisory authority in the EU/EEA/UK if you believe your data protection rights have been violated.

11. Data Processing Agreement (DPA)

If required for your compliance obligations, you may request a Data Processing Agreement by contacting us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use after updates means you accept the revised policy.

13. Contact

Privacy questions: [email protected].