Privacy Policy

Last updated: 02/03/2026

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use the Synergo platform and related services ("Synergo", "Service", "Platform"). It also explains your rights under applicable data protection law, including the General Data Protection Regulation (GDPR) and the laws of the Republic of Cyprus.

By using Synergo, you acknowledge that you have read and understood this Privacy Policy.

1. Who we are (data controller)

The data controller responsible for processing personal data described in this Privacy Policy is:

David Andrei Padure

Operating under the registered trade name (Εμπορική Επωνυμία): S.N. SYNERGO NETWORK

Registered address: 1η Απριλίου 6, Λευκωσία, Cyprus

Email: team@synergo.cy

For questions or requests related to this Privacy Policy, you can contact us by email.

2. Scope of this Privacy Policy

This Privacy Policy applies to:

Visitors to our website and landing pages;
Individuals who create or access a Synergo account on behalf of a business (e.g. owners, employees, contractors);
Individuals whose data may be entered into Synergo by our customers (e.g. team members, business contacts); and
Communication with us by email, forms, or other channels.

This Policy does not govern the content or contracts that Synergo users exchange directly between themselves (for example, NDAs or commercial contracts concluded outside the Platform).

3. Types of personal data we collect

3.1 Data you provide directly

When you interact with Synergo, you may provide us with:

Account and profile data: Name, surname, job title/role, business name, trade name, VAT or registration number (if applicable), business sector, country, city, business website, and any other profile information you choose to provide.
Contact details: Email address, phone number, communication preferences.
Authentication data: Passwords or other login credentials (stored securely, not in plain text).
Billing and subscription data: Billing name, billing address, VAT number (if applicable), subscription plan, payment-related information (handled via our payment processor).
Project and interaction data:Information you include in company profiles, "Projects", "link" requests, messages, attachments, files, notes, and other content you upload or share on the Platform.
Support and communication data: Information you provide when you contact us (e.g. support tickets, feedback, emails, or forms).

3.2 Data we collect automatically

When you use Synergo or visit our website, we may automatically collect:

Technical data: IP address, browser type and version, device type and operating system, language settings, approximate location (country/city based on IP), referral source.
Usage data: Log data about how you use the Platform (pages and screens visited, features used, time and date of access, clickstream data, error logs, performance data).
Profile interaction data:When you view another user's business profile on the Platform, we may record that interaction (including your user identifier and the time of the visit) to provide profile analytics features to business users. This data is processed on the basis of our legitimate interest in enabling useful business insights (Article 6(1)(f) GDPR).

This information is collected primarily through cookies, similar technologies, and server logs (see "Cookies and similar technologies" below).

3.3 Data we receive from third parties

We may receive personal data from:

Payment providers: Limited payment-related data (e.g. payment status, last four digits of card, transaction IDs) so we can manage subscriptions and invoicing.
Authentication or identity providers (if used): Basic profile information such as name, email, and profile picture if you choose to sign in via an external service.
Business contacts: If another Synergo customer invites you to a project or team, they may provide your name, email address, and role.

4. Purposes and legal bases for processing

We process personal data only when we have a legal basis under the GDPR. Depending on the situation, the legal basis will be performance of a contract, legitimate interests, compliance with legal obligations, or consent.

4.1 Providing and operating the Platform

Creating and managing user accounts;
Providing core features (discovery, "links", projects, messaging, notifications);
Maintaining security, authentication, and access control.

Legal basis:Performance of a contract (Article 6(1)(b) GDPR); Legitimate interests (Article 6(1)(f) GDPR) — to operate an efficient and secure B2B platform.

4.2 Billing, payments, and account administration

Managing subscriptions, plan changes, free trials, and Founders Deal;
Processing payments through our payment provider;
Sending invoices and payment-related communications.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR); Compliance with legal obligations (Article 6(1)(c) GDPR), such as tax and accounting obligations in Cyprus.

4.3 Customer support and communication

Responding to support requests, bug reports, and feedback;
Communicating important information about your account or the Platform (service messages, security notices, changes to Terms or Privacy Policy).

Legal basis:Performance of a contract (Article 6(1)(b) GDPR); Legitimate interests (Article 6(1)(f) GDPR) — to provide quality customer support and maintain the Service.

4.4 Improving and securing the Platform

Monitoring performance and usage;
Debugging issues, preventing fraud and abuse, and improving security;
Analysing aggregated usage trends to make product decisions;
Providing profile view analytics to business users to help them understand engagement with their profile.

