Privacy Policy

1. Who we are

Shynvo (“Shynvo,” “we,” “us”) operates the websites and services described at shynvo.app. Depending on your region, the data controller may be the Shynvo entity identified in your contract or checkout flow. For privacy questions, contact support@shynvo.app.

2. Scope

This Policy explains how we process information when you visit our marketing sites, create an account, use the Shynvo platform, communicate with support, or interact with our APIs and integrations. It does not govern third-party sites linked from our Services; those sites have their own policies.

3. Information we collect

3.1 You provide directly

• Account and profile: name, email, organization, role, authentication identifiers, billing contact details.
• Payment data: processed by our payment partners (e.g., card data is not stored on Shynvo servers where the processor tokenizes payments).
• Support and communications: messages, attachments, meeting notes, and feedback you send us.
• Customer Data: content you upload or generate in the product (e.g., incidents, runbooks, automation definitions, audit events, integration metadata). Customer Data may include personal information about your employees or end users—your organization is typically the controller for that data.

3.2 Collected automatically

• Device and log data: IP address, approximate location, user agent, timestamps, pages viewed, referring URLs, diagnostic events.
• Cookies and similar technologies: described in our Cookie Policy.
• Security telemetry: signals used to detect abuse, fraud, and unauthorized access.

3.3 From third parties

We may receive information from identity providers (SSO), enrichment vendors you authorize, payment processors, and fraud-prevention services.

4. How we use information

We use information to:

• Provide, operate, maintain, and improve the Services;
• Authenticate users, enforce access controls, and protect security;
• Process transactions, invoices, credits, and refunds;
• Communicate about updates, incidents, and support requests;
• Conduct analytics and product research in aggregated or de-identified form where feasible;
• Comply with law, respond to lawful requests, and enforce our terms;
• Develop machine-learning models where permitted, using safeguards such as aggregation, minimization, and contractual restrictions.

5. Legal bases (EEA/UK)

Where GDPR/UK GDPR applies, we rely on appropriate bases such as: contract (providing the Services you request), legitimate interests (security, product improvement balanced against your rights), consent (non-essential cookies and certain marketing where required), and legal obligation.

6. Sharing and subprocessors

We may share information with:

• Service providers who assist with hosting, DNS, email, analytics, customer support tooling, security monitoring, and payments;
• Professional advisors (lawyers, auditors) under confidentiality obligations;
• Corporate transactions such as a merger or acquisition, subject to appropriate safeguards;
• Authorities when required by law or to protect rights, safety, and integrity.

A current list of key subprocessors should be published separately (e.g., a “Subprocessors” page) and updated when vendors change for enterprise customers.

7. International transfers

We may process data in the United States and other countries. Where required, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms, plus supplementary measures where appropriate.

8. Retention

We retain information as long as needed to provide the Services, comply with law, resolve disputes, and enforce agreements. Retention periods may depend on plan settings, backups, and legal holds. Customer-configured retention for audit logs and incidents should be documented in admin tooling.

9. Security

We implement administrative, technical, and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure; you are responsible for safeguarding credentials and integration secrets.

10. Your rights and choices

Depending on your location, you may have rights to access, rectify, erase, restrict or object to certain processing, portability, and withdrawal of consent. You may also lodge a complaint with a supervisory authority. To exercise rights, contact support@shynvo.app. We will verify requests consistent with law and may need your organization to approve enterprise requests.

California residents: You may have additional rights under the CCPA/CPRA regarding categories, sources, purposes, disclosure, and sensitive personal information. We do not “sell” personal information in the traditional sense; any “sharing” for cross-context behavioral advertising (if ever used) should be disclosed and opted where required.

11. Children

The Services are not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us to delete it promptly.

12. Automated processing and AI outputs

Parts of the Services may use automated or AI-assisted processing to suggest actions, summarize incidents, or draft content. Outputs may be incorrect or incomplete. Human review is required for consequential decisions in regulated or high-risk environments. Where legally required, we document assessments and controls for automated decision-making.

13. Changes to this Policy

We may update this Policy from time to time. We will post the revised version and update the “Last updated” date. Where changes are material and consent is required, we will obtain consent as appropriate.

14. Contact

Privacy and data protection inquiries: support@shynvo.app