Privacy Policy

Sintetico Inc. ("Sintetico," "we," "us," or "our") operates Converza (converza.ai) (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

If the Service sends or receives SMS or text messages, we collect your phone number, message content, timestamps, and opt-in/opt-out status. This information is used solely to deliver the messaging services you have consented to receive, such as notifications, confirmations, reminders, and other service-related communications.

We do not sell, rent, or share your phone number or SMS data with third parties for their marketing purposes. Your phone number and messaging data will only be shared with our telecommunications provider as necessary to deliver messages.

You can opt out of receiving text messages at any time by replying STOP to any message. After opting out, you will receive a single confirmation message and no further messages will be sent unless you re-subscribe.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Authenticate you, enforce usage limits, and secure your account
• Process transactions and manage subscriptions
• Send transactional messages (account verification, password reset, billing notices, security alerts, and notifications about activity in your account)
• Send product updates and marketing communications, only if you opted in. Every marketing email includes a one-click unsubscribe; opting out does not stop transactional messages you still need to receive.
• Respond to support requests and communicate with you about the Service
• Detect, prevent, and address fraud, abuse, and security issues
• Analyze usage in aggregate to improve the Service
• Comply with legal obligations

We share information only with third-party vendors that help us operate the Service ("sub-processors"), and only to the extent necessary to provide the Service to you. These sub-processors are contractually required to protect your data and use it only on our instructions.

We retain your information for as long as your account is active and as needed to provide the Service. Specific retention periods include:

• Account data: Retained while your account is active. When you delete your account, all associated records (user, content, session tokens) are permanently removed within 30 days, except where we are required to retain records by law.
• Content you submit: Retained for the duration of your subscription. Deleted within 30 days of account deletion.
• Usage logs: Retained for up to 12 months for security and operational purposes.
• Billing records: Retained for 7 years to comply with tax and accounting obligations.

You may request earlier deletion of your data at any time, subject to our legal retention requirements.

We implement industry-standard security measures to protect your information:

• Encryption of data in transit (TLS 1.2 or higher)
• Encryption of data at rest by our cloud infrastructure providers
• Multi-tenant data isolation at the database level
• Role-based access controls and audit logs
• Industry-standard password hashing (bcrypt or stronger)
• Restricted production access limited to authorized personnel
• Regular security reviews and dependency updates

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data through your account settings or by contacting us.
• Deletion: Request deletion of your account and associated data through your account settings or by contacting us.
• Portability: Request your data in a structured, machine-readable format.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Objection: Object to processing of your data based on legitimate interests.
• Marketing Opt-out: Unsubscribe from marketing emails through the link in any marketing message. Transactional messages cannot be opted out.

To exercise these rights, contact us at privacy@sintetico.ai. We will respond within the timeframe required by applicable law (typically 30 days or less).

Converza uses cookies and similar technologies to provide and improve the Service. We group cookies into three categories so you can choose which ones to allow.

• Essential cookies: Required for authentication, session management, and remembering your consent choices. The Service cannot function without these. Always active.
• Analytics cookies: Help us understand how visitors use the site so we can improve it. No advertising or cross-site tracking. Only active if you opt in.
• Marketing cookies: Allow us to measure advertising performance and show relevant content. Only active if you opt in.

When you first visit the site you will see a consent banner that lets you accept all categories, reject all non-essential categories, or customize your choice per category. Your choice is stored in a cookie that expires after 12 months. You can change your choice at any time using the Cookie Settings link in the footer.

You can also control cookies through your browser settings, though disabling essential cookies will prevent the Service from working correctly. Disabling Analytics or Marketing cookies through the consent banner is the recommended way to opt out of those categories on our Service.

We are based in the United States, and your information may be processed in the United States and other countries where our sub-processors operate. These countries may have different data protection laws than your jurisdiction.

Where required by law (for example, transfers from the European Economic Area or United Kingdom), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms to protect your data.

The Service is not directed to or intended for children under 18 years of age, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us at privacy@sintetico.ai and we will delete it.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to:

• Know what personal information we collect, use, disclose, and (if applicable) sell
• Request deletion of your personal information
• Correct inaccurate personal information
• Limit the use and disclosure of sensitive personal information
• Opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
• Non-discrimination for exercising your rights

To exercise these rights, contact us at privacy@sintetico.ai.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent laws. Sintetico Inc. is the data controller for personal information processed through the Service.

You have the right to lodge a complaint with your local data protection authority. For GDPR-related inquiries, contact our Data Protection Officer at dpo@sintetico.ai.

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on the Service with a new "Last Updated" date at least 30 days before the changes take effect, except where a shorter period is required by law. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: