Synergenix Synergenix Sync

Privacy Notice

Last updated 2 July 2026 · Version 2026-07-02 · Issued under the Digital Personal Data Protection Act, 2023 (India) ("DPDP Act"). Synergenix AI Private Limited is the Data Fiduciary for the personal data described below.

1. What we collect and why

Personal dataPurposeLegal basis
Email addressAccount identity, sign-in, OTP verification, service noticesConsent
Password (stored as a salted hash — never in plain text)AuthenticationConsent
Files you upload (may include patient/clinical records) and their filenamesPrivate storage and retrieval you requestConsent
IP address, consent timestampProof of consent; abuse preventionConsent / legitimate use

We do not collect any data beyond what is listed here, and we do not use your data for advertising, profiling, or any purpose other than operating the Service for you.

2. Consent

By checking "I agree" at sign-up you give specific, informed consent to the processing described in this notice. We record the version of this notice you consented to, the time, and your IP address as proof of consent. You may withdraw consent at any time by deleting your account (Account → Delete my account), which is as easy as giving it. Withdrawing consent erases your account and all uploaded files (see §5).

3. Who else sees your data

Your files are stored in a private Google Cloud Storage bucket dedicated to this Service; they are never public and are only ever streamed back to you, the signed-in owner. We use the following processors solely to operate the Service, under confidentiality obligations, and never for their own purposes:

We do not sell, license, or otherwise share Your Data with any other third party. Any government-mandated disclosure will be limited to what the law requires.

4. Cross-border storage

Infrastructure is provisioned in India (asia-south1). We do not transfer your data outside India except where a processor above requires it to deliver the Service, and only to jurisdictions not restricted by the Central Government under the DPDP Act.

5. Your rights as a Data Principal

6. Retention

We retain your account and files for as long as your account is active. If you delete a file, it is removed from active storage immediately (short-lived backup copies may persist briefly before expiring). If you delete your account, all files and account data are erased, except where we must retain limited records to comply with law (e.g. financial records) or to resolve disputes.

7. Grievance Officer

If you have a complaint about how your personal data is processed, contact our Grievance Officer:

We aim to acknowledge and resolve grievances promptly. If unresolved, you may approach the Data Protection Board of India.

8. Security safeguards

Passwords are hashed (bcrypt), sessions use httpOnly cookies over TLS, every file request is scoped to the signed-in user's own storage prefix, and the storage bucket is private with no public object URLs. Data in transit is encrypted (HTTPS); data at rest is encrypted by the cloud storage provider.

9. Breach notification

If a personal data breach occurs, we will notify the Data Protection Board of India and affected users as required under the DPDP Act.

10. Children's data

This Service is not directed at children and we do not knowingly collect data from anyone under 18. If you believe a child's data has been provided to us, contact the Grievance Officer for immediate erasure.

11. Uploaded clinical data

If you upload patient or clinical records, you (or your institution) remain the Data Fiduciary/controller for that data; we act only as a processor providing storage. You are responsible for having a lawful basis (e.g. patient consent) to hold and upload that data.

This notice is provided together with, and should be read alongside, our Terms & Conditions. It is a summary for transparency and is not legal advice.

← Back to Synergenix Sync