Privacy Policy
Last updated: May 1, 2026. This policy describes how Syntex Global Platform (“Syntex”, “we”, “us”) collects, uses, discloses, and retains personal data when you use our website, client and vendor portals, and related services.
1. Who we are
Syntex provides translation and interpretation marketplace services. For data protection inquiries, contact us through the channels listed on our contact page.
2. Categories of personal data
- Account and profile: name, email, phone, organization affiliation, role, credentials, optional profile photo.
- Transaction and service data: job and project details, languages, schedules, files you upload, messages, agreements, billing and payment references.
- Technical data: IP address, device and browser type, cookies on our domains, security and audit logs.
- Communications: support and operational emails, in-app notifications preferences.
3. Subprocessors (processors)
We use the following categories of service providers to run the platform. Each processes personal data on our instructions to deliver the services below:
Canonical register (mirrors audits): Subprocessors.
- Supabase — authentication, Postgres database, Row Level Security, file storage, and realtime infrastructure.
- Stripe — payment processing, invoicing artifacts linked to card and bank debits, and fraud prevention as provided by Stripe.
- Resend — transactional and operational email delivery.
- Zoom — when enabled for an interpretation session, meeting metadata and participant identifiers as required to host the conference.
- Geoapify — mapping and geocoding for interpretation addresses and logistics displays where those features are active.
- Status page vendor — third-party status and incident communication tooling (for example Instatus or Better Stack) hosts our public availability page; it may process minimal technical or contact metadata you submit there. The live link appears in the site footer when configured.
4. Essential analytics (Vercel Analytics)
We use Vercel Analytics as essential, privacy-oriented web analytics (aggregated page views and Web Vitals) to operate and secure our Next.js deployment. This processing is configured as a necessary part of delivering the service; we do not use it for cross-site advertising. Based on our product decision, we do not surface a separate analytics consent banner for Vercel Analytics.
5. Retention (summary)
We retain data only as long as needed for the purposes below, unless a longer period is required by law, contract, or dispute resolution.
| Category | Typical retention |
|---|---|
| Account / profile | Life of the account; after self-serve deletion, identifiers are anonymized; hard delete of profile rows may occur after a cooling-off period where legal and technical dependencies allow. |
| Jobs, messages, documents, agreements | Duration of the business relationship plus statutory and bookkeeping periods applicable to language services and invoicing. |
| Billing / payments metadata | As required for tax, accounting, and payment network rules (often multiple years). |
| Audit logs and security telemetry | Limited periods aligned with security monitoring and compliance reviews. |
| Email delivery ledger (idempotency) | Rotated out on a scheduled basis (for example, rows older than ninety days removed where configured). |
6. Legal bases (EEA / UK)
Where GDPR applies, we rely on contract (providing the services you request), legitimate interests (securing the platform, invoicing, analytics described above), and legal obligation (tax, regulatory, and court orders) as applicable. Marketing communications use consent where required.
7. GDPR rights
If GDPR (or similar laws) applies to you, you may have rights to access, rectification, erasure, restriction, objection, and data portability. You may also lodge a complaint with your supervisory authority.
- Access and portability: Signed-in clients and vendors can download a structured JSON bundle of their account data from the portal (Settings → Security) or via
GET /api/me/export(rate-limited). - Rectification: Update profile fields in the portal or contact support for assistance.
- Erasure: Use Delete my account in Settings (typed email confirmation) or call
DELETE /api/me/delete. We anonymize direct identifiers promptly; residual transactional rows may remain where retention is required. - Complaints: Contact us first; you may escalate to your data protection regulator.
8. International transfers
Our processors may process data in the United States and other regions. Where required, we implement appropriate safeguards (such as Standard Contractual Clauses) with vendors.
9. Security
We apply administrative, technical, and organizational measures including encrypted connections, access controls, audit logging, and role-based access to customer data.
10. Changes
We may update this policy from time to time. Material changes will be reflected by updating the date above and, where appropriate, additional notice in the product.