Privacy Policy

1. Introduction

This Privacy Policy ("Policy") describes how Products and Solutions Network, S.A., a company duly incorporated and existing under the laws of the Republic of Panama (hereinafter "SYNOV", "we", "us", "our" or "the Company"), processes personal data in connection with its Applied Operational Intelligence platform. Through this platform we transform our clients' backoffice into an intelligent operation, task by task: we digitize processes, automate workflows, structure data, and train artificial intelligence models on the actual operation of each enterprise client.

This Policy applies to: (i) authorized users of SYNOV services; (ii) visitors to our websites and digital channels; and (iii) where applicable, to the end users whose data is processed by SYNOV on behalf of its enterprise clients, in which case SYNOV acts as data processor and the client as data controller.

This Policy is governed by Law 81 of March 26, 2019 on Personal Data Protection of the Republic of Panama and other applicable regulations. For users in Brazil, the relevant provisions of the General Data Protection Law (LGPD - Law 13.709/2018) also apply. By using our services or website, you acknowledge that you have read and accepted the practices described in this Policy.

2. Information We Collect

3. Use of Information

We use personal information for the following purposes, supported by applicable legal bases (consent, contract performance, legal compliance, or legitimate interest as appropriate):

• Provide, operate, and improve our services and platforms
• Process WhatsApp Business messages and other communications
• Operate automated voice agents with AI technology
• Respond to inquiries and requests
• Send information about our services (with your consent)
• Personalize the user experience
• Conduct analysis and market research
• Comply with legal, regulatory, and contractual obligations
• Protect the security of our systems and prevent fraud

4. Use of Artificial Intelligence

Our platform uses artificial intelligence models to process communications, automate operational tasks, and extract information from documents. This includes:

• Natural language processing of text and voice messages
• Voice transcription and synthesis
• Document data extraction
• Automatic classification and routing of communications

As part of our value proposition, we may train artificial intelligence models specific to each enterprise client's operation, exclusively with the client's own data and under explicit contractual authorization. These models are for the exclusive use of the client and are not used to feed cross-client models or general SYNOV models. By default, we do NOT use end-user personal data to train general-purpose AI models. When data is processed for training, we apply anonymization, aggregation, or pseudonymization where technically feasible. The AI models we use may be provided by subprocessors such as AWS Bedrock, Anthropic, or OpenAI, subject to their own confidentiality and no-training commitments.

5. Cookies and Similar Technologies

We use cookies and similar technologies to:

• Improve site functionality
• Analyze traffic via Google Analytics
• Remember user preferences
• Provide personalized content

You can configure your browser to reject cookies, although this may affect site functionality. Non-essential cookies are activated only when you provide consent.

6. Sharing Information with Third Parties

SYNOV does not sell or rent personal information to third parties. We may share information with:

7. WhatsApp Business and Meta Platform Integration

When we use WhatsApp Business API and other Meta platforms:

• We comply with applicable Meta terms and policies, including the WhatsApp Business Policies and the WhatsApp Terms for Businesses
• We process messages only for purposes authorized by the enterprise client and the end user
• We apply the end-to-end encryption provided by WhatsApp where technically feasible
• We do not use end-user data for purposes other than the contracted services
• We allow users to opt out of communications at any time

8. Data Security and Breach Notification

We implement reasonable technical and organizational measures to protect personal information against unauthorized access, loss, destruction, or alteration. This includes:

• Encryption in transit (SSL/TLS) and at rest
• Role-based access controls (RBAC) and multi-factor authentication
• Continuous system monitoring
• Periodic audits
• Security training for our team

No method of internet transmission or electronic storage is 100% secure, so we cannot guarantee absolute security. In the event of a security incident that may pose a risk or relevant harm to data subjects, we will notify the competent data protection authority and affected data subjects within a reasonable timeframe, in accordance with the obligations of Panama Law 81 and, where applicable, the Brazilian LGPD.

9. Your Rights and Data Protection Officer

In accordance with Panama Law 81 of 2019, the Brazilian LGPD where applicable, and other applicable laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete information
• Deletion: Request deletion of your data when no legal obligation requires retention
• Objection: Object to processing on legitimate grounds
• Portability: Receive your data in a structured, machine-readable format
• Withdrawal of consent: Revoke previously granted consent, without affecting the lawfulness of prior processing

To exercise these rights, write to privacy@synov.net. We will respond within applicable legal timeframes. SYNOV maintains a Data Protection Officer (DPO / Encarregado pelo Tratamento de Dados under LGPD) responsible for overseeing compliance with this policy and handling data subject requests, reachable at the same email privacy@synov.net.

10. Data Retention

We retain personal information only for the time necessary to fulfill the described purposes, or when the law requires or permits a longer period. As a general reference:

• Web browsing data: up to 12 months
• Commercial communications (emails, messages, proposals): during the contractual relationship and up to 1 year thereafter
• Voice recordings and transcriptions: per contractual agreement with the client, default up to 90 days
• Operational data processed on behalf of the client: per the active contract
• Accounting and tax records (invoices, signed contracts): in accordance with applicable tax legislation, minimum 5 years

11. International Transfers and Data Residency

Some of our subprocessors (such as AWS and Meta) may be located outside Panama. Our primary processing region is AWS us-east-1 (United States). For clients with specific data residency requirements, we may negotiate alternative regions through contractual agreement. In all cases we ensure adequate safeguards through:

• Contractual data protection clauses
• Compliance with recognized international frameworks
• Verification of subprocessor security measures

12. Minors

Our services are directed exclusively to authorized representatives of client organizations. They are not directed to persons under 18 years of age and we do not intentionally collect personal information from minors. If we discover that we have collected information from a minor without verifiable parental consent, we will delete it immediately.

13. Data Deletion at User Request

To request deletion of your personal data:

• Send an email to privacy@synov.net from the address associated with your data
• Use the subject line: "Data Deletion Request"
• We will verify your identity before proceeding
• We will process the request within applicable legal timeframes (maximum 30 days)
• We will confirm in writing once deletion is complete

Some data may be retained when the law requires it (for example, accounting or tax records).

14. Changes to This Policy

We may update this policy periodically. The date of the last update appears at the beginning of the document. Significant changes will be notified by email or via prominent notice on the website. We recommend reviewing this page periodically.

15. Contact

For questions about this policy, your personal data, or to exercise your rights: