Privacy Policy
Last updated: May 2026
1. Who We Are
This Privacy Policy describes how Sintora Labs ("we", "our", "us") collects, uses, and protects personal data when you visit www.sintoralabs.com or otherwise interact with us.
For privacy enquiries please contact:
- Email: privacy@sintoralabs.com
- Mailing address: Narva mnt 7-636, 10117 Tallinn, Estonia
This policy applies to information processed in the context of our website, our communications with prospects, and our day-to-day commercial operations. It does not cover client deliverables we produce under separate service agreements.
2. What We Collect
2.1 Information you provide
When you fill in a contact or scheduling form, send us an email, or otherwise reach out, we may collect:
- Identifiers — name, work email, phone number;
- Business context — company name, role, project description and any details you choose to share;
- Communication content — messages, attachments and the subject of your enquiry.
2.2 Information collected automatically
When you browse our website, certain technical information may be collected by us or our service providers:
- Standard server logs (IP address, request time, requested URL, user agent) — used for security and abuse prevention;
- Bot-protection data processed by Cloudflare Turnstile (browser fingerprint signals) — used to distinguish humans from automated traffic;
- If you accept analytics cookies: aggregated usage data via Google Analytics 4 (sessions, page views, referrer, device type, language);
- If you accept marketing cookies: campaign attribution data (UTM parameters, click identifiers).
You can manage cookie preferences at any time via the "Cookie Settings" link in the footer. See our Cookie Policy for details.
3. Why We Process This Data and Legal Basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Responding to enquiries and pre-contractual communication | Steps prior to entering into a contract (Art. 6(1)(b)) |
| Performance of services under a signed agreement | Contract performance (Art. 6(1)(b)) |
| Operating, securing and improving the website | Legitimate interests (Art. 6(1)(f)) |
| Bot protection (Cloudflare Turnstile) | Legitimate interests — preventing abuse (Art. 6(1)(f)) |
| Analytics and marketing measurement | Your consent (Art. 6(1)(a)) |
| Compliance with tax, accounting and other legal obligations | Legal obligation (Art. 6(1)(c)) |
4. Automated and AI-Assisted Handling
To accelerate triage of incoming enquiries we may use AI-assisted tools that suggest a draft response based on the content of your message. A human reviews any substantive reply before it is sent. We do not make decisions producing legal or similarly significant effects on you solely by automated means within the meaning of GDPR Art. 22.
5. Service Providers (Sub-processors)
We rely on a small set of trusted service providers to operate this website and our communications. They process personal data on our behalf, under written terms and on instruction:
- Cloudflare, Inc. (USA) — CDN, DDoS protection and Turnstile bot protection;
- Google Ireland Ltd / Google LLC (Ireland / USA) — Google Analytics 4 (only if analytics cookies accepted);
- Calendly LLC (USA) — meeting scheduling widget (only loaded after explicit consent);
- n8n GmbH (Germany) and our self-hosted automation infrastructure — workflow tool that delivers form submissions to us;
- OpenAI Ireland Ltd / OpenAI, L.L.C. (Ireland / USA) — AI assistance for drafting responses, where applicable;
- Email and productivity providers (e.g. Google Workspace) used to receive and respond to enquiries;
- Hosting and infrastructure providers used by us or the providers above.
6. International Data Transfers
Some of the providers listed above are located outside the European Economic Area (EEA) — primarily in the United States. Where personal data is transferred outside the EEA, we rely on appropriate safeguards, in particular the European Commission's Standard Contractual Clauses (Module 2 / Module 3) and supplementary measures where required, in line with GDPR Chapter V.
7. How Long We Keep Your Data
- Enquiry and prospect communications — up to 24 months from last contact, unless we enter into a contract;
- Client records and project communications — for the duration of the engagement and up to 7 years after, to satisfy contractual and tax-record-keeping obligations;
- Server / security logs — typically up to 90 days;
- Analytics data — up to 14 months in aggregated form (or per Google Analytics defaults);
- Cookie consent record — up to 12 months from your last update.
We delete or anonymise personal data once the retention period expires or the purpose has ended, unless a longer period is required by law.
8. Security
We apply technical and organisational measures appropriate to the risk, including encryption in transit (TLS), access controls, least-privilege principles, regular software updates, monitoring, and staff confidentiality undertakings. No system is 100% secure, but we work continuously to keep information protected.
9. Your Rights
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, you have the right to:
- Access the personal data we hold about you;
- Request rectification of inaccurate or incomplete data;
- Request erasure ("right to be forgotten") in certain circumstances;
- Restrict or object to processing based on legitimate interests;
- Receive your data in a portable format;
- Withdraw consent at any time, without affecting prior lawful processing.
To exercise any of these rights please email privacy@sintoralabs.com. We will respond within one month, with a possible extension of two further months for complex requests, in line with GDPR Art. 12.
10. Right to Lodge a Complaint
You have the right to lodge a complaint with your local data-protection supervisory authority. Our lead supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), Tatari 39, 10134 Tallinn, Estonia — www.aki.ee.
11. Children
Our services are aimed at businesses. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
12. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page indicates the most recent revision. Material changes will be highlighted on the website.
13. Contact
For any questions about this Privacy Policy, please write to privacy@sintoralabs.com.