Privacy policy

1. Introduction

Welcome to Zynito ("we," "our," "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform — including our web application, mobile app (Flutter), and related services.

2. Data controller

Zynito is the data controller responsible for your personal data. If you have any questions or concerns, you can contact us at:

Email: support@zynito.com

We do not currently have a Data Protection Officer (DPO) appointed. If our data processing activities expand to a scale that requires one under Article 37 GDPR, we will appoint and publish their contact details accordingly.

3. Information we collect

3.1 Personal data

We may collect the following personal data:

• Name
• Email address
• Phone number
• Company name
• Billing information

3.2 Usage data

We may automatically collect:

• IP address
• Browser type and version
• Pages visited and time spent
• Time and date of visits
• Device information (including mobile device identifiers for our Flutter app)
• Push notification tokens (if you opt into notifications via our mobile app)

3.3 Cookies & tracking technologies

We use cookies and similar tracking technologies. Our cookies fall into the following categories:

• Essential cookies — Required for the platform to function (e.g., session management). These cannot be disabled.
• Analytics cookies — Help us understand how users interact with Zynito (e.g., pages visited, feature usage). These are only set with your consent.
• Preference cookies — Remember your settings and preferences for a better experience.

You can manage or withdraw your consent for non-essential cookies at any time through your account settings or browser settings. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

4. Legal basis for processing (GDPR)

We process your personal data under the following lawful bases as defined in Article 6 of the GDPR:

• Consent (Art. 6(1)(a)) — When you explicitly agree, such as for analytics cookies or marketing communications.
• Contract (Art. 6(1)(b)) — To provide, manage, and maintain our services under your subscription agreement.
• Legal Obligation (Art. 6(1)(c)) — To comply with applicable laws such as tax, financial, and regulatory requirements.
• Legitimate Interests (Art. 6(1)(f)) — For purposes including fraud prevention, network and platform security, abuse detection, and internal analytics to improve our product. We have assessed that these interests are not overridden by your rights and freedoms.

5. How we use your data

We use your information to:

• Provide and maintain our platform and services
• Create and manage your user account
• Process payments and manage billing
• Improve and develop product features
• Send transactional emails, product updates, and support communications
• Ensure platform security, detect fraud, and prevent abuse
• Comply with legal and regulatory obligations

6. Data sharing & disclosure

We do not sell your personal data.

We may share your data with the following categories of recipients:

• Service providers — Including cloud hosting providers, payment processors, and analytics platforms. All are bound by data processing agreements and required to comply with GDPR.
• Legal authorities — When required by law, court order, or governmental authority.
• Business partners — Only where strictly necessary and in compliance with GDPR obligations.

All third-party processors are required to implement appropriate technical and organisational measures to protect your data.

7. International data transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Transfers to countries covered by an EU adequacy decision

You may request details of such safeguards by contacting us at support@zynito.com.

8. Data retention

We retain your personal data only for as long as necessary for the purposes set out in this policy:

• For the duration of your active account
• As required to comply with legal, tax, or regulatory obligations
• To resolve disputes or enforce our agreements

When your data is no longer required, we will securely delete or anonymise it.

9. Your rights under GDPR

As a data subject under the GDPR, you have the following rights:

• Right of Access (Art. 15) — Request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16) — Correct any inaccurate or incomplete data.
• Right to Erasure (Art. 17) — Request deletion of your data ("Right to be Forgotten"), subject to legal retention requirements.
• Right to Restriction of Processing (Art. 18) — Request that we limit how we use your data.
• Right to Data Portability (Art. 20) — Receive your data in a structured, commonly used, machine-readable format.
• Right to Object (Art. 21) — Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent (Art. 7(3)) — Withdraw your consent at any time where processing is based on consent.
• Right to Lodge a Complaint (Art. 77) — You have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU DPAs is available at: https://edpb.europa.eu/about-edpb/board/members_en

To exercise any of these rights, please contact us at support@zynito.com. We will respond within 30 days as required by GDPR.

10. Data breach notification

In the event of a personal data breach, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible, in accordance with Article 33 GDPR.
• Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 34 GDPR.

We maintain an internal breach register and incident response procedures to manage and mitigate any such events.

11. Data security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Secure, access-controlled servers
• Role-based access controls for internal staff
• Regular security assessments and monitoring

12. Automated decision-making & profiling

We do not engage in automated decision-making or profiling as defined under Article 22 of the GDPR that produces legal or similarly significant effects on you. If we introduce such features in the future, we will update this policy and provide the required disclosures.

13. Third-party services & links

Our platform may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those services. We encourage you to review their privacy policies before sharing any personal data.

14. Children's privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect or process personal data from children. If you believe we have inadvertently collected such data, please contact us at support@zynito.com and we will promptly delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you via email or a prominent notice on our platform prior to the changes taking effect. The revised "Last Updated" date at the top of this page will always reflect the most recent version.

16. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Email: support@zynito.com
Product: Zynito – Project Management for Agencies

We are committed to resolving any concerns you may have about our use of your personal data.

Last updated: April 14, 2026