Effective Date: January 20, 2026
Privacy Policy
Your privacy matters. This policy explains how we handle your data.
Quick Summary
- • We collect only what's necessary to provide our services
- • We never sell your personal data
- • You can export or delete your data anytime
- • We use industry-standard encryption (TLS 1.3, AES-256)
- • GDPR and CCPA compliant
1. Introduction
Sylphx Ltd ("we", "us", or "our") operates the Sylphx platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.
By using Sylphx, you consent to the practices described in this policy. If you do not agree, please do not use our services.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, password, and profile information when you create an account
- Billing Information: Payment method details, billing address, and transaction history (processed securely via Stripe)
- Communications: Information you provide when contacting support or providing feedback
- User Content: Data you store, upload, or process through our services
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, actions taken, and time spent on the platform
- Device Information: Browser type, operating system, device identifiers, and IP address
- Log Data: Server logs including access times, error logs, and API usage
- Cookies: Session cookies for authentication and preferences
2.3 Information from Third Parties
- OAuth Providers: When you sign in via Google, GitHub, or other providers, we receive your basic profile information
- Payment Processors: Transaction confirmations and billing status from Stripe
3. How We Use Your Information
We use your information to:
- Provide, maintain, and improve our services
- Process transactions and send billing notifications
- Send service-related communications and security alerts
- Respond to your requests and provide customer support
- Monitor and analyze usage patterns to improve user experience
- Detect, prevent, and address security issues and abuse
- Comply with legal obligations
We do not sell your personal information to third parties.
4. Legal Bases for Processing (GDPR)
For users in the European Economic Area, we process data based on:
- Contract Performance: Processing necessary to provide our services
- Legitimate Interests: Improving our services, security, and fraud prevention
- Legal Compliance: Meeting our legal and regulatory obligations
- Consent: When you have given explicit consent for specific processing
5. Data Sharing
We may share your information with:
- Service Providers: Third-party vendors who assist in operating our platform (hosting, analytics, email delivery)
- Payment Processors: Stripe for secure payment processing
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In connection with a merger, acquisition, or sale of assets
We require all third parties to respect the security of your data and process it in accordance with applicable laws.
6. Data Retention
We retain your data for as long as:
- Your account is active
- Necessary to provide our services
- Required by law (e.g., tax records, legal disputes)
- Needed for legitimate business purposes
After account deletion, we retain certain data for up to 30 days for recovery purposes, then permanently delete it. Some data may be retained longer if required by law.
7. Data Security
We implement industry-standard security measures including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Regular security assessments and penetration testing
- Access controls and authentication requirements
- Monitoring and logging of system access
- Employee security training and background checks
No system is 100% secure. If you discover a security vulnerability, please report it to contact@sylphx.com with "SECURITY" in the subject line.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to certain types of processing
- Withdraw Consent: Withdraw previously given consent
To exercise these rights, contact us at contact@sylphx.com. We will respond within 30 days.
9. International Data Transfers
Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with all service providers
- Compliance with applicable data protection frameworks
11. Children's Privacy
Our services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.
12. California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information
- Right to non-discrimination for exercising privacy rights
We do not sell personal information as defined by the CCPA.
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Posting the updated policy on this page
- Sending an email notification for significant changes
- Displaying a notice in the platform
Your continued use after changes constitutes acceptance of the updated policy.
14. Contact Us
For privacy-related questions or to exercise your rights:
Email: contact@sylphx.com
Company:
Sylphx Ltd
Hong Kong
If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.