Initial Effective Date: Nov 19, 2020 (GMT)
Latest Revised Date: Nov 19, 2020 (GMT)
Version: 1.0.0
This policy describes our policies and procedures for collection, transmission, storage, processing, disclosure and protection of any data, including, but not limited to, personal data provided by you as a user while using the service. user shall mean any person/ persons, who visits, uses, deals with and/ or transacts through Syndi App (“privacy policy”). The privacy policy and any other terms and conditions as may be applicable shall hereinafter collectively be referred to as “agreement” or “contract”.
1. If You are having suicidal thoughts or planning to act on suicidal thoughts, or if You feel that You may be a danger to Yourself or to others, or if You otherwise have any medical or mental health emergency or severe mental health condition, or if You are in a crisis or trauma or abuse, please discontinue use of the Service immediately and call the relevant emergency number in Your country and notify the police or emergency medical Services. For example, You can find Your country-specific suicide emergency number at: Suicide.org - Suicide Prevention, Awareness, and Support
2. If You are less than 18 years of age, please read through the Syndi Privacy Policy and the Syndi Terms of Service with Your parent or legal guardian or check with Your Institution to understand eligibility before use. Syndi is not to be used by children under 13 years.
3. We do not require any personal identifiers or sensitive data hence we do not ask for it. You have the option to limit sharing of Your Personal data (such as full name, date of birth, contact numbers, address, financial identifiers, government-provided identifiers) or Your medical-related data or any other sensitive data (such as religious or political opinions, financial data) when You use the Syndi Bot and Services.
4. Your interaction with the Syndi Bot is with an AI chatbot and not a human. The Bot is restricted in the means of response, and the intended use is for providing evidence-based tools and techniques to manage emotions and encourage mental well-being in a self-help context. It is not intended for providing diagnosis, treatment or cure of a condition or disease. The Bot cannot and will not offer advice on issues it does not recognize.
5. The Syndi Bot will use text-based messaging to supply patient health questionnaires for you to monitor your personal well-being. The underlying principle of the Service is that You have the knowledge and capacity to make desired changes in Your life.
6. The Syndi Bot is not intended to be a replacement for face-to-face psychotherapy or to provide a diagnosis, prognosis, treatment or cure for a disease/condition/disorder or disability or provide any type of state-regulated mental health services in Your country of residence. It is an enabling and empowering mode of support, rather than treatment of illness or a health condition.
7. The Syndi Bot cannot and will not offer medical or clinical advice. In case You mention the need for such advice, they will suggest that You seek advanced (medical) help.
8. We take great pains to keep Your conversations private and secure. You can also keep Your conversations private and device secure by following the best practices outlined in this Privacy Policy.
9. For safety and security reasons, We strongly recommend that You keep Your conversations with Syndi Bot private.
Welcome to Syndi App, the mobile and online service of Syndi Ltd (hereinafter “Syndi”, “We”, “Us”, or “Our”). When you as a Data Subject (“User”, or “You/r”) use Syndi’s Services, You trust us with Your Data. This Privacy Policy governs Your use of the mobile or web browser based software application on the Syndi website (hereinafter the “Syndi App”) created by Syndi and also covers Your use of Our Website, other websites maintained by Us. This Privacy Policy along with Syndi’s Terms of Service constitutes a legal agreement between You and Syndi.
This Privacy Policy (“Policy” or “Privacy Policy”) has been drafted in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable security practices and procedures and sensitive personal data or data) Rules, 2011, including (but not limited to) requirements within General Data Protection Regulation (GDPR) (EU) 2016/679 regulation and where applicable the Health Insurance Portability and Accountability Act (collectively referred to as “Data Protection Laws”).
The Data Controller for Syndi App is Syndi Ltd, a company registered in the United Kingdom and having its registered office address at 31 Willoughby Road, Kingston Upon Thames, England, KT2 6LN.
If You have any concerns or grievances about this Privacy Policy You will need to send an email request to hello@Syndi.health with Attn. to our Data Protection Officer Mr. Jorge Alexander. We will respond to You within 48 hours and help resolve Your concerns or complaints.