Legal basis:Legitimate interests (Article 6(1)(f) GDPR) — to improve, develop, and protect the Platform and our business.

4.5 Marketing and communication

Sending you newsletters, product updates, feature announcements, and offers related to Synergo;
Running limited campaigns to existing or potential B2B customers, where permitted.

Legal basis:Legitimate interests (Article 6(1)(f) GDPR) — for B2B direct marketing; Consent (Article 6(1)(a) GDPR) — where required by e-privacy or local law.

You can opt out of marketing emails at any time via the unsubscribe link in the email or by contacting us.

4.6 Compliance and legal obligations

Complying with legal obligations (e.g. tax, accounting, anti-fraud);
Responding to lawful requests from authorities, courts, or regulators;
Enforcing our Terms of Service and protecting our rights.

Legal basis:Compliance with legal obligations (Article 6(1)(c) GDPR); Legitimate interests (Article 6(1)(f) GDPR) — to protect our business and legal rights.

5. Cookies and similar technologies

We use cookies and similar technologies on our website and Platform to:

Enable essential functionality (login sessions, security, account navigation);
Remember your preferences (language, settings);
Analyse usage to improve the Platform and fix issues;
Support limited marketing and performance analytics (where permitted).

Where required by EU and Cyprus law, we will request your consent before placing non-essential cookies or similar tracking technologies on your device.

You can manage or delete cookies through your browser settings or by clicking here. If you block certain cookies, some features of the Platform may not function properly.

Name	Provider	Purpose	Duration	Type
sb-[ref]-auth-token	Supabase	Stores the user's authentication session token. Required to remain logged in across page loads.	7 days	Essential
sb-[ref]-auth-token-code-verifier	Supabase	PKCE code verifier used during OAuth/magic-link authentication flows. Discarded after login completes.	Session	Essential
cookie_consent	Synergo	Records which cookie categories you have accepted or rejected, and the timestamp of your choice. Used to honour your preferences on subsequent visits.	1 year	Essential
Analytics cookies (none currently active)	—	Would help us understand how users navigate the platform so we can improve the experience. No analytics cookies are set without your explicit consent.	Varies	Analytics
Marketing cookies (none currently active)	—	Would be used to measure the effectiveness of outreach and deliver relevant content. No marketing cookies are set without your explicit consent.	Varies	Marketing

[ref] is a short identifier derived from your Supabase project URL and will differ per environment (development vs. production).

6. How we share personal data

We do not sell your personal data.

We only share personal data in the following situations:

6.1 Service providers (processors)

We use third-party service providers who process personal data on our behalf to help us provide, operate, and improve Synergo, for example:

Provider	Purpose	Data processed	Location
Supabase Inc.	Database hosting, authentication, file storage	Account data, profile data, messages, files, authentication credentials	EU (Frankfurt, Germany)
Stripe, Inc.	Payment processing, subscription management	Billing name, email, payment method details, transaction history	EU / US (with SCCs)
Resend, Inc.	Transactional and notification emails	Email address, name	US (with SCCs)
Vercel Inc.	Web hosting, analytics, performance monitoring	IP address, browser data, usage analytics (with consent)	EU / US (with SCCs)

These providers process personal data on our behalf in accordance with our instructions and are bound by data processing agreements (DPAs). Where providers are located outside the EEA, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

6.2 Other Synergo users

Because Synergo is a B2B matchmaking and collaboration platform, certain information is visible to other users as part of normal use, for example:

Your business profile (company name, sector, location, basic information you choose to display);
Information included in "link" requests or project invitations;
Content you share directly with other users or within Projects.

You choose what business information to make visible and which Projects or links to join.

6.3 Legal and regulatory reasons

We may disclose personal data where necessary to:

Comply with a legal obligation or lawful request;
Protect our rights, property, or safety, or that of our users or third parties;
Detect, prevent, or address fraud, security, or technical issues.

6.4 Business transfers

In the event of a reorganisation, transfer, or sale of all or part of our business or assets, personal data may be transferred to the acquiring entity as part of the transaction, subject to appropriate safeguards and continuation of this or an equivalent Privacy Policy.

7. International transfers

Our main operations are in the European Union (Cyprus). However, some of our service providers may be located outside the European Economic Area (EEA).

