Skip to main content

Privacy Policy

Last updated: February 2026

1. Who We Are

Synthmind.io ("we", "us", "our") is an AI Engineering & Cloud Solutions consultancy based in Athens, Greece. We are committed to protecting your privacy and handling your personal data transparently and in accordance with the General Data Protection Regulation (GDPR) and applicable Greek and EU data protection laws.

Contact: For any privacy-related inquiries, please reach us at privacy@synthmind.io.

2. Data We Collect

We collect only the minimum data necessary to provide our services:

  • Contact form submissions: Name, email address, company name, and message content when you reach out through our website.
  • AI chat widget: When you interact with our on-site AI chat assistant, the conversation transcript (your messages and the AI's replies) is logged and sent to us via email for quality assurance and follow-up purposes. Your IP address is recorded alongside the transcript for security and anti-abuse purposes. Any personal information you voluntarily share during the conversation (such as your name, email, or company) is included in this transcript.
  • Scheduling data: Name, email, and any details you provide when booking a call via our scheduling tool (Calendly).
  • Analytics data: Anonymous, aggregated website usage statistics collected via privacy-respecting, cookieless analytics. No personal identifiers are tracked.
  • Technical data: Server logs may temporarily record IP addresses and user-agent strings for security and operational purposes.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Responding to inquiries: To reply to your contact form submissions and schedule consultations.
  • Chat transcript review: To review AI chat conversations for quality assurance, identify potential client needs, and improve our services.
  • Service delivery: To deliver our consulting and engineering services under a contractual agreement.
  • Website improvement: To understand aggregate usage patterns and improve site performance (using anonymous analytics only).
  • Legal obligations: To comply with applicable laws and regulations.

4. Legal Basis for Processing

Under the GDPR, we process your data based on:

  • Consent: When you voluntarily submit a contact form or book a call.
  • Contractual necessity: When processing is required to fulfil a service agreement.
  • Legitimate interest: For security monitoring and anonymous website analytics.

5. Cookies & Tracking

We do not use cookies for tracking or advertising. Our analytics solution is cookieless and fully GDPR-compliant, meaning no cookie consent banner is needed. We do not use Google Analytics or any third-party tracking scripts that follow users across websites.

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We may share data with the following categories of processors, only as necessary:

  • Hosting provider: Cloudflare (for website hosting and CDN). Cloudflare processes data under their DPA and Standard Contractual Clauses.
  • Scheduling tool: Calendly, used for booking calls. Subject to their own privacy policy.
  • Email provider: Mailgun (EU region), for sending responses to your inquiries and receiving chat transcripts. Processes data under their DPA.
  • AI service provider: Google (Gemini API via Cloudflare AI Gateway), used to power our chat assistant. Conversation messages are sent to the AI model to generate responses. No data is retained by the AI provider beyond the duration of the request.

All processors are vetted for GDPR compliance. Where data is transferred outside the EU/EEA, appropriate safeguards (such as Standard Contractual Clauses) are in place.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected:

  • Contact form data: Deleted within 12 months unless an ongoing business relationship is established.
  • Chat transcripts: Stored in our email system and deleted within 6 months unless they lead to an ongoing business relationship.
  • Client project data: Retained for the duration of the engagement plus the legally required retention period.
  • Server logs: Automatically purged within 30 days.

8. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing in certain circumstances.
  • Data portability: Receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@synthmind.io. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including encrypted communications (TLS), access controls, and regular security reviews.

10. Children's Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA):

Hellenic Data Protection Authority
1-3 Kifissias Avenue, 115 23 Athens, Greece
Website: www.dpa.gr