Sintrics
Sintrics
|

Privacy Policy

Last updated: 2 July 2026

This Privacy Policy explains how [COMPANY LEGAL NAME]("Sintrics", "we", "us") collects, uses, and protects personal data when you use our reservation and booking platform (the "Service"). We act as a data controller for the accounts of businesses that use Sintrics, and as a data processor on behalf of those businesses for the booking data of their customers.

We process personal data in line with the EU General Data Protection Regulation (GDPR) and applicable local law.

1. Who we are

  • Controller: [COMPANY LEGAL NAME], [REGISTERED ADDRESS], [COMPANY REG. NO.]
  • Contact: support@sintrics.com
  • Data protection contact: [DPO / PRIVACY CONTACT, if appointed]

2. What data we collect

Business accounts (staff users):

  • Name, email address, phone number
  • Business details (name, type, timezone, opening hours, services)
  • Account security data (password hash, two-factor settings) — managed by our auth provider
  • Audit/activity records of sensitive actions within the account

Customers who book (on behalf of the business):

  • Name, email address, and phone number
  • Booking details (service, date/time, party size, and any note you provide)

3. Why we use it and our legal basis

  • To provide the Service (create accounts, manage bookings) — performance of a contract.
  • To protect the public booking form from spam and abuse (Cloudflare Turnstile security check) — legitimate interest in preventing fraud/spam.
  • To secure accounts (login, two-factor, audit logs) — legitimate interest and legal obligation.
  • To send essential service emails (confirmations, password resets, invites) — performance of a contract.

4. Who we share it with

We do not sell personal data. We share it only with the processors that run the Service:

  • Supabase — database, authentication, and transactional email.
  • Vercel — application hosting and delivery.
  • Cloudflare — spam/abuse protection on the public booking form (Turnstile).
  • [ANY OTHER PROCESSORS — e.g. custom SMTP/email provider]

These providers may process data outside your country; where they do, appropriate safeguards (such as Standard Contractual Clauses) apply.

5. How long we keep it

We keep account data for as long as the account is active, and booking data for as long as the business requires it to run its operations. When an account is deleted, its business, bookings, guests, and team data are permanently removed. [STATE ANY SPECIFIC RETENTION PERIODS]

6. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate data;
  • erase your data ("right to be forgotten");
  • restrict or object to processing;
  • data portability (receive your data in a structured format);
  • withdraw consent at any time, where processing is based on consent.

Account holders can delete their account and all associated data directly from Settings. To exercise any other right, contact us at support@sintrics.com. If a business booked you as a customer, that business is the controller of your booking data — we will pass your request to them.

7. Cookies

We use only strictly-necessary cookies. We do not use advertising or tracking cookies. See our Cookie Policy for details.

8. Complaints

If you believe we have mishandled your data, please contact us first. You also have the right to lodge a complaint with your data protection authority — in Slovakia, the Úrad na ochranu osobných údajov SR (dataprotection.gov.sk), or your local supervisory authority.

9. Changes

We may update this policy from time to time. We will update the "Last updated" date above and, where appropriate, notify you.

This document is a template provided for convenience and is not legal advice. Replace all highlighted placeholders and have it reviewed by a qualified professional before relying on it.

Privacy PolicyCookie PolicyHome