Effective 28 April 2026

Privacy Policy

This policy explains what personal information Synvas Technologies (Pvt) Ltd collects when you use www.synvastech.com, how we use it, who we share it with, and the choices you have. It is aligned with Zimbabwe’s Cyber and Data Protection Act [Chapter 12:07] and is GDPR-compatible for international clients.

1. Who we are

Synvas Technologies (Pvt) Ltd is registered in Zimbabwe at Thompson Office Block, Unit 14, 17 Phillips Avenue, Belgravia, Harare, Zimbabwe. For privacy enquiries contact privacy@synvastech.com.

2. Information we collect

• Information you provide — name, email, phone, company, role, project brief, message content, and any files you attach to enquiry forms.
• Information collected automatically — IP address (truncated for analytics), browser/device type, referring URL, pages visited and timestamps. We use Plausible Analytics, which is privacy-friendly and does not set cookies or fingerprint visitors. GA4 is only loaded after explicit consent.
• Syn AI conversations — message content, IP address, and a per-session ID, retained for 30 days unless you opt to keep the thread.

3. How we use information

• To respond to your enquiry, prepare proposals and deliver engagements.
• To send transactional emails (acknowledgements, scoping confirmations, invoices).
• To send our newsletter to subscribers who have opted in (double opt-in via Resend).
• To improve the website, our products, and Syn AI’s answers.
• To comply with legal obligations.

4. Lawful basis (GDPR)

We rely on (a) contract, where processing is necessary to respond to your request or deliver an engagement; (b) consent, for marketing emails and non-essential cookies; (c) legitimate interest, for service improvement and fraud prevention.

5. Sharing

We share data with carefully selected processors: Resend (email), Supabase (database), Anthropic (Syn AI), Stripe / Paynow / EcoCash (payments), Cal.com (booking), Vercel (hosting), and Plausible (analytics). Each is bound by data-processing terms equivalent to GDPR Article 28. We do not sell personal data.

6. International transfers

Some processors operate outside Zimbabwe. We rely on standard contractual clauses or equivalent safeguards for any cross-border transfer of personal data.

7. Retention

• Enquiry data — 24 months from last contact, then anonymised.
• Newsletter list — until you unsubscribe.
• Syn AI conversations — 30 days, unless you opt to retain a thread.
• Engagement records — 7 years for finance/audit, then deleted.

8. Your rights

Subject to the Zimbabwe Cyber and Data Protection Act and GDPR where applicable, you have rights of access, rectification, erasure, restriction, objection, and portability. Email privacy@synvastech.com to exercise any of these. We respond within 30 days.

9. Security

We use encryption in transit (HTTPS/TLS 1.3), encryption at rest, role-based access, audit logs on sensitive operations, and least-privilege principles for all team access to client data.

10. Children

The website is not directed to anyone under 16. We do not knowingly collect data from children.

11. Changes

We will post any changes to this policy on this page with an updated effective date. Material changes will be notified to active newsletter subscribers.