Last updated: 10/30/2023
Table of contents
The personal information that we may collect about you broadly falls into the following categories:
- Information that you provide
We collect information about you when you input it into our Service or otherwise provide it directly to us.
Account and profile creation
We collect information about you when you register for an account, create or modify your profile, and set preferences for the Service. For example, you may provide your contact information, including your first and last name, email address, and password when you register for the Service. You may also have the option of adding an avatar to your profile to be displayed in the Service. We keep track of your preferences when you select settings within the Service, including settings for displaying Content.
**Sign in via other platforms **
Instead of creating a user account, you can log in via your account with other platforms. We will not collect the password that you use for the relevant platform, but we may collect details from your account with the platform, such as username, email address, and avatar (to be displayed in the Service).
Requests and inquiries
You may choose to provide us with information when you contact us about our Service or otherwise interact with us. For example, you may choose to submit feedback on our Content. You may submit your contact information to receive newsletters or marketing communications from us or to make an inquiry through our Service. You may also provide content to us when you participate in a survey, contest, promotion, sweepstake, activity, or event, including via social media and other content platforms.
If you make a purchase at our Store, we will collect order information, such as the products that you purchase, billing and shipping address, and payment information. Please note that any payment information you provide is sent directly to a third-party payment processor. We have no access to and do not store your payment information.
- Information that we collect from your device and usage
We collect certain information about your device and how you and your device interact with us and our Service. In some countries, including countries in the European Economic Area and the United Kingdom, this information may be considered personal data under applicable data protection laws.
Specifically, the information we collect will include information such as your IP address, device type, unique device identification numbers, browser-type, general location information (such as inferred from an IP address), and referring URL. We also collect information about how you and your device have interacted with our Service or with us via email, including the pages and Content you accessed, products you viewed and purchased, links you clicked, and when you accessed and for how long.
Some of this information is collected using cookies and similar tracking technology, as explained further under the heading "Cookies and similar tracking technology" below.
- Information that we obtain from third party sources
From time to time, we receive personal information about you from third-party sources, including from vendors and service providers who may collect information on our behalf, such as companies who support our Store (e.g., our e-commerce platform provider, payment processors, and fulfillment services provider).
The types of information we obtain from third parties may include name and email address. We may combine this information with information we collect through other means described above. This helps us to maintain and improve the accuracy of our records, identify new users, deliver personalized communications, and suggest Content and other products and services that may be of interest to you.
We use your information for business and commercial purposes, such as to:
Provide, maintain, and improve our Service, including process your payments and fulfill your orders;
Manage your account and send you related information, including notifications and confirmations related to your account, purchases, returns, exchanges, or other transactions;
Respond to your comments, questions, and requests, and provide support services;
Communicate with you about Content and other products and services, and news and information we think may be of interest to you;
Monitor and analyse trends, usage, and activities in connection with the Service and our communications to you;
Detect, investigate, and prevent fraudulent transactions and other illegal activities, protect the rights and property of Syntax and others, and comply with legal requirements;
Personalize and improve the Service and provide Content and features that match your profile and interests, and remember information about your preferences for the Service;
Administer surveys, contests, promotions, sweepstakes, and other activities; and
Carry out any other purpose for which the information was collected.
We may aggregate or de-identify information collected through the Service. We may use aggregated or de-identified data for any purpose, including without limitation for research and marketing purposes, and may also disclose such data to any third parties, including without limitation, advertisers, promotional partners, and others.
We disclose your personal information to the following categories of recipients:
Affiliate companies who help operate and improve our Service (including to support the delivery of, provide functionality on, or help to enhance the security of our Service), offer other Syntax affiliated services to you, or who otherwise process personal information for the purposes described in this policy. The protections of this policy apply to the information we disclose in these circumstances.
Third-party service providers who provide hosting, support, payment processing, billing, order fulfillment, communication, analytics, analysis, and other services to us, which may require them to access or use information about you. If a service provider needs to access or use information about you to perform services on our behalf, they do so under appropriate security and confidentiality procedures designed to protect your information.
Third-party business partners when you choose to use their accelerated checkout options for purchases at our Store, including Shopify Shop Pay ("Third-Party Checkout Services". By doing so you consent to Syntax disclosing your account and applicable order information with the business partner. Please note that when you use Third-Party Checkout Services, your use will be governed by their own terms and privacy policies.
Any competent law enforcement body, regulatory, government agency, court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish, or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
An actual or potential buyer (and its agents and advisers) in connection with any actual or** **proposed purchase, merger, or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this policy.
Any other person with your consent to the disclosure.
Cookies may be associated with de-identified data linked to or derived from data you voluntarily have submitted to us (e.g., your email address) that we may share with a service provider in hashed, non-human-readable form.
You may refuse to accept Cookies by activating the setting on your browser that allows you to refuse the setting of Cookies and choosing not to opt into Cookies via the banner displayed upon your first visit to our Store. You can find information on popular browsers and how to adjust your Cookie preferences at the browser provider's websites. You can choose to disable Cookies, but if you do, your ability to use or access certain parts of our Service may be affected.
We do not recognize or respond to browser-initiated Do Not Track signals.
We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. However, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. In particular, email sent to or from Syntax may not be secure, and you should therefore take special care in deciding what information you send to us via email.
In some cases, your personal information is transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).
Specifically, our Service is hosted in the United States, and our affiliate companies and third-party service providers operate around the world, including in the United States, Canada, and the EU. This means that when we collect your personal information, we may process it in any of these countries.
Where we transfer your personal information to countries and territories outside of the EU or UK, which have been formally recognised as providing an adequate level of protection for personal information, we rely on the relevant "adequacy decisions"from the European Commission and "adequacy regulations"from the Secretary of State in the United Kingdom.
Where the transfer is not subject to an adequacy decision or regulations, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this policy. The safeguards we use are the European Commission-approved standard contractual clauses, the UK International Data Transfer Agreement, and other appropriate legal mechanisms. This is how transfers of personal information between our group companies and with our third-party service providers will be safeguarded.
Data Privacy Framework Notice
Functional Software, Inc. (our registered company name) participates in and complies with the EU-U.S. Data Privacy Framework regarding the collection, use, and retention of personal information about you that is transferred from the European Union to the U.S. We have self-certified our commitment to adhere to the Data Privacy Framework Principles for all information about you that is received from the European Union in reliance on the EU-U.S. Data Privacy Framework.
As required under the EU-U.S. Data Privacy Framework, when we receive information under the EU-U.S.Data Privacy Framework and then transfer it to a third party acting as an agent on our behalf, we have certain liability under the EU-U.S. Data Privacy Framework if the agent processes the information in a manner inconsistent with the EU-U.S. Data Privacy Framework and we are responsible for the event giving rise to the damage. We may be required to disclose information about you under the EU-U.S. Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
To learn more about the EU-U.S. Data Privacy Framework program, and to view Sentry’s certification, please see the Data Privacy Framework website.
We encourage you to contact us as provided below should you have an EU-U.S. Data Privacy Framework-related (or general privacy-related) complaint. We have further committed to cooperate and comply with the panel of the European data protection authorities (DPAs) as our independent recourse mechanism in the resolution of your EU-U.S. Data Privacy Framework complaint. For unresolved complaints, you may also contact your local data protection authority. Contact details for data protection authorities in the European Union are available here.
Under certain conditions, more fully described on the Data Privacy Framework website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
We retain the personal information we collect from you where we have an ongoing legitimate business need to do so (e.g., to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). In certain circumstances, we will need to keep your information for legal reasons after our relationship has ended. For example, we may retain your data for longer than the usual retention period when we have a legal obligation to do such, to deal with and resolve requests and complaints, to protect an individual's rights and property, and for litigation and regulatory matters. The specific retention periods depend on the nature of the information and why it is collected and processed and the nature of any legal requirement. The criteria we use to determine the retention period include:
How long is the personal information needed to provide the Service or operate our business? This includes such things as maintaining and improving the performance of the Service, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most data retention periods.
