Privacy
Policy

Last Updated: March 10, 2026

Effective Date: March 10, 2026

Introduction

This Privacy Policy describes how the Company collects, uses, stores, and otherwise processes Personal Data when you use the Company’s Services, including the mobile application and the Site.

In this Privacy Policy, “Company”, “we”, “our”, or “us” means the legal entity operating the Services.

In this Privacy Policy, “User”, “you”, or “your” means the individual who accesses or uses the Services.

The words he/she and their derivatives in the text of the document can be applied to either a male person or a female person, depending on the context of the document.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Definitions

1.1. Personal Data means any information that directly or indirectly allows you to identify the User. For example, first name, last name, phone number, and IP address.

1.2. Services means the Company’s informational and tracking services provided to the User through the App and/or the Site, including access to features such as calendars, event tracking, analytics, progress tracking, and user-generated content functionality, as available from time to time.

1.3. Company means Syndicate Inc s.r.o., Registration No.: 19384157, address: Lohniského 901/7, Hlubočepy, 152 00, Praha 5, Czech Republic, email: [email protected], website: sndct.app, which provides the Services to the User.

1.4. Site means the Company’s website located at: https://sndct.app/ (including any subdomains and related pages).

1.5. App means the Company’s mobile application “Syndicate” (sndct.app) made available for download and use on supported mobile devices (as updated from time to time).

1.6. Account means the User’s registered profile within the Services created by the User during registration, which is associated with the User’s login credentials (for example, email) and may include profile settings, preferences, and activity history.

1.7. User is an individual or legal entity to whom the Company provides Services.

1.8. Third Party means a natural or legal person, government agency, institution or body besides the Company or the User, the Controller or the Processor.

1.9. Controller means any natural or legal person, government agency, institution, or other body that independently determines the purposes and means of personal data processing.

1.10. Processor means a natural or legal person, government agency, institution, or other body that processes Personal Data on behalf of and behalf of the Controller.

1.11. Cookies means small text files and similar technologies (including SDK identifiers and tags) that are stored on your device or accessed by your browser when you visit the Site or use the Services, and that enable the Site/Services to recognize your device, remember your preferences, maintain sessions, support security features, and collect usage and analytics information.

1.12. User’s Consent (hereinafter “Consent”) means a voluntary, specific, informed, and unequivocal expression of will, in which the User using a statement or explicit affirmative action agrees to the processing of his Personal Data and to comply with the terms of this Privacy Policy.

1.13. Synpoints means internal, non-transferable, non-withdrawable and non-redeemable reward points credited to the User’s Account within the Services for eligible activity, tasks, interactions, campaigns or other actions determined by the Company from time to time.

2. General
Provisions

2.1. The Service processes and stores Data on the basis of the following legal acts:

2.1.1. Compliance with the principles of lawfulness, fairness, and transparency in accordance with the General Data Protection Regulation (GDPR);

2.1.2. Compliance with applicable U.S. privacy and data protection laws and regulations, including the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (CCPA/CPRA), as a commonly used U.S. privacy compliance framework, and other relevant U.S. federal and state privacy laws, to the extent they apply to the Company’s processing of Personal Data of users located in the United States.

2.2. The Service shall not be held responsible for the processing of Personal Data by any Third Parties that are not controlled by or affiliated with the Service.

2.3. The Company acts as a Processor in relation to the processing of Personal Data that it receives from the User during the provision of Services to him.

3. Personal
Data

3.1. The Company may receive the following Personal Data about the Users:

3.1.1. Account Data: email address; username (if used); account status information.

3.1.2. Profile Data: profile photo/avatar; country and other optional profile details provided by the User.

3.1.3. Authentication Data: authentication tokens and similar identifiers used to maintain login sessions.

3.1.4. Usage and Activity Data: information about how the User uses the App and/or the Site (for example, interactions with features, events, progress tracking, settings and preferences). Such data may be linked to the User’s account and/or technical identifiers.

