Privacy Policy

Scope of This Policy

This Privacy Policy explains how SynthLink collects, uses, stores, discloses, and protects personal information in connection with the SynthLink website, API, documentation, access request flows, communications, and related services.

This Policy applies to information that identifies, relates to, describes, or could reasonably be linked with an individual or identifiable contact. It does not govern information that has been irreversibly anonymized or aggregated so that it can no longer reasonably identify a person.

Categories of Information We Collect

Depending on how you interact with the Service, SynthLink may collect identifiers, professional or account-related information, technical information, and usage records. This may include your name, email address, organization, intended API use case, billing or commercial contact details, IP address, device and browser metadata, API request metadata, access timestamps, error logs, and support communications.

We may also collect security-related and operational information such as authentication attempts, rate-limit events, abuse signals, key status, request volume patterns, and system diagnostics that help us protect the Service and investigate incidents.

Sources of Information

We collect information directly from you when you submit an access request, communicate with us, use the website, use the API, respond to emails, or otherwise interact with the Service.

We also collect information automatically through server logs, infrastructure telemetry, analytics tools, security tooling, fraud and abuse prevention systems, and service providers that help us operate the platform.

How We Use Information

SynthLink uses personal information where reasonably necessary to provide, secure, maintain, analyze, and improve the Service; review and respond to access requests; issue and manage API credentials; authenticate users; enforce limits and policies; investigate abuse; communicate operational or legal notices; respond to support inquiries; and comply with legal obligations.

We may also use information to understand demand, evaluate product quality, diagnose failures, detect anomalous usage, prevent fraud, reduce wasteful or malicious traffic, and protect SynthLink, other users, third-party providers, and the public from misuse of the Service.

Operational Logs and API Usage Data

When you use the API or website, SynthLink may record request and response metadata such as IP address, endpoint, method, timestamp, status code, user agent, referer, request volume, latency, key identifier, and related operational events. We use these logs for reliability, debugging, security review, quota enforcement, and incident response.

Usage logs may also be reviewed to detect prohibited behavior, repeated failed requests, credential misuse, scraping attempts, unusual request bursts, or conduct that creates unnecessary infrastructure cost or threatens service stability.

Legal Bases and Permitted Processing

Where applicable law requires a legal basis for processing, SynthLink processes personal information on bases that may include your consent, performance of a contract, compliance with legal obligations, protection of legitimate interests such as security and abuse prevention, and other lawful grounds available under applicable law.

If consent is required for a particular processing activity, you may withdraw that consent as permitted by law, but withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

Sharing and Service Providers

SynthLink does not sell personal information for money. We may disclose personal information to vendors, contractors, cloud providers, analytics providers, communications tools, security providers, and other processors that perform services on our behalf and are authorized to process information only as reasonably necessary for those services.

We may also disclose information where reasonably necessary to comply with law, respond to lawful requests, protect rights or safety, enforce our agreements, investigate fraud or abuse, support a corporate transaction, or prevent harm to the Service, infrastructure, users, or third parties.

International Transfers

SynthLink and its service providers may process or store information in jurisdictions other than the one in which you are located. By using the Service, you acknowledge that your information may be transferred to and processed in countries that may have different data protection laws than your home jurisdiction.

Where legally required, SynthLink will implement appropriate transfer safeguards for cross-border processing.

Retention

SynthLink retains personal information only for as long as reasonably necessary for the purposes described in this Policy, including service delivery, account administration, security monitoring, abuse prevention, dispute resolution, legal compliance, and enforcement of our agreements.

Retention periods may vary depending on the nature of the information, the sensitivity of the record, the need to preserve evidence of access or abuse, applicable limitation periods, and operational or legal requirements. When retention is no longer justified, information will be deleted, anonymized, or de-identified where reasonably practicable.

Security

SynthLink implements reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures may include access controls, credential management, logging, environment isolation, monitoring, and vendor controls appropriate to the nature of the Service.

No system can be guaranteed perfectly secure. You are responsible for protecting your own credentials, devices, network environment, and integrations. If you believe your information or API credentials have been compromised, you should contact us promptly.

Your Rights and Choices

Subject to applicable law, you may have the right to request access to personal information we hold about you, request correction of inaccurate information, request deletion, object to or restrict certain processing, request portability, withdraw consent where consent is the basis of processing, or appeal a denied request.

We may need to verify your identity before acting on a request and may deny or limit requests where permitted by law, including where the request would infringe the rights of others, undermine security, interfere with legal obligations, or require retention of records for legitimate operational or compliance reasons.

Children's Privacy

The Service is not directed to children, and SynthLink does not knowingly collect personal information from children in violation of applicable law. If you believe a child has provided personal information to SynthLink without appropriate authorization, please contact us so that we can review and take appropriate action.

Changes to This Policy

SynthLink may revise this Privacy Policy from time to time by posting an updated version on this page. Changes become effective when posted unless a later effective date is stated. Your continued use of the Service after the effective date constitutes acknowledgment of the revised Policy to the extent permitted by law.

Contact

Privacy questions, rights requests, and data protection inquiries may be sent to support@synth-link.com.