Privacy policy.

Who we are

Syni.ai is the data controller responsible for personal data processed through this website. [Counsel — please confirm and insert: registered legal entity name, company number, registered address, and jurisdiction.]

For data submitted through Lead.ai forms — including the register-interest form on the Lead.ai page and any engagement enquiry routed under a Lead.ai-tagged subject — Syni.ai operates jointly with Aspen Initiative Africa and CMS Daly Inamdar Advocates LLP. Each partner has access only to enquiries routed to its area of responsibility. The joint controller arrangement is governed by a tripartite memorandum of understanding between the three institutions.

Contact details for data protection enquiries are set out at the foot of this policy.

What we collect

We collect only what is necessary for the conversation a visitor initiates.

Information you provide. Your name, organisation, role, and email address when you complete a contact or register-interest form on this site. The subject of your enquiry, any optional sector or vertical you select, and the message you write.

Information collected automatically. A salted, irreversible hash of the IP address from which a form is submitted, used for rate-limiting and audit purposes only. We do not retain the raw IP address. The browser user-agent string of the submitting device, retained for the same purposes. Standard server logs maintained by our hosting provider, retained for operational diagnostic and security purposes.

We do not use cookies. We do not run third-party analytics. We do not track visitors across other websites.

How we collect it

Personal data is collected only when you actively submit it through a form on this website. We do not collect personal data passively while you read.

Server logs are written automatically by our hosting infrastructure for every HTTP request, in line with standard practice for any web service. These logs do not contain the contents of form submissions.

Why we collect it

The lawful bases on which we process personal data depend on the purpose.

Consent and legitimate interest in responding to enquiries. By submitting a form, you provide a request for engagement, and our legitimate interest is to respond to that request within the scope you have indicated.

Legal obligation in retaining submission records. Where we are required to retain records for compliance with applicable law — including data protection regulation and applicable professional or sectoral rules.

Legitimate interest in security. For rate-limiting, audit logging, and preventing automated abuse of our forms.

Where you submit data under a Lead.ai subject, the processing also relies on the joint controller arrangement between Syni.ai, Aspen Initiative Africa, and CMS Daly Inamdar Advocates LLP.

Who we share it with

Personal data submitted through this website is shared only with the parties identified below.

The convening partners of Lead.ai, where the submission is routed to a Lead.ai-tagged subject. Routing is determined by the subject value submitted with the form. The convening partners are Aspen Initiative Africa and CMS Daly Inamdar Advocates LLP. No other Lead.ai-routed party receives the submission.

Our service providers acting as data processors under written instruction. SendGrid, operated by Twilio Inc., for transactional email delivery. Our hosting and database providers, for operational storage and infrastructure. Each processor is bound by data processing terms aligned with applicable law.

Regulators, law enforcement, or other competent authorities, where compelled by law and where the disclosure is required by applicable jurisdiction.

We do not sell personal data. We do not share personal data with advertisers, data brokers, or marketing partners.

How long we keep it

Retention periods reflect the purpose of the data.

Contact and register-interest submissions are retained for the lifetime of the active engagement plus a further seven years, in line with standard professional services retention and applicable record-keeping requirements.

Server logs and audit trails are retained for a maximum of twelve months unless required for a specific incident investigation.

Hashed IP and user-agent data are retained for the same period as the submission to which they relate.

The salt used to hash IP addresses is rotated periodically. Rotation does not invalidate prior submissions but renders historical raw IP recovery impossible by design.

Personal data is deleted or irreversibly anonymised at the end of its retention period.

Your rights

Where applicable law grants them, you have the following rights with respect to personal data we hold about you.

Access. To confirm what personal data we hold and to receive a copy.

Rectification. To correct inaccurate or incomplete personal data.

Erasure. To request deletion of your personal data, subject to our retention obligations.

Restriction. To limit how we process your personal data in defined circumstances.

Portability. To receive your personal data in a structured, commonly used, machine-readable format.

Objection. To object to processing on grounds related to your particular situation.

Withdrawal of consent. At any time, without affecting the lawfulness of processing carried out before the withdrawal.

For visitors in Kenya, these rights are exercised under the Kenya Data Protection Act, 2019. For visitors in the United Kingdom and the European Economic Area, they are exercised under the UK GDPR and the EU GDPR respectively. For visitors in other jurisdictions, the rights set out above apply to the extent local law provides them.

You also have the right to lodge a complaint with a supervisory authority. In Kenya, this is the Office of the Data Protection Commissioner. In the United Kingdom, this is the Information Commissioner's Office. In other jurisdictions, the equivalent national authority.

How to reach us

Data protection enquiries should be directed to:

Email: [Counsel — please confirm and insert: data protection contact email, e.g. privacy@syni.ai or dpo@syni.ai.]

Postal address: [Counsel — please confirm and insert: registered correspondence address.]

For Lead.ai-specific enquiries that involve the joint controllers, your enquiry will be forwarded to the relevant partner. You may, in the alternative, contact the convening partner directly:

Aspen Initiative Africa — [contact route — counsel to confirm].

CMS Daly Inamdar Advocates LLP — [contact route — counsel to confirm].