Home Privacy Policy

Privacy Policy

We believe privacy is a right, not a feature. This policy explains exactly what data we collect, why we collect it, and how you can control it.

Last updated: April 2026
~6 min read
✓ GDPR Compliant ✓ HIPAA Ready ✓ No data selling — ever ✓ Synthetic data: zero real PII
Section 01

Overview

Snethic AI Labs LLC ("we," "us," or "our") operates as a privacy-first AI services company. This Privacy Policy describes how we collect, use, store, and protect personal data when you interact with our website, use our services, or engage with us as a client.

This policy applies to all services provided by Snethic AI Labs LLC, including AI systems design, agentic workflows, synthetic data generation, and custom AI platforms. It is designed to comply with the General Data Protection Regulation (GDPR), applicable US privacy laws, and industry-specific regulations including HIPAA where relevant.

Our core commitment: We will never sell, rent, or trade your personal data to third parties for marketing or commercial purposes. Your data is used solely to deliver and improve our services to you.

Section 02

Data We Collect

We collect only the data necessary to deliver our services. Depending on your interaction with us, this may include:

Identity Data
Name, job title, company name
Contact Data
Email address, phone number
Financial Data
Payment details (processed via Stripe — we do not store card data)
Technical Data
IP address, browser type, device info, usage logs
Project Data
Files, datasets, specifications shared during an engagement
Communications
Emails, messages, and meeting notes related to your project

We do not intentionally collect sensitive personal data (such as health records, biometric data, or financial account details) unless explicitly required for a specific contracted service, in which case appropriate data processing agreements are established.

Section 03

How We Use Data

We process personal data only where we have a lawful basis to do so. Our purposes include:

  • Service delivery — to fulfill contracted AI services and project deliverables
  • Payment processing — to invoice clients and process payments via Stripe
  • Communication — to respond to inquiries, provide project updates, and share relevant service information
  • Legal compliance — to meet regulatory obligations, including tax and financial reporting
  • Service improvement — to analyze aggregated, anonymized usage patterns to improve our offerings
  • Security — to detect, prevent, and investigate fraudulent activity or unauthorized access

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

Section 04

Synthetic Data

A core part of our service offering involves synthetic data generation. This section specifically addresses how we handle data in this context.

Important: Our synthetic data pipelines are designed to produce entirely artificial datasets. No real personal data is used as direct input to, or embedded within, any synthetic dataset we generate.

  • Statistical modeling only: Where we analyze client data to understand its statistical properties, this analysis is conducted on anonymized or aggregated representations — no individual records are retained beyond the analysis phase
  • Zero PII in outputs: Synthetic datasets generated by Snethic AI Labs contain no real personal information, even when they statistically mirror real-world distributions
  • GDPR & HIPAA alignment: Our synthetic data methodology is designed to satisfy privacy-by-design principles under GDPR Article 25 and to support HIPAA safe-harbor de-identification standards
  • Client responsibility: Clients who provide real datasets for statistical analysis must ensure they have appropriate rights and consents to share that data with us
Section 05

Data Sharing

We do not sell personal data. We may share data only in the following limited circumstances:

  • Service providers: Trusted third-party processors who support our operations (e.g., Stripe for payments, cloud hosting providers). All processors are bound by data processing agreements and are required to maintain appropriate security standards
  • Legal requirements: Where required by law, court order, or regulatory authority
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction — you will be notified in advance
  • With your consent: For any other sharing not described here, we will seek your explicit consent
Payment Processor
Stripe, Inc. — PCI-DSS Level 1 certified
Cloud Infrastructure
AWS / GCP — data stored in encrypted, access-controlled environments
Section 06

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law.

  • Active client data: Retained for the duration of the engagement plus 12 months, to support post-project queries and potential follow-on work
  • Financial records: Retained for 7 years to comply with tax and accounting obligations
  • Project files and datasets: Deleted or returned to the client within 30 days of project completion, unless a longer retention period is agreed in writing
  • Inquiry data: Contact form submissions and email inquiries are retained for up to 2 years if no engagement follows
  • Website analytics: Aggregated, anonymized traffic data may be retained indefinitely

You may request deletion of your data at any time, subject to our legal retention obligations. See Section 9 for your rights.

Section 07

Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and least-privilege principles for all internal systems
  • Regular security reviews and vulnerability assessments
  • Secure deletion of data upon end-of-retention
  • Employee training on data protection and confidentiality obligations

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay and in accordance with applicable regulatory requirements (within 72 hours for GDPR-covered breaches).

Section 08

Cookies & Tracking

Our website uses a minimal set of cookies to ensure proper functionality and to understand how visitors interact with our content.

Essential Cookies
Required for site functionality. Cannot be disabled.
Analytics Cookies
Anonymous traffic analysis (e.g., page views). Opt-out available.
Marketing Cookies
We do not currently use marketing or retargeting cookies.
Third-Party Cookies
Stripe may set cookies during payment flows. See Stripe's privacy policy.

You can control cookie preferences through your browser settings. Disabling essential cookies may affect site functionality.

Section 09

Your Rights

Depending on your location, you may have the following rights with respect to your personal data. We are committed to honoring these rights promptly — typically within 30 days of a verified request.

👁
Right to Access

Request a copy of all personal data we hold about you.

✏️
Right to Rectification

Request correction of inaccurate or incomplete data.

🗑
Right to Erasure

Request deletion of your data, subject to legal obligations.

Right to Restriction

Request that we limit how we process your data.

📦
Data Portability

Receive your data in a structured, machine-readable format.

🚫
Right to Object

Object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@snethicailabs.com with the subject line "Privacy Rights Request." We may need to verify your identity before processing your request.

Section 10

International Data Transfers

Snethic AI Labs LLC is based in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with data transfer restrictions, please note that your data may be transferred to and processed in the US.

Where such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Use of processors who participate in recognized data transfer frameworks
  • Data Processing Agreements (DPAs) available upon request for enterprise clients
Section 11

Children's Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a minor, please contact us immediately at support@snethicailabs.com and we will take prompt steps to delete that information.

Section 12

Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify active clients via email
  • Display a notice on our website for a minimum of 30 days

We encourage you to review this policy periodically. Your continued use of our services following notification of changes constitutes acceptance of the updated policy.

Section 13

Contact & Data Protection

For any privacy-related questions, requests, or concerns, please reach out to us directly. We take all privacy inquiries seriously and aim to respond within 5 business days.

Privacy Inquiries
support@snethicailabs.com
Subject Line
"Privacy Rights Request" or "Privacy Inquiry"
Entity
Snethic AI Labs LLC
Response Time
Within 5 business days · Rights requests within 30 days

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For EEA residents, this may be your national supervisory authority under GDPR.