Privacy Policy

1. Who We Are

1.1 Synelo is a UK-registered trading name that builds and operates software products for small and medium businesses. We are committed to protecting your personal data and being transparent about how we use it.

1.2 Our registered address is 71-75 Shelton Street, Covent Garden, London WC2H 9JQ. We are registered with the Information Commissioner's Office (ICO) under reference number ZC141512. If you have any questions about this Privacy Policy or about how we handle your personal data, you can contact us at hello@synelo.co.uk.

1.3 Synelo acts as the "data controller" in respect of personal data collected through this website (synelo.co.uk). This Privacy Policy explains what personal data we collect, on what legal basis, how we use it, who we share it with, how long we retain it, and what rights you have under the "UK GDPR" (the UK General Data Protection Regulation) and the Data Protection Act 2018.

1.4 This policy applies only to synelo.co.uk. Individual Synelo products, including RepSave at repsave.co.uk, operate under their own separate privacy policies. Please refer to the relevant product privacy policy before providing personal data on those sites.

2. Data We Collect — Website Visitors

2.1 When you visit synelo.co.uk, we do not collect any personal data by default simply as a result of your visit. No third-party cookies or tracking scripts are loaded by mere page load — all non-essential tools are activated only after you have given explicit consent via our cookie banner or preference modal.

2.2 If you enable analytics cookies (Analytics category), we collect the following data through Google Analytics 4 (GA4) — Measurement ID: G-M1FD3FT9WS:

• IP address (anonymised before storage — we do not store full IP addresses)
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referral source (how you arrived at our website)
• Approximate geographic location (country and city level only — not precise location)
• Device type (desktop, mobile, tablet)

2.3 Legal basis for GA4: Consent (UK GDPR Article 6(1)(a)). You may withdraw consent at any time — see section 9 and our Cookie Policy.

2.4 If you enable performance cookies (Performance category), we collect interaction and page performance data through Contentsquare. This includes scroll depth, click patterns, page load times, and session-level behavioural data. This data is used solely to improve the site experience and is not linked to any identifiable individual. Legal basis: Consent (UK GDPR Article 6(1)(a)).

2.5 If you enable marketing cookies (Marketing category), the Meta Pixel (Pixel ID: 2023409271546705) is loaded on synelo.co.uk. The Pixel records the pages you visit and transmits this data to Meta to enable measurement of advertising effectiveness and, where applicable, to allow us to reach relevant audiences through Meta platforms. Legal basis: Consent (UK GDPR Article 6(1)(a)). This data may be combined by Meta with data they hold about you from your use of their own services, subject to Meta's own privacy policy.

2.6 This data is not linked to any identifiable individual in our systems and is used solely to understand how visitors use this website and to improve its content, design, and advertising effectiveness. All analytics, performance, and marketing data collection is opt-in only.

3. Data We Collect — Contact Form

3.1 When you submit the contact form on synelo.co.uk, we collect the following personal data:

• Your name
• Your email address
• The topic of your enquiry (selected from a dropdown)
• Your message

3.2 Legal basis: Legitimate interests (UK GDPR Article 6(1)(f)). Our legitimate interest is to receive and respond to enquiries from people who contact us voluntarily and specifically to get in touch. We have assessed that this interest is not overridden by your data protection rights, given that you have actively chosen to submit the form and the data is used only to respond to your enquiry.

3.3 We do not use contact form data for marketing purposes unless you have explicitly requested information about a Synelo product and have indicated that you wish to receive further communications.

4. How We Use Personal Data

4.1 We use the personal data we collect for the following specific purposes only:

• Responding to enquiries — to receive, review, and reply to messages submitted via the contact form.
• Website improvement — to understand how visitors navigate and use this website, enabling us to improve its structure, content, and performance (only where analytics consent has been given).
• Legal and regulatory compliance — to fulfil any obligations required of us by applicable law, regulation, or legal process.

4.2 We do not use your personal data for automated decision-making or profiling. We do not use your personal data for advertising or marketing purposes without your explicit consent. We do not sell, rent, or trade your personal data to any third party under any circumstances.

5. Data Sharing and Third-Party Processors

5.1 We share personal data only with the following carefully selected third-party processors, each of whom is bound by a data processing agreement and required to process data only on our documented instructions:

• Supabase — provides database hosting for contact form submissions. Data is stored in the EU (eu-west-1 region). Supabase processes data solely to store and make available the contact form submissions we receive.
• Google Analytics (GA4) — provides website analytics (Analytics category). Google Analytics is only loaded after you have given explicit consent. Google acts as a data processor in respect of analytics data. Data may be transferred to Google's servers in the United States under Standard Contractual Clauses.
• Contentsquare — provides page performance and visitor interaction analytics (Performance category). Contentsquare is only loaded after you have given explicit performance consent. Data may be transferred outside the UK under Standard Contractual Clauses.
• Meta (Facebook) — provides advertising measurement and audience targeting via the Meta Pixel (Marketing category). The Meta Pixel is only loaded after you have given explicit marketing consent. Data is transferred to Meta's servers in the United States under Standard Contractual Clauses. Meta acts as an independent controller in respect of data they receive through the Pixel.
• Cloudflare — provides website hosting, content delivery (CDN), and security services including DDoS protection. Cloudflare may process certain technical data (such as IP addresses) as part of routing and security functions.