3.1.5. Synpoints Data: information relating to the accrual, balance, use, adjustment, cancellation, restriction and history of Synpoints within the User’s Account, including eligible activity, completed tasks, engagement actions, participation in campaigns connected with Synpoints, internal use of Synpoints, timestamps, related identifiers and fraud-prevention indicators

3.1.6. User-Generated Content Data: content and related metadata submitted by the User, including posts, comments, photos, videos, likes and other interaction signals, as well as timestamps and related identifiers.

3.1.7. Communications and Support Data: messages, requests, bug reports, feedback, and other communications with the Company, including any information the User provides in such communications.

3.1.8. Device and Technical Data: IP address; device type; operating system; application version; language/locale; user agent; device identifiers and similar technical identifiers.

3.1.9. Location Data: country and approximate location derived from IP address and/or country settings.

3.2. The Company purposefully does not process the User’s banking data, and such data is processed exclusively by the payment system, which is used to receive payments. The Company may process payment data solely to resolve disputes and/or to comply with the requirements of the legislature and/or the decision of the judicial/executive authority.

3.3. The Company does not collect or process sensitive Personal Data of Users, such as race or ethnic origin, political views, religious or philosophical beliefs, union membership, genetic or biometric data, health information, sexual life or sexual orientation.

3.4. When visiting the Site or receiving Services, Company may collect the following Personal Data automatically:

3.4.1. IP address.

3.4.2. device type; operating system; language/locale; user agent; application version; and similar technical identifiers.

3.4.3. country and approximate location derived from IP address and/or device settings.

3.4.4. information about how you interact with the Site, such as the pages you view, the dates and times of access, referring/exit pages, page response time, and error logs.

3.4.5. information about how you interact with the App, such as the screens or features you use, event/calendar interactions, progress tracking actions, preferences and settings, and error logs.

3.5. The Company has the right to collect and receive Personal Data as follows:

3.5.1. Directly from the User: when the User registers an account, logs in, completes or updates a profile, submits user-generated content, communicates with support, provides feedback, or otherwise provides information while using the Services.

3.5.2. Automatically: when the User accesses or uses the App and/or the Site, including through log files and similar technologies, to collect device and technical data, IP address, and usage information necessary to operate, secure, and analyze the Services.

3.5.3. From Third Parties: from the Company’s service providers and partners that support the Services (for example, analytics, attribution, push notification, and error tracking providers), to the extent such data is provided to the Company in connection with the User’s use of the Services.

3.6. The Company has the right to use Personal Data for the following purposes:

3.6.1. Provision of the Services: to create and administer accounts, provide access to features of the App and the Site, and enable the User to use the Services.

3.6.2. Synpoints: to calculate, accrue, display, adjust, cancel, restrict and otherwise administer Synpoints within the User’s Account, verify eligible activity, process the internal use of Synpoints, provide available internal benefits, discounts, access rights or other functionality connected with Synpoints, and maintain related records.

3.6.3. Security and Fraud Prevention: to protect the Services, prevent abuse, detect and investigate suspicious activity, enforce restrictions (including on links and content), and maintain the integrity and safety of the community.

3.6.4. Analytics and Service Improvement: to analyze usage of the App and the Site, troubleshoot issues, test and improve functionality, and develop new features.

3.6.5. Communications and Support: to respond to inquiries, provide customer support, send service-related notifications (including push notifications), and communicate important updates about the Services and this Privacy Policy.

3.6.6. Compliance and Legal Claims: to comply with applicable law, respond to lawful requests from authorities, and establish, exercise, or defend legal claims, investigations, and dispute resolution.

