Login Get License

GDPR Compliance

Our Commitment to EU Data Protection

GDPR Compliance

Last updated: May 14, 2026

Syfty LLC ("we," "us," or "our") is committed to compliance with the European Union's General Data Protection Regulation (GDPR, Regulation (EU) 2016/679). This page summarises how we apply GDPR principles to the personal data we process on behalf of our customers and end users.

1. SCOPE

This statement applies to personal data of natural persons located in the European Economic Area (EEA), the United Kingdom, and Switzerland, processed by Syfty in connection with our products and services.

2. LAWFUL BASIS FOR PROCESSING

We process personal data only when we have a lawful basis to do so, including:

  • Contract: processing necessary to provide our services and fulfil our agreements with customers.
  • Legitimate interest: security, fraud prevention, and service improvement, balanced against your rights.
  • Legal obligation: compliance with applicable laws and regulations.
  • Consent: where explicit consent has been provided (e.g., for biometric processing).

3. DATA SUBJECT RIGHTS

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request erasure of your personal data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local supervisory authority.

To exercise these rights, contact us at the address below. We will respond within one month, in accordance with Article 12 GDPR.

4. BIOMETRIC AND SURVEILLANCE DATA

Our products may process facial recognition and other biometric data on behalf of our customers (controllers). Where Syfty acts as a processor, the customer is responsible for establishing a lawful basis (including any required explicit consent under Article 9 GDPR) and for providing appropriate notice to data subjects.

5. INTERNATIONAL TRANSFERS

Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs).

6. DATA RETENTION

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Customer-controlled data is retained according to the customer's configuration; account data is deleted within 30 days of account termination.

7. SECURITY

We apply appropriate technical and organisational measures — including encryption in transit and at rest, role-based access control, and regular security reviews — to protect personal data against unauthorised access, alteration, disclosure, or destruction.

8. DATA PROTECTION CONTACT

For data protection enquiries or to exercise your rights, contact us at admin@syfty.io.

This page provides a high-level overview. For full details on what we collect and how we use it, please see our Privacy Policy.

Questions about this document? Contact us