When personal data is transferred outside the EEA, we will ensure that:

The destination country has been recognised by the European Commission as providing an adequate level of protection; or
Appropriate safeguards are in place (for example, Standard Contractual Clauses approved by the European Commission), together with additional measures where necessary.

You can contact us for more information about international transfers and the safeguards we use.

8. Data retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law. In general:

Account data is kept for as long as your account is active and for a reasonable period after closure (for example, to manage queries, enforce our rights, or comply with legal obligations).
Billing and transaction data is retained for the period required by tax and accounting laws in Cyprus.
Support communications are kept for as long as needed to manage your request and improve our services.
Technical and usage logs may be kept for a limited period for security, analytics, and platform improvement.

When data is no longer needed, we will either delete it securely or anonymise it so that it can no longer be linked to an identifiable person.

9. Your rights under GDPR

Subject to certain conditions and exceptions under applicable law, you have the following rights regarding your personal data:

Right of access: To obtain confirmation whether we process your personal data and, if so, to receive a copy and information about the processing.
Right to rectification: To request correction of inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten"): To request deletion of your personal data, for example where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent (if consent was the legal basis).
Right to restriction of processing: To request that we restrict processing in certain circumstances (e.g. while we verify accuracy or handle an objection).
Right to data portability: To receive certain personal data in a structured, commonly used, machine-readable format and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.
Right to object: To object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling; and to object at any time to processing for direct marketing.
Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

To exercise any of these rights, please contact us using the details in Section 1.

You also have the right to lodge a complaint with your local data protection authority. For Cyprus, this is the Office of the Commissioner for Personal Data Protection.

10. Children's data

Synergo is a B2B platform and is not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If you believe that we have collected such data, please contact us and we will take appropriate steps to delete it.

11. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or destruction. These measures may include:

Encryption in transit (HTTPS/TLS);
Access controls and authentication;
Regular backups;
Monitoring and logging;
Limiting access to personal data to authorised personnel and service providers.

However, no online service can guarantee absolute security. You are responsible for keeping your password and account credentials confidential.

12. Relationship with the Terms of Service

This Privacy Policy is part of, and is referenced by, our Terms of Service. Where the Terms of Service and this Privacy Policy address the same subject, the more specific provision will apply to privacy matters.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in the Platform, legal requirements, or our data practices.

When we make material changes, we will provide notice (for example, via email or in-app notification) and indicate the date of the latest update at the top of this page.

If you continue to use Synergo after the updated Privacy Policy becomes effective, you will be deemed to have accepted it. If you do not agree to the changes, you must stop using the Platform.

14. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of personal data, you can contact us at:

David Andrei Padure

Trade name: S.N. SYNERGO NETWORK

Registered address: 1η Απριλίου 6, Λευκωσία, Cyprus

Email: team@synergo.cy

Telephone: +357 96201506

Privacy Policy

Last updated: 02/03/2026

By using Synergo, you acknowledge that you have read and understood this Privacy Policy.

1. Who we are (data controller)

The data controller responsible for processing personal data described in this Privacy Policy is:

David Andrei Padure

Operating under the registered trade name (Εμπορική Επωνυμία): S.N. SYNERGO NETWORK

Registered address: 1η Απριλίου 6, Λευκωσία, Cyprus

Email: team@synergo.cy

For questions or requests related to this Privacy Policy, you can contact us by email.

2. Scope of this Privacy Policy

This Privacy Policy applies to:

Visitors to our website and landing pages;
Individuals who create or access a Synergo account on behalf of a business (e.g. owners, employees, contractors);
Individuals whose data may be entered into Synergo by our customers (e.g. team members, business contacts); and
Communication with us by email, forms, or other channels.

This Policy does not govern the content or contracts that Synergo users exchange directly between themselves (for example, NDAs or commercial contracts concluded outside the Platform).

3. Types of personal data we collect

3.1 Data you provide directly

When you interact with Synergo, you may provide us with:

Account and profile data: Name, surname, job title/role, business name, trade name, VAT or registration number (if applicable), business sector, country, city, business website, and any other profile information you choose to provide.
Contact details: Email address, phone number, communication preferences.
Authentication data: Passwords or other login credentials (stored securely, not in plain text).
Billing and subscription data: Billing name, billing address, VAT number (if applicable), subscription plan, payment-related information (handled via our payment processor).
Project and interaction data:Information you include in company profiles, "Projects", "link" requests, messages, attachments, files, notes, and other content you upload or share on the Platform.
Support and communication data: Information you provide when you contact us (e.g. support tickets, feedback, emails, or forms).