3.7. In particular, our application may collect and process the following categories of data:

Data Category Data Type (examples) Data Processing Data Transferring (to Third Parties) Purpose of Data Processing
Account Data Email; username (if used); account status Yes Yes (hosting / infrastructure) Account creation, authentication, account administration
Profile Data Avatar/photo; country; optional profile details Yes Yes (hosting / infrastructure) Profile setup, personalization, user experience
Authentication Data Auth token; session identifiers Yes No (by default) Login/session management, security
Usage and Activity Data Feature usage; event/calendar interactions; progress tracking actions; settings/preferences; timestamps Yes Yes (analytics/attribution providers) Service functionality, analytics, performance, product improvement
Device and Technical Data IP address; device type; OS; app version; locale/language; user agent; similar technical identifiers Yes Yes (analytics/attribution; error tracking; hosting) Security, fraud prevention, debugging, analytics, service stability
Location Data (Approximate) Country / approximate location derived from IP and/or device settings Yes Yes (analytics; hosting) Localization, security, fraud prevention, analytics
User-Generated Content (UGC) Posts; comments; photos; videos; likes and related metadata Yes Yes (content moderation/validation service, if used) Community features, content display, moderation and enforcement
Communications & Support Data Bug reports; requests; messages; feedback Yes Yes (error tracking / support tooling, if used) User support, issue resolution, service improvement
Website Analytics Data (Site) Website interaction data (pages viewed; timestamps; referrer/exit; errors) Yes Yes (Google Analytics; Matomo) Website analytics, performance, marketing measurement
Marketing Communications Data (Site / email) Email marketing subscription data; campaign interaction (if used) Yes Yes (Klaviyo) Email communications and marketing (where enabled)
Financial Data Payment card/banking data No No Not collected/processed by the Company
Blockchain / Wallet Data Wallet integration data; blockchain transaction data No No Not collected currently (possible future: only public wallet address, if enabled)

4. Transfer of
Personal Data

4.1. The Company may transfer Personal Data to entities with which the Company cooperates in the implementation and provision of Services:

4.1.1. Service Providers (Subprocessors): the Company may share Personal Data with vendors that support the operation of the App and the Site, including analytics and attribution providers (Firebase, AppsFlyer), push notification services (Firebase), and error monitoring/technical diagnostics tools used by the Company on its own servers (Sentry-like internal error tracking), as well as hosting and infrastructure providers (Hetzner, DigitalOcean). Such transfers are made to provide, secure, maintain, and improve the Services.

4.1.2. Marketing Communications Providers: the Company may share limited Personal Data (such as email address and engagement data) with email marketing providers (Klaviyo) where the User has opted in to receive such communications or where otherwise permitted by applicable law.

4.1.3. Payment Service Providers: the Company does not currently provide paid Services and does not process payment card or banking data. If paid features are introduced in the future, payments may be processed by third-party payment service providers, and Personal Data may be transferred to such providers as necessary to process payments and comply with applicable law.

4.1.4. Corporate Transactions: the Company may disclose or transfer Personal Data in connection with a merger, acquisition, sale of assets, financing, reorganization, bankruptcy, or similar transaction, subject to applicable law and appropriate safeguards.

4.1.5. Legal and Law Enforcement Requests: the Company may disclose Personal Data to courts, law enforcement, regulators, or other public authorities where required by law or in response to valid legal process, and to establish, exercise, or defend legal claims.

4.2. All transfers of Personal Data are carried out in accordance with the principles of data minimization, lawfulness, fairness, proportionality, purpose limitation, and appropriate security safeguards, as required by this Privacy Policy and applicable data protection laws.

5. User Consent

5.1. Where the processing of Personal Data is based on Consent, the User provides voluntary, informed, specific, and unambiguous Consent to such processing by performing one or more of the following actions through the App and/or the Site:

5.1.1. creating an account and confirming acceptance of this Privacy Policy by checking the relevant checkbox (or using an equivalent technical method) during registration;

5.1.2. providing additional optional information in the App (for example, profile details) after being presented with the relevant notice(s);

5.1.3. enabling optional features or settings that require Consent (for example, marketing communications or non-essential analytics, where applicable) through the relevant interface controls;

5.1.4. giving Consent to the processing of Personal Data related to Synpoints where such Consent is required under applicable law, including where the processing relates to optional analytics, optional notifications, marketing communications, or other optional processing activities connected with Synpoints and not strictly necessary for the provision of the core Services;

5.1.5. confirming Consent through another technical method made available by the Company (for example, an in-app form or email confirmation), where applicable.

5.2. The Company may request that the User renew or reconfirm Consent where required by applicable law or where the scope of processing materially changes.

5.3. If the Company updates this Privacy Policy, it may notify the User in the App and/or on the Site. Continued use of the Services after such notice may indicate acknowledgment of the updated Privacy Policy. However, where Consent is required by applicable law, the Company will request such Consent through an affirmative action (for example, a checkbox or equivalent control).

6. Personal Data Storage
& Protection

6.1. The Company uses appropriate technical and organizational measures to protect Personal Data, ensure its confidentiality, and prevent loss, unauthorized access, or unlawful disclosure.

6.2. The Company protects Personal Data against: loss; unauthorized access or use; unlawful transfer or disclosure; alteration; deletion; and destruction.

6.3. The Company may use, in particular, the following measures (including those aligned with Article 32 GDPR, where applicable):

6.3.1. pseudonymization and, where appropriate, encryption of Personal Data;

6.3.2. measures to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services;

6.3.3. regular testing, assessment, and evaluation of the effectiveness of technical and organizational security measures.

6.4. Storage Location: the Company stores and processes Personal Data using servers and infrastructure providers located in Germany, including Hetzner and DigitalOcean.

6.5. Deletion Requests: where the User exercises the right to erasure under applicable law (including Article 17 GDPR, where applicable), the Company will delete the relevant Personal Data unless retention is required or permitted by law (for example, for legal compliance, security, fraud prevention, or the establishment, exercise, or defense of legal claims).

6.6. Personal Data related to Synpoints may be deleted, anonymized or retained in accordance with the same rules, depending on the nature of the relevant data and the applicable legal basis for retention. The Company may retain records relating to the accrual, use, adjustment, cancellation or restriction of Synpoints where such retention is necessary for security, fraud prevention, abuse detection, enforcement of the Company’s terms and policies, dispute resolution, legal compliance or the establishment, exercise or defense of legal claims.

6.7. Retention Period: the Company may retain Personal Data for up to 3 (three) years after termination of the relationship with the User, to the extent necessary:

6.7.1. to comply with applicable legal obligations;

6.7.2. to ensure security, prevent fraud and abuse, and enforce the Company’s terms and policies;

6.7.3. to maintain records relating to Synpoints where such records are necessary to verify account activity, prevent abuse, resolve disputes, enforce the Company’s terms and policies, or establish, exercise or defend legal claims;

6.7.4. to establish, exercise, or defend legal claims;

6.7.5. to maintain business records and internal accounting; and

6.7.6. to create aggregated and/or anonymized statistics, where applicable.

7. Grounds for Personal
Data Processing

7.1. The Company processes Personal Data based on one or more legal grounds, as applicable:

7.1.1. the User’s Consent, where such Consent is required under applicable law for specific processing activities

7.1.2. necessity to provide the Services and administer the Account, including enabling core functionality and performing the Company’s obligations to the User

7.1.3. the Company’s legitimate interests, including operating, maintaining, securing, and improving the Services, preventing fraud and abuse, enforcing the Company’s policies, and conducting internal analytics, provided that such interests are not overridden by the User’s rights and freedoms

7.1.4. compliance with applicable law, including responding to lawful requests from competent authorities

7.1.5. necessity for the Company’s legitimate business needs in connection with corporate transactions, including a merger, acquisition, financing, reorganization, sale of assets, or bankruptcy, subject to applicable law and appropriate safeguards.

7.2. Where processing is based on the User’s Consent, the User may withdraw such Consent at any time by emailing: [email protected] Withdrawal of Consent does not affect the lawfulness of processing carried out before the withdrawal. If the User withdraws Consent for processing that is strictly necessary to provide the Services, the Company may be unable to continue providing the Services and may terminate or restrict access to the Services. The Company will stop the relevant processing without undue delay and, in any case, within 15 (fifteen) business days from the date the Company verifies and records the withdrawal request, unless a longer period is permitted or required by applicable law.

