Legal

Privacy Policy

Last updated: 17 April 2026

This Privacy Policy explains how Pulse Code Tech Ltd ("we", "us", "Syndrix") collects, uses, stores and shares information when you use syndrixai.comand the Syndrix AI service (the "Service"). It complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Pulse Code Tech Ltd is a company registered in England and Wales under company number 16598257. Our registered office and all enquiries can be directed to:

We are the data controller for personal data collected through this website and the Service.

2. What information we collect

2.1 Account & pre-registration data

  • Name, email address, business name (optional) you provide when you sign up or pre-register.
  • Authentication identifiers (password hash or social-auth tokens) issued by Supabase.
  • Chosen plan tier and billing details (processed by our payment provider — we do not store full card numbers).

2.2 Service usage data

  • Agent activity logs — the tasks you ask the agent to perform, tool invocations, and the outcomes. We use this to provide the service, to debug issues, and to improve reliability.
  • Configuration you supply: business profile, scheduled tasks, connected accounts (OAuth tokens), personalised settings.
  • Technical metadata: IP address, browser user-agent, request timestamps, and rate-limit counters. Stored for abuse prevention.

2.3 Data you route through the agent

When you connect your email, calendar, CRM, trading or other accounts, Syndrix processes the data it needs to carry out the task you requested — messages, events, contacts, orders, and so on. This data is processed only for the scope of the task and the duration required to complete it. We do not sell or share this data.

2.4 Cookies and analytics

See our Cookie Policy for the full list of cookies and third-party analytics we use.

3. How we use your information

We process personal data under the following lawful bases:

  • Contract — to deliver the Service you signed up for (account management, running agent tasks, billing).
  • Legitimate interests — to secure the platform, prevent fraud and abuse, improve reliability, and communicate product updates relevant to paying users. These uses are balanced against your rights and you can object at any time.
  • Consent — for marketing emails to prospects and for non-essential cookies. Consent can be withdrawn at any time.
  • Legal obligation — where we must retain records for tax, anti-fraud, or law-enforcement purposes.

4. AI model providers & third-party processors

Syndrix sends prompts and relevant context to external AI model providers to carry out the tasks you ask for. Current providers:

  • Anthropic (Claude)
  • OpenAI (GPT, Whisper, TTS)
  • Google (Gemini)
  • ElevenLabs (voice synthesis, when voice mode is enabled)

Each provider is an independent processor. We have data-processing agreements where available and we configure provider accounts so that, to the extent the provider permits, your prompts are not used to train their models. Nonetheless you should not submit data you are not authorised to share with third parties.

Other processors we rely on:

  • Supabase (database, auth) — hosted in the EU.
  • Vercel (web hosting, CDN).
  • AWS (agent runtime, London region).
  • Cloudflare (DNS, WAF, tunnels).
  • Stripe or similar (payments — when billing is live).

5. International transfers

Some of our processors (notably OpenAI and Anthropic) are based in the United States. Transfers outside the UK/EEA rely on the UK Addendum to the EU Standard Contractual Clauses or equivalent safeguards. You can request a copy of the safeguards at info@pulsecode.co.uk.

6. Retention

  • Account records: while your account is active, then 12 months after closure for accounting purposes.
  • Agent activity logs: 90 days by default; you can request shorter retention.
  • Billing records: 6 years (HMRC requirement).
  • OAuth tokens and credentials: deleted immediately when you disconnect an integration.

7. Security

Secrets and API keys are encrypted at rest using AES-256-GCM. Connections use TLS 1.3. Our agent runtime includes intrusion detection, file-integrity monitoring, rate limiting, and an audit trail. See our Security page for details.

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Erase your data ("right to be forgotten") subject to legal retention obligations.
  • Restrict or object to processing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent where processing relies on consent.
  • Lodge a complaint with the UK Information Commissioner's Office (ICO).

To exercise any of these rights, email info@syndrix.com. We respond within one calendar month.

9. Children

The Service is intended for users aged 18 and over. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email or a prominent notice on this site at least 14 days before they take effect. The "Last updated" date at the top reflects the current version.

11. Contact

For any privacy-related question, contact our Data Protection point of contact at info@syndrix.com or write to Pulse Code Tech Ltd.

Pulse Code Tech Ltd · Company No. 16598257 · VAT No. 508339976 · Registered in England and Wales · info@pulsecode.co.uk · 020 3633 1955