Privacy Policy

1. Information We Collect

Sytale collects various types of information in connection with the services we provide. This section describes what information we collect, how we collect it, and why we collect it.

1.1 Information You Provide Directly

We collect information you voluntarily provide when using our Services:

• Account Information: Name, email address, phone number, business name, mailing address
• Business Details: Company name, industry, business description, website content preferences, branding materials, logos
• Payment Information: Billing address and payment method details (processed securely via Stripe - we do not store complete credit card numbers)
• Website Content: Text, images, videos, documents, and other materials you provide for your website
• Communications: Messages, inquiries, feedback, and support requests sent to us via email, contact forms, or chat
• Email Service Data: For email management clients - customer emails, email metadata, contact lists, appointment information, and correspondence

1.2 Automatically Collected Information

When you access or use our Services, we automatically collect certain information:

• Device Information: IP address, browser type and version, operating system, device identifiers, mobile network information
• Usage Data: Pages viewed, links clicked, time spent on pages, referring/exit pages, date and time stamps, clickstream data
• Location Data: General geographic location derived from IP address
• Cookies and Tracking: See Section 7 for detailed information about cookies
• Log Data: Server logs, error reports, diagnostic information, performance metrics

1.3 Information from Third-Party Sources

We may receive information about you from third parties, including:

• Payment processors (Stripe) - transaction and payment verification data
• Domain registrars (Cloudflare) - domain ownership and registration information
• Email service providers (Zoho Mail) - email delivery and performance metrics
• Analytics providers - aggregated usage and performance statistics
• Publicly available sources - business directories, social media (only when relevant to providing Services)

1.4 Email Management Service Data

If you subscribe to our email management services, we collect and process:

• Incoming customer emails and their content
• Email metadata (sender, recipient, subject line, timestamps)
• Customer contact information
• Appointment and calendar data
• Response templates and FAQs you provide
• Business hours and availability information
• Sales playbooks and scripts (Premium plan clients)

Important: We process this data solely to provide email management services. We do not use customer email content for marketing, advertising, or any purpose other than providing Services to you.

2. How We Use Your Information

We use collected information for legitimate business purposes, including:

2.1 Service Delivery

• Designing, developing, hosting, and maintaining your website
• Managing your email inbox and responding to customer inquiries
• Processing payments and managing billing
• Providing customer support and technical assistance
• Communicating with you about your account, services, and updates
• Creating backups and ensuring data security

2.2 Service Improvement and Analytics

• Analyzing usage patterns to improve Services
• Developing new features and functionality
• Conducting research and analytics
• Monitoring and analyzing trends, usage, and activities
• Testing and troubleshooting new features

2.3 Marketing and Communications

• Sending promotional materials and service updates (with consent)
• Responding to inquiries and requests
• Conducting surveys and gathering feedback
• Personalizing your experience

2.4 Legal and Security

• Complying with legal obligations and regulations
• Protecting against fraud, abuse, and security threats
• Enforcing our Terms of Service
• Resolving disputes and enforcing agreements
• Protecting rights, property, and safety of Sytale, users, and public

2.5 Email Management Specific Uses

For email management services, we use your data to:

• Read, categorize, and respond to customer emails
• Identify leads and urgent messages for forwarding
• Schedule appointments and manage calendars
• Generate monthly insights and analytics reports
• Filter spam and manage inbox organization
• Conduct proactive follow-ups and customer re-engagement

2.6 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

• Contract Performance: Processing necessary to provide Services you requested
• Legitimate Interests: Improving Services, fraud prevention, security
• Consent: Marketing communications, optional cookies
• Legal Obligation: Compliance with applicable laws and regulations

3. Information Sharing and Disclosure

We DO NOT sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your information only in the following limited circumstances:

3.1 Service Providers and Business Partners

We share information with trusted third-party service providers who perform services on our behalf under strict confidentiality obligations:

• Stripe: Payment processing and billing management
• Cloudflare: Website hosting, CDN, domain registration, DDoS protection, SSL certificates
• Zoho Mail: Professional email setup and management assistance
• Web3Forms: Contact form submission processing
• Analytics Providers: Website usage analysis (anonymized data)

These providers are contractually prohibited from using your information for any purpose other than providing Services to us. They must maintain confidentiality and security standards consistent with this Privacy Policy.

3.2 Legal Requirements and Protection

We may disclose your information if required or permitted by law:

• To comply with legal process, court orders, or government requests
• To enforce our Terms of Service and other agreements
• To protect the rights, property, or safety of Sytale, users, or the public
• To detect, prevent, or address fraud, security, or technical issues
• To respond to emergencies we believe require disclosure to protect someone's safety
• As required by applicable laws and regulations

3.3 Business Transfers

If Sytale is involved in a merger, acquisition, asset sale, bankruptcy, or similar transaction, your information may be transferred as part of that transaction. We will provide notice and, where required, obtain consent before your information is transferred and becomes subject to a different privacy policy.

3.4 With Your Consent

We may share information with third parties when you explicitly consent or direct us to do so.

3.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, marketing, analytics, or other business purposes.