If You are not satisfied with Our resolution, You have the right to complain to a Data Protection supervisory authority in Your country or state of residence. We will fully cooperate with the supervisory authority. Contact details for Data Protection Authorities in the EU are available here.
This Privacy Policy applies to the data You provide Us when You Use the Syndi App and Service. The mobile-based and/or web browser based AI chatbot service provided via Syndi App are collectively referred to as the "Service(s)".
This Privacy Policy is meant to help You understand what data We collect, why We collect it, what We do with it, how You can manage and control the Use of Your data and the rights You have to access and control Your Personal data. Please read the definitions in the next section to understand the terminologies used in this Privacy Policy.
We will always respect and protect Your privacy, and this forms a part of Our guiding principles. We have policies and procedures in place to protect the privacy and security of Your Personal data. Your trust means a lot to Us. Syndi does not request Your Personal Data. If You inadvertently submit any Personal data then We will process it with Your data basis this Agreement and will irreversibly redact any Personal Identifiable Information within 24 hours in Our system. Please do not share any Personal data at any time during Your Use of Our Services. Your data is secured with strong encryption during transmission and storage.
Your use of the Syndi App will be governed by this Privacy Policy as applicable to the Syndi App together with all policies, notices, guidelines, disclaimers that are published and shared with You from time to time including but not limited to Syndi’s Terms of Service.
Users may request additional Services from Syndi or Syndi affiliates. Because the needs and choices of each User may vary, We may provide separate privacy policies or addendums to this Privacy Policy for certain additional Services. Any applicable separate privacy policies and addendums will explain the types of data We collect, their purposes of Use and other policies that may apply to that Service. When You choose to Use an additional Service, You may be informed of the applicable privacy policy or addendum which applies in addition to, and may modify this Privacy Policy, before You can access the additional Service.
Syndi reserves the right to make changes to this Privacy Policy and to make such changes effective for all data We may already have collected from You. We will notify You via in-app notifications when We make any changes to the Privacy Policy.
Please note that by using Syndi App and Services, You acknowledge and agree that You have read and understood this Privacy Policy.
The Syndi App is a virtual AI chatbot (“Bot” or “Syndi Bot”) that You can chat with, The Syndi App is primarily available as an SMS based text message service. Your Interaction with the Bot is with an artificial intelligence chatbot and not a human. The Bot is restricted in the means of response, and the intended usage of Syndi App is for providing evidence-based tools and techniques to manage emotions and encourage mental well-being as an early intervention tool in a self-help context. You make the choice of using the Bot, based on Your own estimate of need, and agree that this is only suitable for basic self-help. This is not intended to be a replacement for face-to-face psychotherapy or to provide a diagnosis, prognosis, treatment or cure for a disease/condition/disorder or disability. The Bot cannot and will not offer advice on issues it does not recognize. Using the Syndi App, You can track and manage Your mood, and learn context-sensitive evidence-based techniques that can help You feel better. Syndi App and Service is not intended for use in crisis such as abuse or complex or severe mental health conditions that causes for example; ideation of suicide, harm to self and others, or for any medical emergencies. Syndi App and Service cannot and will not offer medical or clinical advice. It can only suggest that the user seeks advanced (medical) help.
You may Use the Service only if You are a natural/legal person, agree to this Agreement and form a binding contract with Syndi, and only in compliance with all applicable local, state, national, and international laws, rules and regulations. If You are between 13 and 18 years of age, please read through this Syndi Privacy Policy and the Syndi Terms of Service with Your parent or legal guardian, and in such a case the Agreement shall be deemed to be a contract between Syndi and Your legal guardian or parent and to the extent permissible under applicable laws, enforceable against You. Anyone under 13 is strictly prohibited from creating an account and/or Using the Service.
When you use the Services, we may collect and process different personal data about you. The personal data we process, the basis of processing and the purposes of processing are detailed below.
We encourage you to supply only the information you are comfortable with.