Is the personal information of a sensitive type? If so, a shortened retention time would generally be appropriate.
Has consent been provided for a longer retention period? If so, we will retain the data in accordance with your consent.
Is Syntax subject to a legal, contractual, or similar obligation to retain the data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.
When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymise it or, if this is not possible (e.g., because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Depending on your location, you may have the following data protection rights. To exercise any of them contact us using the contact details provided under the "How to contact us"](#contact-us) heading below. You will be required to verify your identity before we fulfill your request. To do so, you will need to provide information to match with our existing records to verify your identity depending on the nature of the request and the sensitivity of the information sought (e.g., provide your email address).
You may access, correct, update, or request deletion of your personal information.
You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe"or "opt-out" link in the marketing emails we send you or otherwise following the directions in the emails.
If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a supervisory authority about our collection and use of your personal information. For more information, please contact your local supervisory authority. (Contact details for supervisory authorities in Europe are available here.) Certain supervisory authorities may require that you exhaust our own internal complaints process before looking into your complaint.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Syntax's Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information without parental consent, please contact us using the contact details provided under the "How to contact us" heading below. If we become aware that a child under 16 has provided us with personal information without parental consent, we will take steps to remove such information and terminate the child's account.
If you are 16 or older, but have not reached your jurisdiction's age of majority (such that you are able to enter a contract), you should only use the Service with permission from your parent or guardian.
The Service may enable you to post reviews and other user generated content. If you choose to submit user generated content to any public area of the Service, this content will be public and accessible by anyone.
We do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available, or for the accuracy, use or misuse of any information that you disclose or receive from third parties.
The Service may link to third-party websites or platforms from companies other than Syntax, such as to relevant online resources, social media platforms, our partners'websites, payment processors, and other third-party websites. We are not responsible for the privacy practices or content of such other websites. If you have any questions about how these other websites use your information, you should review their policies and contact them directly. We are not responsible for the actions of third parties.
We may update this policy from time to time in response to changing legal, regulatory, technical, or business developments. When we update this policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material changes to this policy if, and where, required by applicable data protection laws.
You can see when this policy was last updated by checking the date displayed at the top of this policy.
If you have any questions or concerns about our use of your personal information, please contact us by sending us an email at firstname.lastname@example.org.
The data controller of your personal information is Functional Software, Inc. Our address is Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105.
2. What is our legal basis of processing. We collect and process information about you only where we have a legal basis for doing so under applicable data protection laws. This means we collect and process your information only where:
We need it to perform our contract with you, including to provide the Service, register you as a new user, and provide support;
It satisfies our legitimate interests, such as to market and promote the Service, to protect the safety and security of the Service, and to protect our legal rights and interests, which are not overridden by your own interests, rights and freedoms;
It is necessary to comply with a legal obligation or in connection with a legal claim, such as to respond to judicial orders or subpoenas; or
You provide consent for a specific purpose, such as for marketing communications (where consent is required under applicable marketing laws).
The legal bases depend on the type of information and the purpose for our processing. In some contexts, more than one legal basis applies.
2. What the CCPA requires us to tell you. If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your "personal information"and "sensitive personal information"(as defined in the California Consumer Privacy Act ("CCPA").
Category of Personal Information
Business or Commercial Purposes
Identifiers (such as name, address, email address, phone number, other account information, and cookies)
Commercial information (such as order information, shopping information and support information)
Financial data (such as credit card information)
Internet or other network or device activity (such as IP address or service usage)
Geolocation information (general location)
Inference data about you
Sensory information (such as audio recordings if you chat with our support team)
Other information that identifies or can be reasonably associated with you
Sensitive personal information (account log-in, financial data, and password or other credentials allowing access to your account)
5. Our sources of personal information. We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Service; (3) affiliates; (4) third parties such as Github (when you log in using one of those accounts); (5) social media and other content platforms; (6) public databases; (7) business partners; and (8) service providers.
