Privacy Policy
Privacy Policy of the SyncMyOrders platform
Last updated: March 2, 2026
1. WHO WE ARE
SyncMyOrders Sp. z o.o. (“SyncMyOrders”, “we”, “us”, “our”) is a company registered in Poland (KRS: 0001179359) with its registered office at Szlak 77 / 222, 31-153 Krakow, Poland.
We are the Controller of personal data described in this Privacy Policy, within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). For questions about this Privacy Policy or your personal data, contact us at: privacy@syncmyorders.com
2. SCOPE
This Privacy Policy explains how we collect, use, and protect personal data when you:
- Visit our website at syncmyorders.com
- Create an account and use the SyncMyOrders platform
- Communicate with us (email, contact forms, demos, calls)
- Receive marketing communications from us
This Privacy Policy does not cover the processing of data that flows through the SyncMyOrders platform on behalf of our customers (e.g. orders, inventory, end-customer records). That processing is governed by our Data Processing Agreement, available at Data Processing Agreement.
3. WHAT WE COLLECT AND WHY
3.1 Website Visitors
We use Plausible Analytics to understand how visitors use our website. Plausible does not use cookies, does not collect personal data, and does not track individual visitors across sessions or sites. All analytics data is aggregated and anonymous. We do not use any other tracking technologies, advertising pixels, or third-party cookies on our website. Legal basis: Legitimate interest (understanding website usage to improve our service).
3.2 Account Holders and Platform Users
When you create an account or are added as a user by your organisation, we collect:
- Name
- Email address
- Organisation name
- Role / permissions within the platform
- Authentication data (managed by Auth0, including login timestamps and multi-factor authentication status)
Purpose: To provide access to the platform, manage your account, authenticate your identity, and communicate with you about the Service. Legal basis: Performance of a contract (your service agreement with us).
3.3 Sales and Marketing Contacts
When you engage with us through contact forms, demo requests, webinars, or direct communication, we may collect:
- Name
- Email address
- Company name and role
- Phone number (if provided)
- Communication history and notes
This data is stored in HubSpot, our CRM platform. Purpose: To respond to your enquiry, manage our sales pipeline, and where you have consented, send marketing communications about our products and services. Legal basis: Legitimate interest (responding to enquiries, managing business relationships) and consent (for marketing communications).
3.4 Billing and Payment
We collect billing information necessary to process payments:
- Company name and billing address
- VAT number
- Payment method details (processed by Stripe — we do not store full card numbers)
- Invoice history
Purpose: To invoice you, process payments, and comply with tax and accounting obligations. Legal basis: Performance of a contract and legal obligation (tax/accounting requirements).
3.5 Communications
When you email us or we email you (via Google Workspace), we process the contents of those communications, including any personal data you include. Purpose: To provide support, discuss your account, and manage our business relationship. Legal basis: Performance of a contract and legitimate interest.
4. WHO WE SHARE YOUR DATA WITH
We share your personal data only with the following categories of recipients, and only to the extent necessary:
| Recipient | Purpose | Location |
|---|---|---|
| Auth0 (Okta, Inc.) | User authentication | EU region (US entity) |
| Mailgun (Sinch AB) | Transactional emails (via Auth0) | EU region |
| HubSpot, Inc. | CRM and marketing communications | EU region (US entity) |
| Stripe, Inc. | Payment processing | EU region (US entity) |
| Hetzner Online GmbH | Infrastructure hosting | Germany / Finland (EU) |
| Google LLC | Email (Google Workspace) | EU region (US entity) |
| Plausible Analytics | Website analytics (no personal data) | EU |
For US-incorporated providers that process data in EU regions, we ensure appropriate safeguards are in place (Standard Contractual Clauses and/or EU-US Data Privacy Framework certification). We do not sell your personal data. We do not share your personal data with advertisers.
5. INTERNATIONAL TRANSFERS
Your personal data is processed within the European Economic Area. Where we use service providers incorporated outside the EEA (see Section 4), we ensure they process data in EU-hosted regions and that appropriate transfer safeguards are in place in accordance with Chapter V of the GDPR.
6. HOW LONG WE KEEP YOUR DATA
| Data category | Retention period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Billing and invoices | 5 years after the end of the financial year (legal obligation) |
| Sales and marketing contacts | Until you unsubscribe or ask for deletion, reviewed annually |
| Communications | 2 years after last interaction, unless related to an active account |
| Website analytics | Aggregated/anonymous — no personal data retained |
7. YOUR RIGHTS
Under the GDPR, you have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate or incomplete data
- Erasure — request deletion of your personal data, subject to legal retention requirements
- Restriction — request that we limit processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest, including direct marketing
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at privacy@syncmyorders.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) in Poland, or with the supervisory authority in your country of residence.
8. SECURITY
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, and regular security reviews. For details of our security measures in relation to platform data, see our Data Processing Agreement.
9. COOKIES
We do not use cookies for website analytics. Plausible Analytics operates without cookies and does not collect or store any personal data. Our website includes a HubSpot-provided meeting booking form, which may set cookies when you interact with it. HubSpot’s cookie consent banner is displayed before any such cookies are placed. These cookies are governed by HubSpot’s privacy policy. You can decline them without affecting your use of the rest of our website.
10. MARKETING COMMUNICATIONS
We may send you marketing emails about our products and services if you have consented or if we have a legitimate interest based on an existing business relationship. Every marketing email includes an unsubscribe link. You can opt out at any time by clicking the link or contacting us at privacy@syncmyorders.com.
11. CHILDREN
Our Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.
12. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. We will notify you of material changes by publishing the updated policy on our website with a revised “Last updated” date. For significant changes affecting your rights, we will make reasonable efforts to notify you directly (e.g. by email).
13. CONTACT
SyncMyOrders Sp. z o.o. Szlak 77 / 222, 31-153 Krakow, Poland Email: privacy@syncmyorders.com KRS: 0001179359