1. Data controller
The controller of your personal data is:
BE1005.891.4832. Data collected
We only collect data necessary for the purposes set out below. No sensitive data is processed without your explicit consent.
2.1 Via the contact form and the Synapse assistant
- Identification: first name, last name, professional email address, role
- Company: company name, size (headcount)
- Project: description of the need, technical context, indicative budget if provided
- Transcripts: if you interact with the Synapse conversational assistant, the entire conversation is recorded for commercial qualification
2.2 Technical data (browsing)
- IP address, browser type, operating system
- Pages visited, visit duration, traffic source (referer)
- Technical cookies required for the site to function
3. Purposes of processing
| Purpose | Legal basis | Duration |
|---|---|---|
| Respond to your contact requests and qualify your project | Pre-contractual measure at your request | 3 years after last contact |
| Customer relationship management and invoicing | Performance of the contract | 10 years (Belgian accounting obligations) |
| Site improvement and anonymised statistics | Legitimate interest | 13 months (analytics cookies) |
| Commercial prospecting (newsletter) | Explicit consent | Until unsubscription |
4. Data recipients
Your data is accessible only to the internal team of Synapse Up SRL. It is never resold or shared for advertising purposes.
Some data may be processed by our technical data processors:
- Hostinger (web hosting, Cyprus, EU)
- Anthropic (Synapse AI assistant, Claude model, United States)
- OpenAI (complementary AI models, United States)
- ElevenLabs (synthetic voice, United States)
- Google (Gemini, Search Console, United States)
- Pinecone (vector database, United States)
5. Anonymisation and pseudonymisation
Whenever possible, we apply anonymisation or pseudonymisation techniques to the data processed:
- Irreversible anonymisation: site and Synapse assistant usage statistics are aggregated in such a way that re-identification is no longer possible (removal of direct identifiers, cohort aggregation, removal of rare data).
- Pseudonymisation: conversation transcripts and technical debugging data are stored with a random identifier, dissociated from identification data, except where operationally necessary (response to your request, performance of the contract).
- Case studies and feedback: if we publish or cite a project for reference purposes, your name and that of your company are never cited without your prior written consent. Technical elements may be presented in anonymised form ("a premium e-commerce client in Belgium" rather than the name).
- Data sent to AI models: before any sending to an AI data processor (Anthropic, OpenAI, Google), we remove or mask elements that are not strictly necessary for processing (emails, phone numbers, third-party names) unless their presence is required for the purpose pursued.
When anonymisation is applied, the data no longer falls under the GDPR regime. When pseudonymisation is used, the data remains personal but its risk level is reduced.
6. Transfers outside the European Union
Some of our technical data processors (Anthropic, OpenAI, ElevenLabs, Google, Pinecone) are based in the United States. These transfers rely on Standard Contractual Clauses approved by the European Commission, as well as on adherence to the Data Privacy Framework where the data processor is certified, in accordance with article 46 of the GDPR.
We also apply technical measures (in-transit encryption, anonymisation of data not strictly necessary) to limit exposure.
7. Your rights
In accordance with the General Data Protection Regulation (EU 2016/679), you have the following rights over your data:
- Right of access: obtain a copy of your personal data
- Right to rectification: correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): request the deletion of your data
- Right to restriction of processing
- Right to object to processing
- Right to data portability
- Right to withdraw your consent at any time
- Right to lodge a complaint with the Autorité de protection des données (Belgian Data Protection Authority)
To exercise one of these rights, write to contact@synapse-up.com specifying the subject of your request. We will respond within one month.
7. Cookies
The site uses a minimal number of cookies:
- Essential technical cookies: required for the site to function (session, language preferences). No consent required.
- Anonymised analytics cookies: to measure traffic and improve the experience. You can refuse them at any time.
No advertising or profiling cookies for third-party commercial purposes are placed.
8. Security
We implement reasonable technical and organisational measures to protect your data against any unauthorised access, disclosure, alteration or destruction: HTTPS encryption, EU-based hosting, access to data limited to authorised personnel, regular audits.
9. Changes to this policy
This policy may evolve to reflect legal or technical changes. We invite you to consult it regularly. The last update date is shown at the top of this page.