8. User Rights

8.1. This section of the Privacy Policy governs the processing of Personal Data belonging to Users who are residents of the member states of the European Economic Area (EEA), in accordance with the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR). The processing of such Users’ Personal Data is carried out on lawful grounds and in compliance with the principles of lawfulness, transparency, proportionality, purpose limitation, and data minimization as set forth by the GDPR.

8.2. When processing personal and statistical data, the Service grants the User the following rights:

8.2.1. Right of access (Article 15 GDPR). The User may contact us directly to access the Personal Data we hold about them, as well as any additional information provided for in Article 15 of the General Data Protection Regulation (GDPR).

8.2.2. Right to erasure (Article 17 GDPR). The User has the right to request the deletion of their Personal Data. In such a case, the Data will be permanently deleted in accordance with Article 17 GDPR, unless legal exceptions apply.

8.2.3. Right to data portability (Article 20 GDPR). The User has the right to receive their Personal Data in a structured, commonly used, and machine-readable format and to transmit it to another controller or request its direct transmission to a third party, where technically feasible, pursuant to Article 20 GDPR.

8.2.4. Right to rectification (Article 16 GDPR). The User has the right at any time to request the update, correction, or completion of inaccurate or incomplete Personal Data in accordance with Article 16 GDPR.

8.2.5. Right to object (Article 21 GDPR). The User has the right to object at any time to the processing of their Personal Data on grounds relating to their particular situation, pursuant to Article 21 GDPR.

8.2.6. Automated individual decision-making, including profiling (Article 22 GDPR). The User has the right not to be subject to a decision based solely on automated processing, including profiling, if such a decision produces legal effects concerning them or similarly significantly affects them, as set forth in Article 22 GDPR.

9. User Rights (USA)

9.1. This section of the Privacy Policy regulates the procedure for processing personal data of Users who are residents of the United States of America, taking into account the requirements of the legislation of individual U.S. states on the protection of personal information, in particular the California Consumer Privacy Act (CCPA/CPRA).

9.2. This section applies to Users who are residents of the United States of America. Within the framework of applicable legislation, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), Users have the right to exercise the following rights with respect to their Personal Data:

9.2.1. Right of access. The User has the right to request which Personal Data about them is stored by the Service, as well as to learn about the purpose of its processing, its source, and the categories of third parties to whom it may have been disclosed.

9.2.2. Right to deletion. The User has the right to request full deletion of their Personal Personal Data, except in cases where its retention is necessary under applicable law.

9.2.3. Right to rectification. The User has the right to update, change, or supplement inaccurate or incomplete Personal Data stored by the Service.

9.2.4. Right to data portability. The User has the right to receive a copy of their Personal Data in a commonly used machine-readable format and to transfer this data to another service provider upon request.

9.2.5. Right to object. The User may object at any time to the processing of their Personal Data, including for marketing or analytical purposes.

9.2.6. Right to withdraw Сonsent. The User has the right to withdraw previously given consent to the processing of Personal Data. In such a case, the Service reserves the right to discontinue the provision of Services.

10. Submission
of Request

10.1. A User in any jurisdiction has the right to submit a request to the Company if he believes that his rights have been violated by writing a request in writing to the support of the Company at the address: [email protected]

10.2. The User’s request must contain accurate information about the requirements for the Company. If the exact requirements are not specified in the request, the Company has the right to refuse to fulfill the request.

10.3. We will not be able to respond to your request or provide you with Personal Data unless we can verify your identity and confirm that the Personal Data belongs to you. In case of receiving a request with inaccurate information and/or in case of inability to confirm the User’s identity, the Company has the right not to process the received request and contact the User for clarification. In case of receiving a response to a request for clarifications, the User must provide a new corrected request or submit a new request.

10.4. The Company must respond to the request or fulfill the conditions set forth in the request within 21 (twenty one) business days from the moment of its receipt.

11. Responsibility

11.1. The User acknowledges that the provision of the Services requires the processing of certain Personal Data. If the User does not agree with this Privacy Policy, the User must not access or use the Services.