3.2 Data we collect automatically

When you use Synergo or visit our website, we may automatically collect:

Technical data: IP address, browser type and version, device type and operating system, language settings, approximate location (country/city based on IP), referral source.
Usage data: Log data about how you use the Platform (pages and screens visited, features used, time and date of access, clickstream data, error logs, performance data).
Profile interaction data:When you view another user's business profile on the Platform, we may record that interaction (including your user identifier and the time of the visit) to provide profile analytics features to business users. This data is processed on the basis of our legitimate interest in enabling useful business insights (Article 6(1)(f) GDPR).

This information is collected primarily through cookies, similar technologies, and server logs (see "Cookies and similar technologies" below).

3.3 Data we receive from third parties

We may receive personal data from:

Payment providers: Limited payment-related data (e.g. payment status, last four digits of card, transaction IDs) so we can manage subscriptions and invoicing.
Authentication or identity providers (if used): Basic profile information such as name, email, and profile picture if you choose to sign in via an external service.
Business contacts: If another Synergo customer invites you to a project or team, they may provide your name, email address, and role.

4. Purposes and legal bases for processing

4.1 Providing and operating the Platform

Creating and managing user accounts;
Providing core features (discovery, "links", projects, messaging, notifications);
Maintaining security, authentication, and access control.

Legal basis:Performance of a contract (Article 6(1)(b) GDPR); Legitimate interests (Article 6(1)(f) GDPR) — to operate an efficient and secure B2B platform.

4.2 Billing, payments, and account administration

Managing subscriptions, plan changes, free trials, and Founders Deal;
Processing payments through our payment provider;
Sending invoices and payment-related communications.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR); Compliance with legal obligations (Article 6(1)(c) GDPR), such as tax and accounting obligations in Cyprus.

4.3 Customer support and communication

Responding to support requests, bug reports, and feedback;
Communicating important information about your account or the Platform (service messages, security notices, changes to Terms or Privacy Policy).

Legal basis:Performance of a contract (Article 6(1)(b) GDPR); Legitimate interests (Article 6(1)(f) GDPR) — to provide quality customer support and maintain the Service.

4.4 Improving and securing the Platform

Monitoring performance and usage;
Debugging issues, preventing fraud and abuse, and improving security;
Analysing aggregated usage trends to make product decisions;
Providing profile view analytics to business users to help them understand engagement with their profile.

Legal basis:Legitimate interests (Article 6(1)(f) GDPR) — to improve, develop, and protect the Platform and our business.

4.5 Marketing and communication

Sending you newsletters, product updates, feature announcements, and offers related to Synergo;
Running limited campaigns to existing or potential B2B customers, where permitted.

Legal basis:Legitimate interests (Article 6(1)(f) GDPR) — for B2B direct marketing; Consent (Article 6(1)(a) GDPR) — where required by e-privacy or local law.

You can opt out of marketing emails at any time via the unsubscribe link in the email or by contacting us.

4.6 Compliance and legal obligations

Complying with legal obligations (e.g. tax, accounting, anti-fraud);
Responding to lawful requests from authorities, courts, or regulators;
Enforcing our Terms of Service and protecting our rights.

Legal basis:Compliance with legal obligations (Article 6(1)(c) GDPR); Legitimate interests (Article 6(1)(f) GDPR) — to protect our business and legal rights.

5. Cookies and similar technologies

We use cookies and similar technologies on our website and Platform to:

Enable essential functionality (login sessions, security, account navigation);
Remember your preferences (language, settings);
Analyse usage to improve the Platform and fix issues;
Support limited marketing and performance analytics (where permitted).

Where required by EU and Cyprus law, we will request your consent before placing non-essential cookies or similar tracking technologies on your device.

You can manage or delete cookies through your browser settings or by clicking here. If you block certain cookies, some features of the Platform may not function properly.

Name	Provider	Purpose	Duration	Type
sb-[ref]-auth-token	Supabase	Stores the user's authentication session token. Required to remain logged in across page loads.	7 days	Essential
sb-[ref]-auth-token-code-verifier	Supabase	PKCE code verifier used during OAuth/magic-link authentication flows. Discarded after login completes.	Session	Essential
cookie_consent	Synergo	Records which cookie categories you have accepted or rejected, and the timestamp of your choice. Used to honour your preferences on subsequent visits.	1 year	Essential
Analytics cookies (none currently active)	—	Would help us understand how users navigate the platform so we can improve the experience. No analytics cookies are set without your explicit consent.	Varies	Analytics
Marketing cookies (none currently active)	—	Would be used to measure the effectiveness of outreach and deliver relevant content. No marketing cookies are set without your explicit consent.	Varies	Marketing

[ref] is a short identifier derived from your Supabase project URL and will differ per environment (development vs. production).