6. Aggregation and de-identification. We may combine the information we collect ("aggregate" or remove pieces of information ("de-identify" to limit or prevent identification of any particular user or device.
8. Do not sell. We do not sell or share (as such terms are defined in the CCPA) your personal information to third parties.
9. Your rights under California law. If you are a California resident, you may have certain rights. California law may permit you to request that we:
Provide you the categories of personal information we have collected or disclosed about you; the categories of sources of such information; the business or commercial purpose for collecting, "selling,"or "sharing"your personal information; the categories of third parties to whom we disclose or "sell,"or with whom we "share,"personal information; and the categories of personal information we "sell."
Provide access to and/or a copy of certain information we hold about you.
Delete certain information we have about you.
Correct inaccurate personal information that we maintain about you.
You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Service to you. If you ask us to delete it, you may no longer be able to access or use the Service.
10. How to exercise your rights. If you would like to exercise any of these rights, you can submit a request at email@example.com. You will be required to verify your identity before we fulfill your request. To do so, you will need to provide information to match with our existing records to verify your identity depending on the nature of the request and the sensitivity of the information sought (e.g., provide your email address). You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.
11. Sensitive personal information. The CCPA also allows you to limit the use or disclosure of your "sensitive personal information"(as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for purposes for which you cannot opt out under the CCPA.
12. Financial Incentive. We occasionally run giveaways, sweepstakes, and contests where participants may provide personal information in return for a chance to win certain prizes. You can opt into the giveaway, sweepstakes, or contest by taking the requested action. Your participation is completely voluntary, and you have a right to withdraw from these incentives at any time. If you decide you don't want to participate in these financial incentives, you can refrain from taking the requested actions.
The specific reward or incentive offered, if any, is made available to you when you take the action specified in the particular giveaway, sweepstakes, or contest. The monetary value of the reward or incentive is a reasonable approximation of the monetary value of the information you provide us. We have arrived at this estimate based on consideration of multiple factors, including the following: (1) revenue we generate in developing insights on our users; (2) expenses we incur in operating the giveaway, sweepstakes, or contest; and (3) our reasonable assessment of revenue we may generate as a result of the referrals provided to us by our users.
1. CPA Categories. For disclosures required by the Colorado Privacy Act (CPA) regarding the categories of personal information, processing purposes, and disclosures to third parties, please see the "Categories of personal information we collect"and "Our information disclosure practices" sections in the Supplemental notice for California Residents, which can be found here
2. Do not sell. We do not sell your personal information or use your personal information for targeted advertising or for profiling ** **in furtherance of decisions that produce legal effects or effects of similar significance, as those terms are defined in the CPA and other applicable privacy laws.
3. Your rights. Applicable state law (such as the CPA, Virginia Consumer Data Protection Act, and the Connecticut Data Privacy Act) may give you certain rights. The law of your jurisdiction may permit you to request that we:
Confirm whether or not we are processing your personal information and provide you with access such personal information;
Correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information;
Delete your personal information;
Provide you a copy of personal information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business, where our processing is carried out by automated means; and
Opt you out of the processing of personal information for purposes of targeted advertising, the sale of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide our Service. If you ask us to delete it, you may no longer be able to access or use the Service.
4. How to exercise your rights. If you would like to exercise any of these rights, you can submit a request at firstname.lastname@example.org. You will be required to verify your identity before we fulfil your request. To do so, you will need to provide information to match with our existing records to verify your identity depending on the nature of the request and the sensitivity of the information sought.
5. Right to appeal. If we deny your request to exercise any of the rights above, you may appeal that denial by contacting us in the manner described above and describing in detail why you believe the denial was in error. Your description must include your full name and email address, along with a copy of the denial notice you received from us.