Synfliq BV ("Synfliq", "we", "us") is a private limited company registered in the Netherlands (KvK: 59274778). We operate the Synfliq service at app.synfliq.com — an AI-powered process mapping tool.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service. We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch privacy law.
For questions about this policy or your personal data, contact us at: info@synfliq.com
When you register or request access:
When you use the service:
If you choose to provide company details for invoicing purposes, we store:
This data is used solely to generate VAT invoices and is never shared with third parties except as required for payment processing.
If you connect your own Anthropic API key:
Documents, images, and text you upload for processing are transmitted to the AI provider (Anthropic) to generate diagrams. We do not store your uploaded content on our servers. Content is passed through in-memory only and is not persisted after the API call completes.
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing and operating the service | Account data, usage data | Contract performance (Art. 6(1)(b) GDPR) |
| Authentication and security | Email, password hash, session tokens | Contract performance; Legitimate interest |
| Credit accounting and billing | Usage data, transaction history | Contract performance; Legal obligation |
| Service communications (account updates, policy changes) | Email address | Contract performance; Legitimate interest |
| Fraud prevention and abuse detection | Account data, usage data | Legitimate interest (Art. 6(1)(f) GDPR) |
| Compliance with legal obligations | As required | Legal obligation (Art. 6(1)(c) GDPR) |
We do not sell your personal data to third parties. We do not use your data for advertising.
We use the following six third-party services (subprocessors) that may process personal data on our behalf:
| Subprocessor | Purpose | Location | Privacy policy |
|---|---|---|---|
| Anthropic PBC | AI processing of content you submit for diagram generation. Anthropic does not train on API inputs by default. | United States | anthropic.com/privacy |
| Railway Corp. | Server infrastructure and database hosting. All service data resides here. | United States | railway.app/legal/privacy |
| GitHub Inc. (Microsoft) | Encrypted database backups. Only anonymised, encrypted backup files are stored. | United States | docs.github.com/privacy |
| Cloudflare Inc. | Content delivery network, DNS resolution, DDoS protection. Processes IP addresses and request metadata of all visitors. | United States (EU edge nodes) | cloudflare.com/privacypolicy |
| Resend Inc. | Transactional email delivery (welcome emails, password resets, notifications). Processes recipient email addresses. | United States | resend.com/privacy |
| Mollie B.V. | Payment processing for credit bundle purchases. Processes payment data. Mollie is subject to Dutch and EU financial regulation. | Netherlands | mollie.com/en/privacy |
All transfers of personal data to US-based subprocessors are governed by Standard Contractual Clauses (SCCs) as adopted by the European Commission under Article 46(2)(c) GDPR. Where applicable, we also rely on the EU-US Data Privacy Framework (DPF) for transfers to certified US organisations. Mollie B.V. is based in the Netherlands and processes data within the EU — no international transfer occurs for payment processing.
You can request a copy of the applicable SCCs by contacting us at info@synfliq.com.
In certain circumstances, we are legally required to share data with law enforcement authorities. In accordance with the European e-Evidence Regulation (EU 2023/1543), we comply with official European Production or Preservation Orders for electronic evidence.
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at info@synfliq.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Dutch data protection authority: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
We implement appropriate technical and organisational measures to protect your personal data:
No system is perfectly secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR Art. 33–34.
Synfliq does not use tracking cookies or advertising cookies.
The application uses browser localStorage to store your authentication token (JWT) and application preferences. This data remains on your device and is not transmitted to third parties. It is cleared when you sign out or when you clear your browser data.
Our hosting infrastructure (Railway) may log standard HTTP access data (IP address, request path, response status) for operational purposes. These logs are retained in accordance with Railway's own data retention policy.
Synfliq is a professional B2B service not directed at children. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us at info@synfliq.com and we will delete it promptly.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify registered users by email at least 14 days before the changes take effect.
Continued use of the service after the effective date of a change constitutes acceptance of the updated policy.
For privacy-related requests or questions about this policy, please email us directly. We aim to respond within 5 business days.