3.6 Email Management Data Sharing

For email management services, customer email content is:

• Processed by our team solely to provide Services to you
• Never shared with third parties except as necessary to deliver Services (e.g., calendar providers for appointment scheduling)
• Never used for advertising, marketing, or unrelated purposes
• Subject to strict confidentiality obligations

4. Data Security and Protection Measures

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

4.1 Technical Security Measures

• Encryption: SSL/TLS encryption for all data transmission; encryption at rest for sensitive data
• Secure Infrastructure: Enterprise-grade hosting via Cloudflare with DDoS protection, Web Application Firewall (WAF), and redundancy
• Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), strong password requirements
• Network Security: Firewalls, intrusion detection/prevention systems, network segregation
• Data Backups: Regular automated backups with encrypted storage, disaster recovery procedures
• Security Monitoring: 24/7 automated threat monitoring, log analysis, vulnerability scanning

4.2 Organizational Security Measures

• Employee training on data protection and security best practices
• Confidentiality agreements with all employees and contractors
• Limited access to personal data on a need-to-know basis
• Regular security audits and assessments
• Incident response and breach notification procedures
• Secure disposal of data no longer required

4.3 Payment Security

Payment information is processed by Stripe, a PCI-DSS Level 1 certified payment processor. We do not store complete credit card numbers on our servers. Stripe maintains the highest level of security certifications in the payment industry.

4.4 Email Management Security

For email management services:

• Email access is secured with encrypted connections
• Customer email data is processed by authorized personnel only
• Strict confidentiality protocols govern email handling
• Regular security training for email management team members

4.5 Security Limitations and Your Responsibilities

IMPORTANT: While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security. You are responsible for:

• Maintaining confidentiality of your account credentials
• Using strong, unique passwords
• Enabling multi-factor authentication when available
• Notifying us immediately of any unauthorized access
• Keeping your contact information current

4.6 Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

• Notify affected users via email within 72 hours of discovering the breach
• Provide details about what information was compromised
• Explain steps we are taking to address the breach
• Provide recommendations for protecting yourself
• Comply with all applicable data breach notification laws

5. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We respect and facilitate the exercise of these rights.

5.1 General Privacy Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Deletion (Right to be Forgotten): Request deletion of your personal data, subject to legal retention obligations
• Data Portability: Request transfer of your data in a machine-readable format
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing based on legitimate interests or for direct marketing
• Withdraw Consent: Withdraw previously given consent at any time
• Lodge Complaints: File a complaint with your local data protection authority

5.2 Rights for EEA/UK Residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR:

• Right to comprehensive information about data processing
• Right to object to automated decision-making and profiling
• Right to lodge a complaint with supervisory authorities
• Right to receive information about data breach notifications
• Right to not be subject to automated individual decision-making

5.3 Rights for California Residents (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act:

• Know: Right to know what personal information is collected, used, shared, or sold
• Delete: Right to request deletion of personal information
• Opt-Out: Right to opt-out of sale of personal information (Note: We do NOT sell personal information)
• Non-Discrimination: Right to not be discriminated against for exercising your rights
• Correct: Right to correct inaccurate personal information
• Limit: Right to limit use of sensitive personal information

5.4 Rights for Canadian Residents (PIPEDA)

Canadian residents have rights under the Personal Information Protection and Electronic Documents Act:

• Right to access personal information held by organizations
• Right to challenge the accuracy and completeness of information
• Right to know how personal information is being used
• Right to withdraw consent for data processing
• Right to file complaints with the Privacy Commissioner of Canada

5.5 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@sytale.co
• Subject Line: "Privacy Rights Request - [Specify Right]"
• Include: Your full name, email address, account details, and specific request

We will respond to your request within:

• 30 days for general requests
• 1 month for GDPR requests (extendable by 2 months for complex requests)
• 45 days for CCPA requests (extendable by additional 45 days)

5.6 Identity Verification

To protect your privacy, we must verify your identity before processing rights requests. We may request additional information to confirm your identity, such as:

• Email confirmation from your registered email address
• Account verification questions
• Government-issued ID (for deletion requests only)

5.7 Marketing Communications

You can opt out of marketing emails by:

• Clicking "Unsubscribe" in any marketing email
• Updating preferences in your account settings
• Contacting us at privacy@sytale.co

Note: You cannot opt out of transactional emails related to your account and Services (e.g., invoices, service updates).

6. Third-Party Services

Our website and services integrate with the following third-party providers. Each has their own privacy policies:

Stripe

Payment processing is handled by Stripe. Their privacy policy is available at https://stripe.com/privacy.

Web3Forms

Contact forms are processed by Web3Forms. Their privacy practices are outlined in their terms at https://web3forms.com/terms.

Cloudflare

Website hosting and domain registration services are provided by Cloudflare. Their privacy policy can be found at https://www.cloudflare.com/privacypolicy/.

Zoho Mail

Email setup assistance is provided through Zoho Mail. Their privacy policy is available at https://www.zoho.com/privacy.html.

We encourage you to review the privacy policies of these third-party services, as their data practices may differ from ours.

7. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

Essential Cookies

Required for basic website functionality and security.

Analytics Cookies

Help us understand how visitors use our website to improve our services.

Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness.

You can control cookie preferences through your browser settings. However, disabling certain cookies may affect website functionality.

8. Data Retention Periods

We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Active Account Data

• Account Information: Retained while your account is active plus 30 days after cancellation (for potential reactivation)
• Website Content: Retained during active subscription plus 30 days post-cancellation
• Email Management Data: Retained during active email service subscription plus 30 days
• After 30 days post-cancellation: All data is permanently and irretrievably deleted

8.2 Financial and Transaction Data

• Payment Records: 7 years (tax and accounting law requirements)
• Invoices and Billing Information: 7 years (legal compliance)
• Refund Records: 7 years (legal and dispute resolution)
• Subscription History: 3 years after termination

8.3 Communications and Support

• Customer Support Tickets: 3 years after resolution
• Email Communications: 2 years for service-related; immediately deletable for marketing
• Chat Logs: 2 years for quality and training purposes

8.4 Legal and Compliance

• Legal Documents: 7-10 years as required by law
• Dispute Records: Until resolution plus 3 years
• Audit Logs: 2 years for security and compliance

8.5 Analytics and Usage Data

• Website Analytics: 26 months (anonymized after 14 months)
• Performance Metrics: 2 years (anonymized after 6 months)
• Server Logs: 90 days

8.6 Deletion and Anonymization

When data is no longer required:

• Personal identifiers are permanently deleted
• Data may be anonymized for statistical and analytical purposes
• Anonymized data cannot be traced back to you
• Backups are purged according to our backup rotation schedule (maximum 90 days)

8.7 Early Deletion Requests

You may request earlier deletion of your data, except where retention is legally required. Contact privacy@sytale.co with deletion requests.

9. International Data Transfers

Sytale is based in Canada. Your information may be transferred to, stored, and processed in Canada and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

9.1 Transfer Mechanisms and Safeguards

When we transfer personal data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs): EU-approved data transfer agreements with service providers
• Adequacy Decisions: Transfers to countries deemed adequate by EU Commission or other authorities
• Data Processing Agreements: Contractual protections with all processors handling your data
• Privacy Shield Alternatives: For US transfers, reliance on SCCs and supplementary measures
• Your Consent: Explicit consent where required by law

9.2 Third-Party Locations

Our service providers may process data in the following regions:

• Cloudflare: Global network with data centers worldwide
• Stripe: United States (with EU data residency options for European customers)
• Zoho Mail: Data centers in USA, EU, India, Australia (based on your selection)

9.3 Your Rights Regarding Transfers

You have the right to:

• Obtain information about international transfers of your data
• Request copies of safeguards in place
• Object to transfers in certain circumstances
• Withdraw consent for transfers based on consent

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

10.1 Notification of Changes

We will notify you of material changes by:

• Email notification to your registered email address (at least 30 days before effective date)
• Prominent banner notice on our website
• In-app notification (if applicable)
• Updating the "Last Updated" date at the top of this policy

10.2 Types of Changes

• Material Changes: Significant modifications to data collection, use, sharing, or your rights require advance notice and potentially your consent
• Non-Material Changes: Minor updates, clarifications, or formatting changes may be made without notice

10.3 Your Options

When we make material changes:

• You will have the opportunity to review changes before they take effect
• You may choose to terminate your account if you disagree with changes
• Continued use of Services after the effective date constitutes acceptance of changes
• For changes requiring consent, we will seek your explicit agreement

10.4 Policy Version History

We maintain records of previous policy versions. Contact us if you need information about prior versions.

11. Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If we learn we have collected personal information from a child under 18, we will:

• Delete that information as quickly as possible
• Terminate any associated accounts
• Notify parents/guardians if contact information is available

If you believe we have collected information from a child under 18, contact us immediately at privacy@sytale.co.

12. Contact Information and Data Protection Officer

12.1 General Inquiries

For questions about this Privacy Policy or our data practices:

• Email: privacy@sytale.co
• General Support: support@sytale.co
• Legal Notices: legal@sytale.co
• Mailing Address: Sytale, Montreal, Quebec, Canada
• Website: https://sytale.net

12.2 Privacy Rights Requests

To exercise your privacy rights (access, deletion, correction, etc.):

• Email: privacy@sytale.co
• Subject Line: "Privacy Rights Request - [Your Name]"
• Include: Full name, email address, account details, specific request, and verification information

12.3 Data Protection Officer

For data protection matters, you may contact our Data Protection Officer:

• Email: dpo@sytale.co
• Purpose: GDPR compliance, data protection inquiries, privacy concerns

12.4 Supervisory Authority

If you are in the EEA/UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

For Canadian residents, you may file complaints with the Office of the Privacy Commissioner of Canada:

• Website: https://www.priv.gc.ca
• Phone: 1-800-282-1376

12.5 Response Time

We aim to respond to all inquiries within:

• 2-3 business days for urgent privacy matters
• 30 days for general inquiries and rights requests
• 1 month for GDPR requests (may be extended for complex requests)
• 45 days for CCPA requests (may be extended once)

Effective Date: December 13, 2025

Last Updated: December 13, 2025

Version: 2.0