1. Phone Number When You use the Syndi App, you provide Your messages by text. To do this We receive, transmit and securely store your phone number on Our servers. Your phone number is the only association of personal information that We request within the SMS Bot. By texting “delete data” we remove your phone number from our systems. IF YOU DELETE YOUR DATA IT WILL BE IMPOSSIBLE TO RESTORE ANY PREVIOUSLY SENT MESSAGES.
2. Conversation Data When You Use the Syndi Bot Service, You provide Your messages by text. We collect, transmit and securely store Your messages on Our servers. We process Your messages in real-time using Google Dialogflow that detects the context and directs You appropriately to subsequent conversation. At no point during Your conversation does Google Dialogflow store your conversational data, Google’s GDPR policy can be read here. Your data, messages or usage is not used for direct marketing nor is it sold to advertisers. We do not use the messages or the data You submit to Us as a way to generate revenue for Syndi. We do use anonymised and only the minimal data that is required to answer the research question for research and statistical purposes based on Our Legitimate Interest to improve Our Product and Services and contribute to the development of user-centered mental wellbeing best practices globally. The messages You send are strongly encrypted during transmission and storage. You have the Right to be Forgotten. You can also, at any point of time, clear all Your personal data by texting “delete data” to the Syndi SMS Bot. All the conversations You have with the Syndi App are private. No one within or outside of Syndi has access to Your Data except to process based on Our Legitimate Interest and based on principles of privacy by design. We will do our best to irreversibly redact any Personally Identifiable data inadvertently submitted by You as per Our Legitimate Interest. AS A BEST PRACTICE, IT IS ADVISED THAT YOU TAKE ADEQUATE PRECAUTIONS TO NOT SHARE YOUR SENSITIVE HEALTH OR PERSONAL DATA WHILE TEXTING THE SYNDI SMS BOT.
3. Mental Well-Being Screening Assessment Responses When You Use the Service, You will be asked to respond to validated assessments. Response is voluntary and You can opt to not report any of the assessments. Syndi App currently Uses one validated assessment scale for understanding Your emotional Well-being namely Patient Health Questionnaire (PHQ9)- to self-report any symptoms of depression. Assessments are a proven way to baseline and track the progress of Your self-reported symptoms. Processing of Your assessment response is based on Our Agreement and used for the purpose of determining if escalation is required and to provide You access to scientific-evidence based tools and techniques to manage emotions and encourage mental well-being in a self-help context. YOUR RESPONSES TO THESE ASSESSMENT QUESTIONS ARE NOT PROCESSED TO FORM A DIAGNOSTIC OPINION NOR PROCESSED FOR ANY MEDICAL PURPOSES OR FOR GIVING CLINICAL ADVICE. We DO NOT collect or process Your sensitive medical data or Protected Health data (PHI), as defined under the US law, that can directly or indirectly Identify You. We use Your anonymized assessment scores for population-level research and statistical purposes as per Our Legitimate Interest.We apply organizational and technical measures to endeavour to irreversibly redact any Personally Identifiable data inadvertently submitted by You as per Our Legitimate Interest. Your response is encrypted during transmission and is securely stored. YOUR PERSONAL DATA IS NEVER SHARED WITH A THIRD PARTY WITHOUT YOUR EXPLICIT CONSENT.
4. Email When You Use the Service, You have an option to contact us through Our Website. You can Use this feature to email Us Your feedback. Personal data, if any provided in Your feedback, will be manually redacted before any processing of Your feedback. Your email ID resides in our GSuite Gmail servers and cannot be mapped to Your Syndi App data that reside in our AWS DynamoDB cloud servers hosted in the UK.
5. Third party website analytics data We collect information about how you use our Service, such as the types of responses you provide with; questionnaire responses, name, age and gender are stored private on our secured servers. Your interaction information of; your location, mouse events and duration of your activities are logged through Mouseflow - for more information visit https://mouseflow.com/privacy/
In order to deliver a conversational experience conversational data is sent to Google Dialogflow. We encourage you to not enter any personal information in the text messages you exchange with Syndi App, such as to not forward any personal information to Google Dialogflow. However, should you send Syndi App personal information in an unsolicited manner, We have configured Google Dialogflow to not store any of the conversational data that We send. Google’s GDPR adherence guidance can be found here.
