Privacy Policy

SynapseLex Privacy Policy

 

Effective Date: Aug 1, 2025 Company: ZenX.AI LLC. ("SynapseLex", "We", "Us", or "Our")

​

1. Introduction and Scope

This Privacy Policy governs the processing of Personal Data collected by SynapseLex, Inc. related to the operation of our corporate website, marketing activities, and the administration of the SynapseLex AI Governance platform (the "Service"). This policy is designed to be fully transparent regarding our data handling practices and ensure compliance with global data protection frameworks, including the GDPR, CCPA, and similar regulations.

Our Dual Role:

• Data Controller: We act as the Controller for Operational Data (data about our customers and users, such as account and billing information).

• Data Processor: We act as the Processor for Customer Content (data uploaded by our customers for classification and analysis). This content is processed strictly under the terms of the separate Data Processing Addendum (DPA) and the Customer's instructions.

2. Operational Data We Collect and Methods of Collection

We collect data necessary to provide and improve our Service, divided into the following categories:

Category of Data Collected Source of Collection

A. Account & Contact DataFull Name, Work Email, Job Title, Company Name, Phone Number, Login Credentials.Directly from users during account sign-up, demo requests, and customer support interactions.

B. Financial & Billing Data: Subscription details, Billing address, Payment history. (Payment card data is handled directly by a PCI-compliant third-party processor) .Directly from customers and third-party payment gateways.

C. Usage & Telemetry DataIP address, Browser type, Operating System, Device ID, Pages visited, Clicks, Feature adoption, API interaction metrics, and Technical logs. Automatically collected via cookies, web beacons, and server logs when interacting with the Service or website.

D. Third-Party DataBusiness contact details, company size, and industry information used for lead qualification.Third-party business intelligence providers and public sources (e.g., LinkedIn).

3. Purpose and Legal Basis for Processing Operational Data

We process your Personal Data based on the following legal grounds:

Purpose of Processing Legal Basis (GDPR)

Service Provision & SupportPerformance of a Contract.

Security & Auditing Legitimate Interest (Ensuring the security and stability of the Service).

Product ImprovementLegitimate Interest (Analyzing anonymized usage patterns to enhance features).

Marketing CommunicationsConsent or Legitimate Interest (For existing business relationships).

Legal ComplianceLegal Obligation.

4. Customer Content: Our Role as Processor

As a data processor, SynapseLex is strictly prohibited from making independent decisions regarding the Customer Content you entrust to the Service.

• Processing Instruction: We process Customer Content solely to perform the functions detailed in the Service description (e.g., applying neurosymbolic AI for classification, generating confidence scores, flagging non-compliant data) and according to the Customer's configuration and instructions.

• AI Model Training Restriction: SynapseLex does not use, share, or retain Customer Content to train, develop, or improve any internal, proprietary, or third-party AI models (including foundational LLMs) unless expressly stipulated in a separate, written agreement with the Customer. All LLM processing is isolated and designed for output generation only.

• Data Minimization: The Service is designed to leverage metadata and classification outputs to minimize the need to persistently store the raw Customer Content beyond the time required for processing and audit logging.

5. Data Sharing and International Transfers

We only share your data with third parties necessary for the operation of our Service, never for selling or renting Personal Data to third parties.

• Service Providers (Sub-Processors): We use third-party sub-processors (e.g., Amazon Web Services for cloud hosting, Stripe for billing). We maintain a public list of sub-processors and ensure all are bound by data processing agreements requiring the same level of data protection.

• Legal Compliance: We may disclose data if legally required to do so by governmental authorities, law enforcement agencies, or in response to a subpoena.

• International Data Transfers: As a global provider, data may be transferred to and processed in the United States and other countries where our sub-processors operate. For transfers of EU/UK Personal Data, we rely on Standard Contractual Clauses (SCCs) and appropriate supplementary measures to ensure a lawful basis for transfer.

6. Data Retention and Security Measures

• Retention: We retain Operational Data as long as you maintain an active account or as needed to provide the Service. Usage logs and analytics are typically retained for up to 24 months. Customer Content is retained and deleted according to the DPA and the Customer's termination instructions.

• Security: We maintain robust security protocols aligned with industry standards (e.g., SOC 2 Type II controls). Measures include: AES-256 encryption at rest, TLS 1.2+ encryption in transit, strict Role-Based Access Controls (RBAC), and regular penetration testing.

7. Your Data Rights

As a data subject, you have the following rights regarding the Operational Data we control. To exercise any of these rights, please contact us at [privacy@synapselex.com].

• Right of Access: The right to request copies of your personal data.

• Right to Rectification: The right to request correction of incomplete or inaccurate data.

• Right to Erasure (Right to be Forgotten): The right to request the deletion of your personal data under certain conditions (e.g., when data is no longer necessary for the purpose collected).

• Right to Object: The right to object to our processing based on legitimate interests (including profiling and marketing).

• Right to Restrict Processing: The right to request the suspension of our processing under certain circumstances.

• Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format.

8. Children's Privacy and Policy Updates

• Children: The Service is strictly B2B and not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

• Updates: We may update this Policy periodically to reflect changes in our practices or legal requirements. The Effective Date at the top will indicate when the last changes were made. We will notify customers of material changes via email or a conspicuous notice on our website.