11.2. The Company is responsible for processing Personal Data in accordance with this Privacy Policy and applicable data protection laws. At the same time, the Company does not and cannot guarantee that any processing of data by Third Parties outside the Company’s control will be fully secure or compliant with the User’s expectations.

11.3. The Company may use service providers that support the operation of the Services (including analytics, attribution, push notification, hosting, and error monitoring providers). Such providers may process Personal Data on the Company’s instructions and for the purposes described in this Privacy Policy. The Company remains responsible for selecting such providers and implementing contractual and technical safeguards required by applicable law. However, the Company is not responsible for any unauthorized actions or security incidents caused by circumstances beyond the Company’s reasonable control, including vulnerabilities in third-party infrastructure, telecommunications networks, or the User’s device, provided the Company has implemented appropriate safeguards required by law.

11.4. The Company is not responsible for the processing of Personal Data by independent Third Parties where such processing is not controlled by or affiliated with the Company, including in the following cases:

11.4.1. the User follows external links from the Services or uses third-party websites, services, or integrations that operate under their own privacy policies;

11.4.2. the User independently discloses Personal Data to Third Parties (for example, by posting it publicly, sending it in messages, or sharing it outside the Services);

11.4.3. Third Parties collect data directly from the User’s device or browser through technologies that are not managed by the Company.

11.5. The Services may include community functionality and user-generated content. The User is solely responsible for the Personal Data they choose to publish or otherwise make available through such functionality. The Company is not responsible for any consequences resulting from the User’s voluntary disclosure of Personal Data through public posts, comments, photos, videos, or other content.

11.6. The Company does not trade cryptocurrency and does not provide exchange, brokerage, dealing, custody, or wallet services. The Company does not process payment card or banking data for the Services. Any decisions the User makes based on information available through the Services remain the User’s responsibility.

11.7. Synpoints are internal functionality within the Services. The Company may process Personal Data related to Synpoints only for the purposes described in this Privacy Policy, including the operation of the User’s Account, recording the accrual, balance, use, adjustment, cancellation or restriction of Synpoints, preventing fraud and abuse, providing support, complying with applicable law, and establishing, exercising or defending legal claims. The processing of Personal Data related to Synpoints does not mean that the Company processes payment card data, banking data, cryptocurrency wallet data, blockchain transaction data or any external financial account data of the User.

11.8. Although the Company applies reasonable and appropriate security measures, the transmission of information over the Internet and mobile networks cannot be completely secure. The User acknowledges that they transmit Personal Data at their own risk when using networks and devices that may be compromised or insecure.

12. Cookie

12.1. Cookies and similar tracking technologies used on the Site and, where applicable, within the App (including third-party analytics and attribution technologies) are governed by the Company’s Cookie Policy, which describes what technologies are used, for what purposes, and how you can manage your choices and preferences.

13. Confirm Policy

13.1. The Services are intended only for individuals who are 18 years of age or older. The Company does not knowingly collect or process Personal Data of minors.

13.2. If the Company becomes aware that a person under 18 years has provided Personal Data or used the Services, the Company has the right to delete such Personal Data and to suspend or terminate access to the Services, without prior notice, to the extent permitted by applicable law.

13.3. If you believe that a person under 18 has used the Services or provided Personal Data, please contact the Company at: [email protected]

14. Privacy Policy
Change

14.1. We have the right to periodically make changes to the Privacy Policy, the security of Personal Data, and compliance with the requirements of the laws of the jurisdiction in which we operate.

14.2. The User is obliged to familiarize himself with the new terms of the Privacy Policy and the Company is not responsible if the User has not familiarized himself with the new terms of the Privacy Policy.

14.3. The Company updates the date of changes to the current version of the Privacy Policy in the “Updated” line at the top of the document.

14.4. Our digital or otherwise stored copies of the Privacy Policy are considered true, complete, valid, and enforceable and in effect, at the time you visit the Site.

15. Contacts

15.1. The User has the right to contact the Company support service at:[email protected] to ensure his rights, in accordance with the terms of this Privacy Policy, or in case of violation of his rights, or to leave feedback or ask a question.