Back
Connect

Privacy Policy

Last updated: February 22, 2026

1. Introduction

Syft Technologies ("we", "us", or "our") operates the Connect platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

Account Information

When you register, we collect your name, email address, organization name, and profile image. This information is managed through our authentication provider (Clerk).

Customer Support Data

Messages, conversations, and contact information processed through Connect are stored to provide the Service. This includes chat messages, email content, and voice transcriptions.

Usage Data

We automatically collect usage information such as feature usage, response times, and platform interactions to improve the Service.

Knowledge Base Content

Documents, articles, and other content you upload to train AI responses are stored securely and used solely for providing AI-assisted support within your organization.

3. How We Use Your Information

  • Providing, maintaining, and improving the Service
  • Processing customer support conversations and generating AI responses
  • Sending transactional emails and service notifications
  • Analyzing usage patterns to improve features and performance
  • Ensuring security and preventing fraud
  • Complying with legal obligations

4. Data Storage & Security

We take data security seriously. Our measures include:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • EU-based data hosting (Convex EU West 1)
  • Regular security audits and vulnerability assessments
  • Role-based access controls and audit logging
  • Automatic data purging for inactive sessions

5. Data Sharing & Third-Party Processors

We do not sell your personal data. We share data only with:

  • Authentication: Clerk (authentication, user credentials, and profile data)
  • Data Storage: Convex (database hosting, EU-based, AES-256 encrypted)
  • Payments: Paddle (subscription billing and payment information)
  • AI Processing: Google Gemini and OpenAI APIs receive customer support messages to generate AI-assisted responses. We limit data transmission to only conversation context necessary for generating responses.
  • Email: Resend (transactional emails and notifications)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

All third-party service providers are contractually required to maintain data confidentiality and security standards equivalent to our own.

6. AI Processing & Your Consent

Connect uses AI services (Google Gemini and OpenAI) to generate responses and process support conversations. When you enable AI features:

  • Conversation messages are sent to AI providers to generate suggestions and responses
  • Knowledge base documents are processed to train AI response quality
  • Messages may be retained by AI providers in accordance with their privacy policies (typically 30 days for abuse detection)
  • You can disable AI features to prevent message transmission to third-party AI services

By using the Service with AI features enabled, you consent to this processing. You can opt-out or manage AI settings in your account preferences at any time.

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request transfer of your data in a machine-readable format
  • Restriction: Request restriction of processing of your personal data
  • Objection: Object to processing of your personal data

To exercise any of these rights, contact us at privacy@syft.tech. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Analytics data is collected in an anonymized, aggregated form.

9. Data Retention

We retain your account data for as long as your account is active. Customer support data is retained according to your organization's settings. Upon account deletion, we remove all personal data within 30 days, except where retention is required by law.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

For privacy-related inquiries, please contact our Data Protection team at privacy@syft.tech.