Privacy

Privacy Policy

Last Updated: 22 May 2026

Introduction

Synduct GmbH ("Synduct," "we," "us," "our") operates https://synduct.com and DR. INFO AI (collectively, the "Services").

This Privacy Policy governs your visit to https://synduct.com and your use of DR. INFO AI, explaining how we collect, safeguard, and disclose information that results from your use of the Services.

We use your data to provide and improve the Services. By using them, you agree to the collection and use of information in accordance with this Policy. Our Terms and Conditions ("Terms") and this Privacy Policy apply to all use of our Services.

Definitions

TermMeaning
ServiceThe websites https://synduct.com and DR. INFO AI
Personal DataData about a person who can be identified from those data
Usage DataData collected automatically (generated by use of the Services or their infrastructure, e.g., duration of a page visit)
CookiesFiles stored on your device
Data ControllerThe natural or legal person who determines the purposes and means of processing Personal Data
Data ProcessorA natural or legal person who processes data on behalf of the Data Controller (e.g., service providers)
Data SubjectAny person who is the subject of Personal Data
UserAny person using our Services; corresponds to the Data Subject

Types of Data Collected

Personal Data

We may ask you to provide personally identifiable information that can be used to contact or identify you, including but not limited to:

  • Email address
  • First and last name
  • Profession
  • Years of Experience
  • Place of Work
  • Institution
  • Specialties
  • Country
  • Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing or promotional materials, and other information (e.g., a wait-list for the launch of DR. INFO AI). You can opt out of any—or all—such communications by following the unsubscribe link in our emails.

Usage Data

We may collect information that your browser or app sends whenever you access the Services, such as:

  • IP address
  • Browser type and version
  • Pages of our Services visited
  • Date and time of visit
  • Time spent on pages / in app
  • Unique device identifiers
  • Other diagnostic data

When accessing the Services via a mobile device, Usage Data may additionally include:

  • Mobile-device unique ID
  • Mobile-device IP address
  • Mobile operating system
  • Type of mobile Internet browser used

Use of Data

Synduct uses collected data for, but not limited to, the following purposes:

  • Notifying you about changes to the Services
  • Providing customer support
  • Gathering analysis or valuable information to improve the Services
  • Monitoring usage of the Services
  • Detecting, preventing, and addressing technical issues
  • Fulfilling any purpose for which you provided the data
  • Carrying out obligations and enforcing rights under contracts between you and us (including billing and collection)
  • Sending notices about your account or subscription (e.g., expiration or renewal)
  • Providing news or special offers
  • Any other purpose described when you provide the information
  • Any other purpose with your consent

Retention of Data

We retain Personal Data only as long as necessary for the purposes set out in this Policy. We also retain and use Personal Data as needed to comply with legal obligations, resolve disputes, and enforce agreements and policies. Usage Data is generally retained for a shorter period unless needed to strengthen security, improve functionality, or meet legal obligations.

Transfer of Data

Your information may be processed outside the European Economic Area (EEA), including in the United States (where Meta Platforms, Inc. is established). For such transfers, we rely primarily on Standard Contractual Clauses adopted by the European Commission under Article 46 GDPR and, where the recipient is certified, on the EU-US Data Privacy Framework. Where applicable, we adopt supplementary technical and organisational measures to ensure an essentially equivalent level of protection. No transfer takes place unless these safeguards are in place.

Processing and Sharing of Queries

We collect the medical queries you submit when using our services. These queries are never linked to your personal details and must not include any patient-identifiable information.

We may analyze, aggregate, and anonymize queries. Anonymized or aggregated query data may be shared with or sold to third parties (such as research institutions, pharmaceutical companies, or healthcare organizations) for research, analytical, or commercial purposes. Such data will never include your personal information and cannot reasonably be traced back to you.

Disclosure of Data

We may disclose Personal Data:

  • To comply with legal obligations or valid requests by public authorities
  • To contractors, service providers, and other third parties who support our business
  • To fulfill the purpose for which you provided it
  • With your consent in any other case

Security of Data

We employ robust technical and organizational measures to protect Personal Data (and PHI) against unauthorized access, disclosure, alteration, loss, or destruction, including:

  • Encryption
  • Access controls
  • Anonymization
  • Regular audits and testing
  • Secure infrastructure
  • Staff training

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure; therefore, absolute security cannot be guaranteed.

Your GDPR Rights

Our processing activities adhere to the principles of the General Data Protection Regulation (GDPR). To inquire about, access, update, or delete Personal Data we hold about you, email info@synduct.com.

Under certain circumstances, you have the right to:

  • Access, update, or delete your information
  • Rectify inaccurate or incomplete data
  • Object to processing of your Personal Data
  • Request restriction of processing
  • Receive a copy of your data in a structured, machine-readable format
  • Withdraw consent at any time where we rely on consent to process data

We may require identity verification before fulfilling such requests. You also have the right to lodge a complaint with your local Data-Protection Authority.

Service Providers

We may employ third-party companies and individuals to facilitate our Services, perform service-related tasks, or help us analyze how the Services are used. These third parties have access to Personal Data only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Our current third-party processors include:

  • Google LLC (Analytics, Cloud Services)
  • Vercel Inc. (Hosting and Analytics)
  • Microsoft Corporation (Azure services)
  • Firebase (Authentication)
  • Meta Platforms Ireland Ltd. (Advertising and Conversion Measurement — joint controller under Article 26 GDPR)

Analytics

Google Analytics

We use Google Analytics to track and report website traffic. Google may use the collected data to contextualize and personalize its own advertising network. For more details, see Google's Privacy Policy and its guidance on safeguarding data.

Vercel Analytics

We use Vercel Analytics for hosting performance monitoring and aggregated usage metrics. For details on how Vercel processes this data, refer to Vercel's Privacy Policy.

Meta Pixel

We deploy the Meta Pixel (provided by Meta Platforms Ireland Ltd.) for advertising on Meta platforms, conversion attribution, and the creation of custom and lookalike audiences. The Meta Pixel loads only after you have given explicit consent to Targeting & Advertising cookies. Synduct GmbH and Meta Platforms Ireland Ltd. act as joint controllers within the meaning of Article 26 GDPR for this processing; the joint-controllership terms are set out in Meta's Controller Addendum (facebook.com/legal/controller_addendum). Data is transferred to Meta Platforms, Inc. in the United States subject to the safeguards described in the Transfer of Data section below.

Payments

For paid products or services, we use third-party payment processors. We do not store your payment-card details; they are provided directly to the processor, whose use of your information is governed by its own Privacy Policy.

Links to Other Sites

Our Services may contain links to external sites not operated by us. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over, and assume no responsibility for, the content or practices of any third-party sites or services.

Children's Privacy

Our Services are intended for licensed healthcare professionals and are not directed to individuals under 18 years of age. We do not knowingly collect Personal Data from anyone under 18. If we become aware that such data has been collected, we will delete it promptly.

Updates to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of changes by posting the new Policy, updating the "effective date," and, where appropriate, notifying you via email or a prominent notice within the Services. Changes become effective once posted.

Contact Us

If you have any questions about this Privacy Policy, contact us at:

Email: info@synduct.com

Data Protection Officer

Synduct GmbH has appointed a Data Protection Officer who is available to address any questions, requests, or complaints relating to the processing of your Personal Data. The Data Protection Officer can be reached at:

Email: regulatory@synduct.com

By using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Version: 1.0
Last Review Date: 22 May 2026

Privacy Policy | DR. INFO