6. How we share personal data

We do not sell your personal data.

We only share personal data in the following situations:

6.1 Service providers (processors)

We use third-party service providers who process personal data on our behalf to help us provide, operate, and improve Synergo, for example:

Provider	Purpose	Data processed	Location
Supabase Inc.	Database hosting, authentication, file storage	Account data, profile data, messages, files, authentication credentials	EU (Frankfurt, Germany)
Stripe, Inc.	Payment processing, subscription management	Billing name, email, payment method details, transaction history	EU / US (with SCCs)
Resend, Inc.	Transactional and notification emails	Email address, name	US (with SCCs)
Vercel Inc.	Web hosting, analytics, performance monitoring	IP address, browser data, usage analytics (with consent)	EU / US (with SCCs)

6.2 Other Synergo users

Because Synergo is a B2B matchmaking and collaboration platform, certain information is visible to other users as part of normal use, for example:

Your business profile (company name, sector, location, basic information you choose to display);
Information included in "link" requests or project invitations;
Content you share directly with other users or within Projects.

You choose what business information to make visible and which Projects or links to join.

6.3 Legal and regulatory reasons

We may disclose personal data where necessary to:

Comply with a legal obligation or lawful request;
Protect our rights, property, or safety, or that of our users or third parties;
Detect, prevent, or address fraud, security, or technical issues.

6.4 Business transfers

7. International transfers

Our main operations are in the European Union (Cyprus). However, some of our service providers may be located outside the European Economic Area (EEA).

When personal data is transferred outside the EEA, we will ensure that:

The destination country has been recognised by the European Commission as providing an adequate level of protection; or
Appropriate safeguards are in place (for example, Standard Contractual Clauses approved by the European Commission), together with additional measures where necessary.

You can contact us for more information about international transfers and the safeguards we use.

8. Data retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law. In general:

Account data is kept for as long as your account is active and for a reasonable period after closure (for example, to manage queries, enforce our rights, or comply with legal obligations).
Billing and transaction data is retained for the period required by tax and accounting laws in Cyprus.
Support communications are kept for as long as needed to manage your request and improve our services.
Technical and usage logs may be kept for a limited period for security, analytics, and platform improvement.

When data is no longer needed, we will either delete it securely or anonymise it so that it can no longer be linked to an identifiable person.

9. Your rights under GDPR

Subject to certain conditions and exceptions under applicable law, you have the following rights regarding your personal data:

Right of access: To obtain confirmation whether we process your personal data and, if so, to receive a copy and information about the processing.
Right to rectification: To request correction of inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten"): To request deletion of your personal data, for example where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent (if consent was the legal basis).
Right to restriction of processing: To request that we restrict processing in certain circumstances (e.g. while we verify accuracy or handle an objection).
Right to data portability: To receive certain personal data in a structured, commonly used, machine-readable format and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.
Right to object: To object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling; and to object at any time to processing for direct marketing.
Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

To exercise any of these rights, please contact us using the details in Section 1.

You also have the right to lodge a complaint with your local data protection authority. For Cyprus, this is the Office of the Commissioner for Personal Data Protection.

10. Children's data

11. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or destruction. These measures may include:

Encryption in transit (HTTPS/TLS);
Access controls and authentication;
Regular backups;
Monitoring and logging;
Limiting access to personal data to authorised personnel and service providers.

However, no online service can guarantee absolute security. You are responsible for keeping your password and account credentials confidential.

12. Relationship with the Terms of Service

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in the Platform, legal requirements, or our data practices.

When we make material changes, we will provide notice (for example, via email or in-app notification) and indicate the date of the latest update at the top of this page.

If you continue to use Synergo after the updated Privacy Policy becomes effective, you will be deemed to have accepted it. If you do not agree to the changes, you must stop using the Platform.

14. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of personal data, you can contact us at:

David Andrei Padure

Trade name: S.N. SYNERGO NETWORK

Registered address: 1η Απριλίου 6, Λευκωσία, Cyprus

Email: team@synergo.cy

Telephone: +357 96201506