Privacy Policy

Last updated: October 2025

1. Who We Are

Nefture Security SAS, operating under the commercial brand Syncrone, is a company incorporated in France (société par actions simplifiée, capital €1,000), with its registered office at Immeuble Val de Loire – 4 Passage de la Râpe – 45000 Orléans – France, registered with the RCS Orléans under number 952 457 372.

We are committed to protecting the privacy and security of your personal information (“Personal Data”). This Privacy Policy explains what Personal Data we collect, how and why we use it, and your rights under applicable data-protection laws, including the EU General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés).

If you have any questions or wish to exercise your rights, please contact us at [email protected] or our Data Protection Officer (see Section 10 below).

This Privacy Policy applies to:

Our Services are not directed to individuals under 18 years of age, and we do not knowingly collect their Personal Data.

2. What Data We Collect and How We Collect It

Because Syncrone provides infrastructure that processes highly sensitive and strategic information, we apply strict data-minimisation and security principles: we collect and process only the Personal Data necessary for clearly identified and lawful purposes, and we store it under strong encryption and restricted access controls.

We collect Personal Data in several ways:

Directly from you – when you create an account, contact us, or interact with our Services;
Automatically – when you browse or use our Platform (for diagnostics, security and performance);
From external or public sources – such as blockchain data, public registries, or verified analytics providers.

Data we may collect

Login information – username, password (hashed and salted), authentication tokens or API keys. Credentials are encrypted at rest and never accessible in plain text.
Identification and contact details – email address, Telegram ID, and related communication identifiers.
Device and technical data – IP address, browser type and version, operating system, language, time zone, SDK or app version, diagnostic and crash logs, connection metadata, and security telemetry.
Transactional data – information about payments made by or to you, including timestamps, currency, and payment processor reference. Payment card data is never stored by Syncrone.
Usage analytics – aggregated event data such as page visits, feature usage and performance metrics, collected through tools like PostHog (PostHog Data Properties). Analytics data are pseudonymised whenever possible.
Marketing and communications data – newsletter subscriptions, survey responses, communication preferences, and records of opt-in/opt-out actions.
Blockchain data – publicly available on-chain information such as wallet addresses, transactions, DeFi positions, owned assets, and smart-contract interactions. This data is linked to you only when you explicitly connect a wallet or identify yourself. The internal identifier linking blockchain activity to a user account is pseudonymised and stored separately from any personal identifiers to prevent re-identification.

We may also combine or correlate data from reputable third-party sources (for example, analytics or threat-intelligence providers) with the information we already hold, but only for legitimate business, compliance, or security purposes.

Syncrone does not sell or monetise Personal Data. All processing activities are logged and subject to internal access-control policies and audits.

3. Cookies and Tracking

We use cookies and similar technologies to personalize and improve your experience. You may refuse cookies via your browser settings, but some features may not function properly. Cookie-related Personal Data is processed in accordance with this Policy and retained for up to 12 months from your last interaction.

For non-essential cookies (analytics, marketing, or preference cookies), we request your prior consent in accordance with CNIL guidelines. You can withdraw consent at any time through our cookie manager.

4. Legal Bases for Processing

We process your Personal Data only when we have a lawful basis under Article 6 GDPR:

Performance of a contract — to provide and manage your account and Services
Legal obligation — to comply with applicable laws (e.g. anti-fraud, accounting, AML)
Legitimate interests — to operate, improve, and secure our Services
Consent — for specific processing such as marketing communications or analytics cookies

You can withdraw consent at any time by emailing [email protected].

5. Why We Use Your Data

We use your Personal Data to:

Provide, operate, and support our Services
Process transactions and notify you about them
Communicate with you, respond to inquiries, and provide support
Comply with legal obligations and resolve disputes
Manage and improve our Platform and business (security, analytics, UX)
Conduct R&D, risk management, and fraud prevention
Send marketing or promotional communications (subject to consent)
Enforce our contractual rights

6. Data Retention

We retain Personal Data only as long as necessary for the purposes above, including legal, accounting, or regulatory requirements.

Active accounts: data kept for the duration of your subscription
Inactive or cancelled accounts: data deleted or anonymised within 90 days (we may retain a hashed email to prevent repeated free-trial use)
Cookies and analytics data: retained up to 12 months after expiry
Legal obligations: certain data may be archived up to 10 years (e.g. accounting records)

When data is no longer needed, we anonymise or securely destroy it.

7. Your Rights (GDPR Articles 12–23)

Under the GDPR, you have the following rights:

Right of access — obtain a copy of your Personal Data
Right to rectification — correct incomplete or inaccurate data
Right to erasure (“right to be forgotten”) — where legally possible
Right to restriction — limit processing in certain cases
Right to data portability — receive your data in a portable format
Right to object — to processing based on legitimate interest or for direct marketing
Right to withdraw consent — where processing relies on consent

To exercise your rights, contact [email protected]. We may require proof of identity for security reasons.

You have the right to lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés): https://www.cnil.fr

8. Data Sharing and International Transfers

We may share limited Personal Data with:

Service providers (hosting, payment, analytics, communication tools) bound by confidentiality and data-processing agreements
Legal or regulatory authorities where required by law
Affiliates or successors in case of reorganization or merger

If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

A list of our main data-processing partners (processors) is available upon request.

9. Data Security

We apply appropriate technical and organizational measures to protect Personal Data from unauthorized access, alteration, disclosure, or destruction, including:

Encryption, pseudonymisation, and secure storage
Strict access control on a need-to-know basis
Continuous monitoring and testing of infrastructure security

However, no system is entirely secure. You provide information at your own risk, but we continuously improve our protections in line with industry standards.

10. Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) responsible for privacy compliance.

Contact: 📧 [email protected] 📍 Nefture Security SAS – Immeuble Val de Loire – 4 Passage de la Râpe – 45000 Orléans – France

11. Your Right to Complain

You may lodge a complaint with the CNIL, the French supervisory authority for data protection:

Website: https://www.cnil.fr
Address: CNIL – 3 Place de Fontenoy, 75007 Paris, France

12. Third-Party Links

Our Sites and Applications may include links or integrations to third-party websites or services. We do not control these third parties and are not responsible for their privacy practices. Please read their privacy notices before sharing your Personal Data.

13. Refusal to Provide Data

If you choose not to provide Personal Data that we require by law or contract, we may be unable to provide certain Services. We will notify you at the time if this is the case.

14. Updates to This Privacy Policy

We may update this Policy from time to time. The revised version will be effective upon publication with a new “Last updated” date.

If we make material changes affecting your rights or the way we process your data, we will notify you by email or in-app notice where feasible. We encourage you to review this Policy periodically. Your continued use of the Services after being informed of changes indicates awareness of the update, but does not replace any consent requirements where applicable.

15. Contact Information

For any privacy questions, to exercise your rights, or to contact our DPO:

📧 [email protected]

📍 Nefture Security SAS – Immeuble Val de Loire – 4 Passage de la Râpe – 45000 Orléans – France