Legal

Privacy Policy

Last updated 11 June 2026.

This Privacy Policy explains how Sindra ("Sindra", "we", "us" or "our") collects, uses, discloses and safeguards information when you visit sindra.ai (the "Site"), contact us, or engage us for design, development or advisory services (the "Services"). We act as the data controller for personal data processed through the Site and as a data processor when handling personal data on behalf of our clients under a Statement of Work or Data Processing Agreement.

We are committed to processing personal data in accordance with the UK GDPR, the Data Protection Act 2018, the EU GDPR (where applicable), and the ePrivacy Regulations (PECR).

1. Who we are

Sindra is an AI design and development studio. For privacy enquiries, data subject requests, or to exercise any of the rights described below, contact us at info@sindra.ai.

2. Information we collect

2.1 Information you provide

  • Contact details – name, email, company, role and phone number submitted via our contact or enquiry forms.
  • Project information – the content of your message, brief, files or any materials you share with us.
  • Correspondence – emails, calls and meeting notes exchanged with us.
  • Commercial information – billing details, invoices and payment references for clients.

2.2 Information collected automatically

  • Usage data – pages viewed, referring URL, approximate location (from IP), device and browser type, and interaction events.
  • Cookies and similar technologies – strictly necessary cookies to operate the Site and, with your consent, analytics cookies to understand traffic patterns.

2.3 Information from third parties

We may receive information from publicly available sources, our infrastructure providers, and analytics or marketing platforms we use to operate the Site.

3. How we use information

  • To respond to your enquiries and provide information you request.
  • To negotiate, enter into and perform our contracts with clients and suppliers.
  • To deliver, manage and improve our Services and deliverables.
  • To operate, secure and improve the Site.
  • To send service updates and, where permitted, occasional marketing about our work (you can opt out at any time).
  • To comply with legal, regulatory and accounting obligations.
  • To establish, exercise or defend legal claims.

4. Legal bases for processing

We rely on the following lawful bases under UK and EU GDPR:

  • Contract – to take steps at your request before entering into a contract and to perform our contract with you.
  • Legitimate interests – to run, promote and protect our business, develop our Services, and communicate with prospective clients, balanced against your rights.
  • Consent – for non-essential cookies and direct marketing where required by law. You may withdraw consent at any time.
  • Legal obligation – to comply with tax, accounting and other regulatory requirements.

5. Sharing your information

We do not sell personal data. We share personal data only with:

  • Service providers who process data on our behalf, including hosting, email, analytics, productivity, payment and CRM providers, under written contracts that require appropriate safeguards.
  • Professional advisers such as accountants, auditors and lawyers.
  • Authorities and regulators where required by law or to protect our rights.
  • Successors in connection with a merger, acquisition or sale of assets, subject to standard confidentiality protections.

6. International transfers

Some of our providers are located outside the UK or EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or adequacy decisions issued by the UK or European Commission.

7. Data retention

We retain personal data only for as long as necessary for the purposes set out in this Policy, including to satisfy legal, accounting or reporting requirements. As a guide: enquiry data is kept for up to 24 months; client project and billing records are kept for up to 7 years after the end of the engagement; marketing contacts are kept until you unsubscribe.

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data ("right to be forgotten").
  • Restrict or object to certain processing, including direct marketing.
  • Request portability of data you provided to us.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with a supervisory authority, including the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email info@sindra.ai. We will respond within one month.

9. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, least-privilege permissions and vetted sub-processors. No system is completely secure, and we cannot guarantee absolute security.

10. Cookies

Our Site uses strictly necessary cookies to function. With your consent we may also use analytics cookies to understand how the Site is used. You can control cookies through your browser settings; disabling cookies may affect Site functionality.

11. Children

The Site and Services are not directed to children under 16, and we do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be notified via the Site or by email where appropriate.

13. Contact us

Questions, requests or complaints about this Policy or our processing of your personal data can be sent to info@sindra.ai.

Let's make itextraordinary.

Reply within 24hFixed-scope sprintsOr see packages →