Privacy Policy
This Privacy Policy explains how Sysos, Lda. (“Sysos”, “we”, “us”) collects, uses, shares and protects personal data when you visit our website or use the Sysos platform. We are committed to processing personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable local law.
1. Who we are
Sysos, Lda., with registered office at [registered address], is the controller responsible for personal data processed about visitors to our website and about the administrators and users who create Sysos accounts.
For personal data that our customers upload into the platform about their own employees, customers and suppliers, Sysos acts as a processor on the customer’s behalf, and the customer is the controller. That processing is governed by our Data Processing Agreement (DPA).
You can contact us about privacy at privacy@sysos.app.
2. Personal data we collect
Account data: name, work email, password (stored hashed), company, role and preferences.
Billing data: plan, billing contact and transaction records. Card details are collected and stored by our payment processor (Stripe); we do not store full card numbers.
Usage and device data: log data, IP address, browser and device information, pages viewed and actions taken, used to operate, secure and improve the service.
Content data: information you or your organisation enter into modules (HR, accounting, sales, supply chain, helpdesk, mailboxes, etc.). Where this contains personal data of third parties, we process it as a processor under the DPA.
Communications and support: messages you send us, support tickets and related metadata.
Cookies and similar technologies: see our Cookies Policy.
3. How we use personal data
To provide, maintain and secure the platform and your account.
To process subscriptions, payments, invoices and renewals.
To power features such as the Sysos AI agent, search, notifications and reporting.
To communicate with you about service updates, security notices and support.
To detect, prevent and respond to fraud, abuse and security incidents.
To comply with legal obligations and enforce our Terms of Service.
4. Legal bases for processing
We rely on the following GDPR legal bases: performance of a contract (to provide the service you request); our legitimate interests (to secure, operate and improve the platform, and for limited direct communications), balanced against your rights; your consent (for non-essential cookies and optional communications, which you may withdraw at any time); and compliance with a legal obligation (for example, tax and accounting record-keeping).
5. Artificial intelligence features
The Sysos AI agent generates answers and drafts by reasoning over your organisation’s own data. To do this we send the relevant context to our AI sub-processor (Anthropic) via API.
AI inputs and outputs are processed to deliver the requested result and are not used by us or our AI sub-processor to train foundation models.
AI outputs may be inaccurate or incomplete and should be reviewed by a human before being relied upon, particularly for financial, tax, legal or employment decisions.
6. Sub-processors
We use a limited set of vetted sub-processors to run the service, including: Cloudflare (hosting, storage, network and AI inference), Anthropic (AI agent), Stripe (payments), and an email delivery provider for transactional email. Each is bound by data-protection terms. A current list is available on request at privacy@sysos.app.
7. Sharing and disclosure
We do not sell personal data. We disclose personal data only to our sub-processors as described above, to professional advisers under confidentiality, in connection with a merger or acquisition (with notice), or where required by law or to protect rights, safety and the integrity of the service.
8. International transfers
Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures, to ensure an adequate level of protection.
9. Data retention
We retain account and billing data for the life of your account and for as long as needed afterwards to meet legal, tax and accounting obligations. Content data is retained under your control and deleted or returned on termination in accordance with the DPA. Logs are kept for a limited period for security and troubleshooting.
10. Security
We protect personal data using encryption in transit, tenant isolation, access controls, least-privilege administration and continuous monitoring on Cloudflare’s infrastructure. No method of transmission or storage is completely secure; we work to protect your data but cannot guarantee absolute security.
11. Your rights
Subject to applicable law, you have the right to access, rectify, erase, restrict and object to processing, to data portability, and to withdraw consent where processing is based on consent.
To exercise these rights, contact us at privacy@sysos.app. If your data is held within a customer’s Sysos workspace, we may direct your request to that customer as the controller.
You also have the right to lodge a complaint with your local data protection supervisory authority.
12. Children
Sysos is a business tool and is not directed to children. We do not knowingly collect personal data from children under 16.
13. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified through the service or by email. The date below indicates when it was last updated.
14. Contact
For any privacy question or to exercise your rights, contact Sysos, Lda. at privacy@sysos.app or by post at [registered address].