5.2 We do not share personal data with advertisers, data brokers, or marketing networks beyond the consent-gated tools described above. We do not share personal data with any third party for their own independent purposes without your explicit consent.

6. International Data Transfers

6.1 Synelo is a UK-based business and we are subject to UK GDPR. Some of our third-party processors operate internationally, which may result in your personal data being transferred outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place:

• Supabase — database storage is hosted in the EU (eu-west-1 region). No transfer outside the UK/EU is made for database storage.
• Google Analytics 4 — Google may transfer analytics data to servers in the United States and other countries. These transfers are covered by Standard Contractual Clauses (SCCs) approved by the UK ICO as an appropriate safeguard under UK GDPR.
• Contentsquare — data may be processed on servers outside the UK. Contentsquare is certified under applicable data transfer frameworks and operates under Standard Contractual Clauses.
• Meta (Facebook) — Pixel data is transferred to Meta's servers in the United States. This transfer is covered by Standard Contractual Clauses approved by the UK ICO.
• Cloudflare — Cloudflare operates a global network. Transfers are covered by Standard Contractual Clauses and Cloudflare's UK GDPR data processing addendum.

6.2 All international transfers involving your personal data are subject to the safeguards required by UK GDPR Article 46. You may request a copy of the relevant safeguard documentation by contacting us at hello@synelo.co.uk.

7. Retention Periods

7.1 We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law. Our specific retention periods are:

• Website visitor analytics data (GA4): Retained for a maximum of 14 months within Google Analytics, after which it is automatically deleted by Google. We do not export or archive raw GA4 data.
• Contact form submissions: Retained for up to 12 months from the date the submission was received. After this period, submissions are deleted from our database. We may retain submissions for longer if they are the subject of an ongoing legal matter or regulatory obligation.

7.2 We do not retain any other categories of personal data collected through this website beyond these periods.

8. Your Rights Under UK GDPR

8.1 Under UK GDPR, you have the following rights in relation to personal data we hold about you. These rights apply subject to certain conditions and exceptions under applicable law:

• (a) Right of access — you have the right to request a copy of the personal data we hold about you (a "subject access request").
• (b) Right to rectification — you have the right to request that we correct any personal data that is inaccurate or incomplete.
• (c) Right to erasure — you have the right to request that we delete your personal data where there is no compelling reason for us to continue processing it.
• (d) Right to data portability — where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
• (e) Right to object — you have the right to object to processing of your personal data that is based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• (f) Right to restriction — you have the right to request that we restrict how we process your personal data in certain circumstances (for example, while accuracy is being verified).
• (g) Right not to be subject to solely automated decision-making — you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. We do not carry out any such processing.

8.2 To exercise any of these rights, please email hello@synelo.co.uk with the subject line "Data Rights Request". We will acknowledge receipt within 5 working days and provide a substantive response within 30 calendar days of receipt (which may be extended by up to 2 additional months where the request is complex, in which case we will notify you). We may ask you to verify your identity before processing your request.

9. Cookies

9.1 We use cookies and similar technologies on synelo.co.uk only with your explicit consent. When you first visit this website, a consent banner is displayed at the bottom of the page. No analytics, performance, or marketing cookies are set unless you explicitly enable them — either by clicking "Accept All" or by enabling individual categories in the preference modal. You may also update your preferences at any time using the preference centre on our Cookie Policy page.

9.2 Your consent choices are stored in localStorage under the key synelo_consent as a JSON object recording your individual category preferences. You may withdraw or update your consent at any time. See our Cookie Policy for full details of the cookies we use, what data they collect, and how to manage your consent.

10. Security

10.1 We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include:

• TLS (Transport Layer Security) encryption for all data transmitted between your browser and synelo.co.uk.
• Encrypted storage for database records held through Supabase.
• Restricted access controls — personal data held in our systems is accessible only to those who need it to carry out their responsibilities.
• Regular review of our security practices and those of our third-party processors.

10.2 No method of transmission over the internet or method of electronic storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it, as required by UK GDPR Article 33. Where a breach is likely to result in a high risk to you, we will also notify you directly without undue delay, as required by UK GDPR Article 34.

11. Children

11.1 This website is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal data from children. If you are under 18, please do not submit any personal data through this website. If you believe that a child has submitted personal data to us through this website, please contact us immediately at hello@synelo.co.uk and we will take steps to delete that data as soon as reasonably practicable.

12. Links to Other Websites

12.1 This website contains links to Synelo products — including RepSave at repsave.co.uk — and may contain links to other external websites. This Privacy Policy applies solely to personal data collected through synelo.co.uk. It does not apply to any other website, including websites operated by Synelo as separate products. Those websites operate under their own privacy policies, which we encourage you to read carefully before providing any personal data on those sites. We are not responsible for the privacy practices of any third-party website.

13. Changes to This Policy and How to Complain

13.1 We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the services we offer. When we make changes, the revised policy will be published on this page with an updated "Last updated" date. Where changes are material, we will provide a prominent notice on this website. We encourage you to review this policy periodically.

13.2 You have the right to lodge a complaint about our processing of your personal data with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters. You can contact the ICO at ico.org.uk, by telephone on 0303 123 1113, or by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Our ICO reference number is ZC141512.

13.3 We would welcome the opportunity to address any concerns you have before you contact the ICO. Please contact us first at hello@synelo.co.uk and we will do our best to resolve the matter promptly. This Privacy Policy was last updated on 23 May 2026.