We may also use SquareSpace to collect information regarding visitor behavior and visitor demographics on our Services. For more information about Squarespace analytics, please visit Squarespace Privacy.
We do use anonymised and only the minimal data that is required to answer the research question for research and statistical purposes based on Our Legitimate Interest to improve Our Product and Services and contribute to the development of user-centered mental wellbeing best practices globally. The messages You send are strongly encrypted during transmission and storage.
Your personal data may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”) or the UK, for example, when one of our service providers use employees or equipment based outside the EEA or UK. For transfers of your personal data to third parties outside of the EEA or UK, we take additional steps in line with applicable law. We will put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we will establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU Commission’s model clauses.
Syndi operates and uses appropriate technical and physical security measures to protect your personal data. We have, in particular, taken appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. You are also responsible for helping to protect the security of your personal data. For instance, you should not disclose any personal information via text to the Syndi app. You are responsible for maintaining the security of any device on which you utilize the Services. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any personal data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.
We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations.
If you would like further information about our data retention practices you can ask for this at any time (see “Contact Us” section below).
You may have various rights under data protection legislation in your country (where applicable).
These may include (as relevant):
1. The right of access enables you to check what type of personal data we hold about you and what we do with that personal data and to receive a copy of this personal data;
2. The right to rectification enables you to correct any inaccurate or incomplete personal data that we hold about you;
3. The right to erasure enables you to request that we erase personal data held about you in certain circumstances;
4. The right to restrict processing of your personal data by us in certain cases, including if you believe that the personal data held about you is inaccurate or our use of the personal data is unlawful; and
5. The right to data portability enables you to receive your personal data in a structured, commonly used and machine readable format and to have that personal data transmitted to another data controller.
Note that we will require you to take steps to verify your identity in accordance with applicable law.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below. You also have a right to complain to your local Data Protection Authority if you prefer. Contact details for Data Protection Authorities in the EU are available at Data Protection.
Personal data or Personal Information means data relating to an identified or identifiable natural person who can be directly or indirectly identified by reference to an identifier such as full name, identification numbers, location address, online identifier and other identifiers within the definitions of The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or data) Rules 2011 and General Data Protection Regulation (GDPR) (EU) 2016/679 regulation. Personally identifiable information (PII) and Special Category of Personal data is covered within the definition of Personal Data.
Non-Personal data or Non-Personal Information means any data that does not reveal Your specific identity either directly or indirectly.
Data or Information under this Privacy Policy means Both Personal and Non-Personal data or information.
Pseudonymisation means the processing of Personal data in such a manner that the Personal data can no longer be attributed to a specific User without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal data are not attributed to an identified or identifiable natural person
A Cookie is a small amount of data generated by a Website and saved by Your Web browser. Cookies are used to store User preferences for a specific site. Use of cookies makes Web-surfing easier. You may refuse to accept Cookies by activating the setting on Your browser which allows You to refuse the setting of Cookies.
Encryption is the process of transforming data into unreadable text so that it is only legible to those possessing an encryption key. The process of making encrypted data readable again is referred to as decryption.
Web browser is a software program that allows User to access, retrieve and view data on the World Wide Web. Examples of browsers include Internet Explorer, Firefox, Google Chrome and Safari.
We may need to make changes to this Privacy Policy at any time. If we make any material changes to how we collect your personal data, or how we use or share it, we will post or provide appropriate notice in accordance with applicable law.
In order to ensure fairness of the processing, we encourage you to review the content of this Privacy Policy regularly.
For further information, to exercise your rights, or if you have any questions or queries about this Privacy Policy, please contact Syndi’s Data Protection Officer:
email: hello@syndi.health
postal: 31 Willoughby Road, Kingston Upon Thames, England, KT2 6LN.