SyncLynSyncLyn
Legal

Privacy Policy

How LaneX Holdings Ltd, trading as SyncLyn, collects, uses, and protects your data. We follow the UK GDPR and the General Data Protection Regulation (EU) 2016/679.

Last updated: 4 June 2026

1. Who we are

SyncLyn is a product of LaneX Holdings Ltd (Company No. 17242328, registered in England and Wales). When we refer to "we", "us", or "SyncLyn" in this policy, we mean LaneX Holdings Ltd acting as the data controller for the SyncLyn platform.

2. What we collect

Account data

  • Name, work email, and organisation name you provide at signup.
  • Authentication credentials (we store a salted hash of your password, never the password itself).
  • Profile metadata you choose to add: avatar, role, time zone.

Product data you give us

  • Contacts, candidates, messages, workflows, tickets, and any other content you create inside the product.
  • Files you upload (CVs, attachments) — stored encrypted at rest.

Automatically collected

  • Standard server logs: IP address, browser user-agent, request timestamps.
  • Product analytics: page views, feature usage events, error reports. Aggregated and pseudonymised by default.
  • Cookies — see our Cookie Policy.

3. Why we process it

We rely on three legal bases under UK GDPR:

  • Contract: to deliver the SyncLyn service you signed up for.
  • Legitimate interests: to keep the service secure, prevent abuse, and improve it.
  • Consent: for optional analytics cookies and marketing emails (you can opt out at any time).

4. Stripe payment processing

Billing is processed by Stripe Payments Europe Ltd. When you upgrade to a paid plan, we send Stripe your email, organisation ID, and plan selection. We never see your card number — it goes directly from your browser to Stripe. Stripe's privacy notice is available at stripe.com/privacy.

5. Subprocessors

We use a small set of vetted subprocessors to operate SyncLyn:

  • Cloud hosting and database (encrypted at rest, EU/UK regions where possible).
  • Stripe — payment processing.
  • Email delivery providers — transactional and notification emails.
  • Web push notification gateway — only if you opt in.

We sign Data Processing Agreements with all subprocessors. Contact us if you need the current list.

6. How long we keep it

  • Account data: for the lifetime of your account, plus 30 days after deletion.
  • Product data: until you delete it or your organisation is closed.
  • Server logs: 30 days.
  • Billing records: 7 years (required by UK tax law).
  • Audit logs: 90 days by default; longer on the Business plan.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct it if it is inaccurate.
  • Delete it ("right to be forgotten").
  • Restrict or object to processing.
  • Receive a copy in a portable format.
  • Withdraw consent at any time.
  • Lodge a complaint with the Information Commissioner's Office (ICO).

Send any request to privacy@synclyntech.com. We respond within 30 days.

8. International transfers

Where data is transferred outside the UK or EEA, we rely on Standard Contractual Clauses and additional safeguards in line with the UK ICO's guidance.

9. Security

See our Security page for a detailed summary of the controls we have in place.

10. Changes

We will notify you by email of any material changes to this policy and post the updated date at the top.

11. Contact

Questions or requests: privacy@synclyntech.com.