Skip to content
Synaps

Legal

Privacy Policy

Last updated: May 17, 2026

This privacy notice explains how Synaps Limited ('Synaps', 'we', 'us') collects, uses, and protects personal data when you visit synapslimited.eu or interact with our services. It is written to comply with the EU General Data Protection Regulation (Regulation 2016/679, 'GDPR') and applicable EU/EEA law.

Who we are

Synaps Limited is a small EU-based digital studio that builds and maintains websites for European SMEs. You can contact our data protection point of contact at info@synapslimited.eu for any question about this policy or your personal data.

What we collect

We minimize data collection by design. Categories we may process:

  • Contact information you submit through our forms or email. Typically your name, email address, business URL, and the message you wrote.
  • Booking data when you schedule a call through our embedded Cal.com widget: name, email, chosen time slot. This data is processed by Cal.com (Cal.com, Inc.) and shared with us.
  • Newsletter subscriptions: your email address and opt-in timestamp, processed via Resend (Resend, Inc.).
  • Technical data: IP address, browser type, language preference, and approximate location, used only for security, fraud prevention, and aggregate analytics. We do not run third-party marketing trackers by default.

Why we process it

  • To respond to your enquiry, prepare a proposal, and run any engagement you sign with us (lawful basis: contract).
  • To send you the newsletter you explicitly opted into (lawful basis: consent. Withdraw at any time via the unsubscribe link or by emailing us).
  • To secure our website and detect abusive traffic (lawful basis: legitimate interest in keeping our service running).
  • To comply with bookkeeping, tax, and other legal obligations (lawful basis: legal obligation).

Who we share it with

We rely on a small set of EU-friendly sub-processors. Each provider has its own privacy notice, which you can review on their site:

  • Vercel, Inc.: hosting and edge delivery (EU regions).
  • Supabase, Inc.: database and authentication (EU region).
  • Resend, Inc.: transactional email and newsletter delivery.
  • Sanity.io: content management for our editorial articles. Visitor data is not shared with Sanity.
  • Cal.com, Inc.: embedded scheduling on our contact page. Used only when you choose to book a call.

Where any of these providers transfer data outside the EU/EEA, we rely on Standard Contractual Clauses or equivalent safeguards under Articles 44 to 49 GDPR.

How long we keep it

  • Enquiries that don't become engagements: deleted or anonymized within 12 months of last contact.
  • Active client records: kept for the duration of the contract and for the legal retention period (typically 7 years for invoicing).
  • Newsletter subscriptions: kept until you unsubscribe.
  • Technical logs: rolling 30-day window unless flagged for security review.

Your rights

Under GDPR you have the right to access your data, correct it, delete it ('right to be forgotten'), restrict processing, port it to another service, and object to processing based on legitimate interest. You also have the right to withdraw consent at any time, and to lodge a complaint with your national EU/EEA Data Protection Authority if you believe your rights have been infringed.

To exercise any of these rights, email info@synapslimited.eu. We respond within 30 days.

Cookies

We use only essential cookies (navigation, language preference, consent record). For the full list see our Cookie Policy.

Changes to this policy

If we materially change this notice, we will update the 'last updated' date and, where required, ask you to reconfirm consent. Past versions are available on request.

Contact

Questions: info@synapslimited.eu