Privacy policy

Data controller

The data controller is Syncronika Srl a socio unico, registered office at Bastioni di Porta Nuova 21, 20121 Milan (MI), Italy, VAT no. IT01802650380, REA MI-2098838. For LOCRAI-related requests write to [email protected].

Scope of this policy

This policy distinguishes two contexts: (A) people browsing locrai.com or contacting us through the site; (B) customers and authorized users of the LOCRAI platform. GDPR roles (controller/processor) vary by context.

Part A — Website visitors

For marketing site browsing, Syncronika is the data controller.

Data collected on the site

• Voluntarily provided data: name, email, company, message and other information sent via the contact form.
• Optional attachments: sample documents (PDF, images) that may contain third-party personal data.
• Browsing data: IP address, browser, operating system, pages visited, date and time, referrer.
• Data collected via cookies and similar technologies: see the Cookie policy.

Purposes and legal bases (website)

Contact form and demo attachments

If you attach sample documents, we process them solely to assess your request and prepare a demo. We do not use them to train third-party models. Redacting sensitive data before upload is your responsibility.

Retention (website)

• Contact requests: up to 24 months from the last interaction, unless a contractual relationship begins.
• Demo attachments: for the duration of handling the request; if no contract follows, deletion within 12 months.
• Server log browsing data: generally no longer than 7 days, unless required for crime investigation.
• Cookies: as stated in the Cookie policy.

Recipients and sub-processors (website)

Data may be processed by authorized Syncronika staff and by processors including:

• DigitalOcean (site and application hosting, EU infrastructure)
• Mailgun (transactional email from the contact form)
• Google LLC (reCAPTCHA v3 anti-spam; Google Analytics 4 only with consent)

Transfers outside the EU (website)

Some providers (e.g. Google for reCAPTCHA and, if you accept, Analytics) may process data outside the EU. We rely on GDPR safeguards including Standard Contractual Clauses or adequacy decisions where applicable.

Part B — LOCRAI service customers

For documents uploaded and data processed in the LOCRAI platform, the customer is generally the controller and Syncronika acts as processor, unless otherwise agreed.

Data Processing Agreement (DPA)

Business customers are governed by a GDPR Art. 28 Data Processing Agreement, forming part of the service contract. The DPA is available on request at [email protected] before or when activating the service.

Documents, AI and security (platform)

• Purpose: extract structured data from business documents on the customer's behalf.
• AI processing on infrastructure within the European Union; customer documents are not used to train third-party models.
• Data isolation per organization, encrypted credentials, short-lived file links.
• Configurable retention per organization; automatic deletion beyond the set window.

Artificial intelligence (AI Act)

LOCRAI uses AI systems for B2B document extraction. We provide information on purpose, limits and human review of exceptions. For contract-specific AI questions, contact [email protected].

Your rights

You may exercise access, rectification, erasure, restriction, objection and portability (Arts. 15-22 GDPR), withdraw consent where applicable, and lodge a complaint with your supervisory authority. For active LOCRAI service requests, also contact your controller (the customer who granted you platform access).

Changes to this policy

We may update this policy. The current version is always published on this page with the last update date.