Compliance Statement

Syntr Technologies Pvt. Ltd. is committed to maintaining compliance with applicable data protection and email marketing regulations. This statement outlines our compliance framework and the standards we follow.

1. GDPR Compliance

Syntr is designed to support compliance with the General Data Protection Regulation (GDPR) for EU users:

• Data Processing Agreement (DPA): Available for enterprise customers
• Data subject rights: Tools to assist with access, correction, deletion requests
• Data breach notification: 72-hour notification procedures in place
• International transfers: Standard contractual clauses (SCCs) for data transfers
• Privacy by design: Data protection built into platform architecture

See our Data Processing Agreement and Privacy Policy for details.

2. India DPDP Act Compliance

Syntr complies with India's Digital Personal Data Protection Act (DPDP Act):

• Consent management: Tools to manage and track consent
• Data principal rights: Access, correction, deletion, and grievance redressal mechanisms
• Data breach notification: Procedures for notifying data principals and authorities
• Data localization: Options for data storage in India when required
• Grievance officer: Designated officer for handling data protection complaints

3. CAN-SPAM Act Compliance

Syntr provides features to help users comply with the CAN-SPAM Act (US):

• Unsubscribe links: Automatic unsubscribe link insertion in marketing emails
• Physical address: Support for including physical mailing address in emails
• Accurate sender information: Tools to ensure accurate "from" names and addresses
• Unsubscribe processing: Automatic processing of unsubscribe requests within 10 business days

See our Anti-Spam Policy for enforcement details.

4. ISO 27001 (Aspirational)

Syntr is working towards ISO 27001 certification:

• •Information Security Management System (ISMS): Framework in development
• •Security controls: Implementing ISO 27001-aligned security controls
• •Regular audits: Security assessments and risk management processes
• •Target certification: 2026-2027

5. Other Compliance Standards

• SOC 2: Working towards SOC 2 Type II certification
• Industry best practices: Following email marketing industry standards and best practices
• Regular security assessments: Third-party security audits and penetration testing

6. User Responsibility

You must ensure:

• •Lawful basis for processing: You have a valid legal basis for processing personal data
• •Consent management: Proper consent is obtained where required
• •Email compliance: Compliance with CAN-SPAM, GDPR, and other email marketing laws
• •Data subject rights: Responding to data subject requests in a timely manner
• •Data breach notification: Notifying authorities and data subjects when required

7. Compliance Resources

Syntr provides the following resources to support compliance:

• Terms of Use - Legal framework and obligations
• Privacy Policy - Data handling and user rights
• Data Processing Agreement - GDPR/DPDP compliance
• Security Policy - Security measures and controls
• Anti-Spam Policy - Email compliance requirements
• Documentation and guides on compliance best practices

8. Updates to Compliance

We regularly review and update our compliance framework:

• •Monitoring changes in applicable laws and regulations
• •Updating policies and procedures as needed
• •Notifying users of material changes to compliance framework
• •Continuous improvement of security and compliance measures

9. Contact

For compliance-related questions, contact us at:

Compliance Team: compliance@syntr.com
Data Protection Officer: dpo@syntr.com
Legal Team: legal@syntr.com
Support: support@syntr.com