Privacy Notice

1. Introduction

Sylla B.V. ("we", "our", "us"), registered at Westinghousestraat 7, 3555VA Utrecht, Netherlands, is committed to protecting your privacy and personal data. This privacy notice explains how we collect, use, and protect your personal information.

2. Personal Data We Collect

We collect and process the following personal data:

  • First and last names

  • Email addresses

3. How We Use Your Data

Your personal data is processed with privacy by design principles, including:

  • Minimal data collection (only names and emails)

  • Authentication and user management

  • Platform functionality and security

  • Communication regarding our services

  • Meeting our legal obligations

4. Data Storage and Security

We implement strong technical measures to protect your data:

  • EU-based infrastructure (UK/Germany)

  • Secure database hosting (NeonDB in Frankfurt)

  • Authentication services (Clerk) with XSS and CSRF protection

  • DDoS protection through Vercel

  • Data encryption both in transit and at rest Regular security audits and assessments

5. Third-Party Processors

We use the following certified sub-processors:

  • Clerk (authentication)

  • NeonDB (secure EU-based database)

  • Vercel (infrastructure)

All sub-processors hold relevant certifications (GDPR, DPF) and we maintain comprehensive processing records.

6. Data Subject Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request data correction

  • Request data deletion

  • Object to processing

  • Data portability

  • Withdraw consent

We handle all requests within GDPR timeframes and provide:

  • Direct access to personal data via our platform

  • Automated deletion processes

  • Clear verification procedures

  • Prompt execution of correction requests

7. Data Retention and Deletion

Upon contract termination or request:

  • Automated data removal from our database

  • User authentication data removal

  • Complete verification process

  • Secure deletion protocols

  • Option to request data deletion at any time

8. Data Breaches

Our breach reporting process includes:

  • Automated monitoring for detection

  • Immediate assessment and containment

  • 72-hour notification to affected parties and authorities

  • Comprehensive incident reporting and analysis

9. International Data Transfers

We process data in EU locations with appropriate safeguards:

  • Database: Frankfurt, Germany (AWS EUCentral-1)

  • Serverless functions: London, UK

  • Background workers: Frankfurt, Germany

10. Contact Information

For any privacy-related queries or to exercise your data rights, please contact us at:

Sylla B.V.
Westinghousestraat 7
3555VA Utrecht
Netherlands
VAT Number: NL865620507B01

11. Updates to This Notice

We may update this privacy notice periodically. Any significant changes will be communicated to users.

Last updated: January 17, 2025