Privacy Policy for snytra.com
Last updated: 24 April 2025
1. At a glance
We're Snytra Ltd ("Snytra", "we", "our", "us"). We collect only the data we truly need, guard it like it's our nan's heirloom biscuit tin, and never flog it to spammers. This notice tells you exactly what we gather, why, how long we keep it, and the rights you have under the UK GDPR and the Privacy and Electronic Communications Regulations (PECR).
2. Who's in charge here?
Snytra Ltd is the data controller. Our details:
- Registered office: 75 Kingsway, London WC2B 6SR, UK
- Companies House number: 12345678
- ICO registration: ZB 123456
- Data Protection Officer (DPO): privacy@snytra.com
3. The data we collect and why
| Category | Examples | Why we need it | Lawful basis (Article 6 UK GDPR) |
|---|---|---|---|
| Identity & contact | Name, email, phone | Create and manage your account; authenticate you at login | Contract ✔ |
| Profile | Avatar, time-zone, accessibility preferences (optional) | Personalise your dashboard | Consent ✔ |
| Usage | Pages viewed, clicks, IP address (truncated) | Improve features and diagnose bugs | Legitimate interest ✔ |
| Payment | Cardholder name, last 4 digits, billing address (processed by Stripe) | Take payments and issue refunds | Contract & legal obligation ✔ |
| Marketing choices | Opt-in checkbox state | Send newsletters only if you said yes | Consent ✔ |
| Support | Emails, chat transcripts | Answer your questions and keep an audit trail | Legitimate interest ✔ |
4. Cookies & similar tech
| Type | Purpose | Default |
|---|---|---|
| Essential | Keep you logged in; process payments | Always on |
| Analytics | See which pages are popular. We use Google Analytics 4, which drops IPs before logging them — no full IP ever hits Google's disks | Off until you say yes |
| Preferences | Remember dark-mode, language, etc. | Off until you say yes |
A banner appears on your first visit. You can revisit your choices any time by clicking Cookie settings in the footer. For the wonks: we follow ICO guidance on PECR consent.
5. Marketing (no spam promise)
Newsletters arrive only if you've actively opted in. Every email has an Unsubscribe link that works the first time you click it.
6. Who we share data with (and why)
| Recipient | Role | Safeguard |
|---|---|---|
| Stripe Payments UK | Card processing | PCI-DSS compliant; Privacy Centre |
| DigitalOcean | Cloud hosting in London & Frankfurt | UK DPF extension / SCCs |
| Google Analytics 4 | Site analytics | IP anonymisation & regional controls |
| Mailjet | Transactional & marketing email | EU data-centre, SCCs |
| Professional advisers | Accountants, solicitors, insurers | NDAs + strict access control |
| Authorities | HMRC, courts, ICO if we're legally obliged | UK law |
We never sell, rent, or trade your personal details—ever.
7. Sending data abroad
Some suppliers are in the US. We rely on one of:
- UK-US Data Bridge for certified US companies
- Standard Contractual Clauses (2021) for everyone else
If these tools are ever struck down (think "Schrems II" all over again) we'll switch to another lawful mechanism or pause transfers.
8. Security, in plain English
- HTTPS everywhere – green padlock or we'd cry.
- Data encrypted at rest (AES-256) and in transit (TLS 1.3).
- 2-factor authentication for staff dashboards.
- Quarterly penetration tests and daily off-site backups.
- Strict least-privilege access; logs kept for 90 days minimum.
We still urge you to pick a unique, strong password. If you suspect any misuse, ping us immediately at security@snytra.com.
9. Data retention
| Record | Kept for | Reason |
|---|---|---|
| User account | Active + 12 months | Grace period for reactivation |
| Invoices & tax data | 7 years | HMRC rules |
| Analytics logs | 26 months then aggregated | Trend reporting |
| Support tickets | 24 months | Spot repeat issues |
| Cookie consents | 6 years | ICO guidance |
When time's up, we either anonymise or securely delete.
10. Automated decision-making & profiling
We do not make decisions that have legal or similarly significant effects on you based solely on automated processing (Article 22 UK GDPR).
11. Your rights (quick recap)
You can:
- Be informed about how we use your data.
- Access a copy.
- Correct anything wrong.
- Erase it ("right to be forgotten").
- Restrict or object to processing.
- Port it to another provider.
- Withdraw consent at any time.
- Complain to the ICO (ico.org.uk).
To exercise any right, email privacy@snytra.com. We'll respond within 30 days (or tell you why we can't).
12. Data breaches – our 72-hour plan
If a breach slips through, we'll:
- Contain it and assess impact within hours.
- Notify the ICO within 72 hours if risky.
- Tell affected users ASAP, explaining steps to stay safe.
- Keep a full incident log for auditing.
13. Children
Snytra isn't aimed at under-13s. If you learn that a child has shared info with us, let us know and we'll delete it.
14. Changes to this notice
Tiny tweaks appear here with a fresh "Last updated" date. Major rewrites get an inbox or in-app alert 30 days in advance.
15. Talk to a human
- Email: privacy@snytra.com
- Post: Data Protection Officer, 75 Kingsway, London WC2B 6SR
- Phone: +44 20 7946 1234
If you're still unhappy, you can complain to the Information Commissioner's Office: ico.org.uk or 0303 123 1113.