Legal

Privacy Policy

Last updated: 5 July 2026

This Privacy Policy explains how Sysos, Lda. (“Sysos”, “we”, “us”) collects, uses, shares and protects personal data when you visit our website or use the Sysos platform. We are committed to processing personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable local law.

1. Who we are

Sysos, Lda., with registered office at [registered address], is the controller responsible for personal data processed about visitors to our website and about the administrators and users who create Sysos accounts.

For personal data that our customers upload into the platform about their own employees, customers and suppliers, Sysos acts as a processor on the customer’s behalf, and the customer is the controller. That processing is governed by our Data Processing Agreement (DPA).

You can contact us about privacy at privacy@sysos.app.

2. Personal data we collect

Account data: name, work email, password (stored hashed), company, role and preferences.

Billing data: plan, billing contact and transaction records. Card details are collected and stored by our payment processor (Stripe); we do not store full card numbers.

Usage and device data: log data, IP address, browser and device information, pages viewed and actions taken, used to operate, secure and improve the service.

Content data: information you or your organisation enter into modules (HR, accounting, sales, supply chain, helpdesk, mailboxes, etc.). Where this contains personal data of third parties, we process it as a processor under the DPA.

Communications and support: messages you send us, support tickets and related metadata.

Cookies and similar technologies: see our Cookies Policy.

3. How we use personal data

To provide, maintain and secure the platform and your account.

To process subscriptions, payments, invoices and renewals.

To power features such as the Sysos AI agent, search, notifications and reporting.

To communicate with you about service updates, security notices and support.

To detect, prevent and respond to fraud, abuse and security incidents.

To comply with legal obligations and enforce our Terms of Service.

5. Artificial intelligence features

The Sysos AI agent generates answers and drafts by reasoning over your organisation’s own data. To do this we send the relevant context to our AI sub-processor (Anthropic) via API.

AI inputs and outputs are processed to deliver the requested result and are not used by us or our AI sub-processor to train foundation models.

AI outputs may be inaccurate or incomplete and should be reviewed by a human before being relied upon, particularly for financial, tax, legal or employment decisions.

6. Sub-processors

We use a limited set of vetted sub-processors to run the service, including: Cloudflare (hosting, storage, network and AI inference), Anthropic (AI agent), Stripe (payments), and an email delivery provider for transactional email. Each is bound by data-protection terms. A current list is available on request at privacy@sysos.app.

7. Sharing and disclosure

We do not sell personal data. We disclose personal data only to our sub-processors as described above, to professional advisers under confidentiality, in connection with a merger or acquisition (with notice), or where required by law or to protect rights, safety and the integrity of the service.

8. International transfers

Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures, to ensure an adequate level of protection.

9. Data retention

We retain account and billing data for the life of your account and for as long as needed afterwards to meet legal, tax and accounting obligations. Content data is retained under your control and deleted or returned on termination in accordance with the DPA. Logs are kept for a limited period for security and troubleshooting.

10. Security

We protect personal data using encryption in transit, tenant isolation, access controls, least-privilege administration and continuous monitoring on Cloudflare’s infrastructure. No method of transmission or storage is completely secure; we work to protect your data but cannot guarantee absolute security.

11. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict and object to processing, to data portability, and to withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@sysos.app. If your data is held within a customer’s Sysos workspace, we may direct your request to that customer as the controller.

You also have the right to lodge a complaint with your local data protection supervisory authority.

12. Children

Sysos is a business tool and is not directed to children. We do not knowingly collect personal data from children under 16.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified through the service or by email. The date below indicates when it was last updated.

14. Contact

For any privacy question or to exercise your rights, contact Sysos, Lda. at privacy@sysos.app or by post at [registered address].

© 5 July 2026 Sysos, Lda. · This document is provided for general information and does not constitute legal advice.

One operating system for HR, Accounting, Fleet, Sales, and Supply Chain, powered by AI.

Stay updated with our newsletter

Your email address

© Sysos Inc. 2026 all rights reserved

One operating system for HR, Accounting, Fleet, Sales, and Supply Chain, powered by AI.

Stay updated with our newsletter

Your email address

© Sysos Inc. 2026 all rights reserved