LEGAL

Privacy Policy.

Plain-language summary of what personal data we collect, why, and how you can control it.

Last updated: 2026-04-21 · Version 1.0

SyncTide ("we", "us") is a self-hosted monitoring platform. The software runs entirely on the customer's own infrastructure — the measurements, alarm data and user accounts created inside a SyncTide installation are never sent to us. This policy covers only the small amount of data we handle as vendor: commercial enquiries and licence administration.

1. Who we are

Data controller: Tiago Guimarães, operating under Portuguese tax residency. Contact: info@synctide.com.

We do not have a Data Protection Officer (DPO) because our processing activity is minimal; all queries go to the address above.

2. What data we collect

2.1 When you contact us

If you submit the form on our contact page or email us directly, we receive the information you provide — typically name, email address, company, the tier you're interested in, and your message. Submissions are relayed through Formspree (USA, acting as data processor under Standard Contractual Clauses) and forwarded to our email inbox.

2.2 When you become a customer

To issue a licence file we collect:

  • Customer / company name
  • Contact email of the technical admin
  • The MAC addresses of the server running SyncTide (used for licence binding — see §3.3)
  • Invoicing details as required by Portuguese tax law (company name, tax number, billing address)

2.3 Website usage

This site uses Cloudflare Web Analytics — a privacy-first analytics product that does not set cookies and does not collect personal data such as IP addresses or device IDs. It gives us aggregate page-view counts and referrer information only.

We do not use advertising pixels, third-party tracking cookies or session replay tools.

3. Why we process this data

3.1 To answer enquiries

Legal basis: consent (by sending us a message you ask us to reply) and pre-contractual measures (GDPR Art 6(1)(b)).

3.2 To issue and support licences

Legal basis: contract performance (Art 6(1)(b)) and legal obligation (Art 6(1)(c)) for invoicing and tax-law retention.

3.3 MAC-address licence binding

Our licence files cryptographically bind to the physical network-interface MAC addresses of the server they're installed on. This prevents casual copying of commercial licences to unlicensed machines. The MACs are stored inside the signed .lic file which lives on the customer's server — we retain a copy in our licence-issuance records so we can re-sign or extend the licence on request.

3.4 Aggregate website metrics

Legal basis: legitimate interest (Art 6(1)(f)) in understanding aggregate traffic patterns, balanced against the de-identified nature of the data collected by Cloudflare Web Analytics.

4. Who we share data with

We do not sell or rent personal data. We share it only with the processors required to run the service:

  • Formspree (USA) — contact-form relay.
  • Google Workspace / Microsoft 365 — our email provider for receiving and replying to enquiries.
  • Cloudflare (USA/global) — website hosting and privacy-first analytics. Cloudflare is a signatory of Standard Contractual Clauses for EU→US transfers.
  • GitHub (USA, Microsoft) — hosts the public source repository and Releases. No customer data is published there; only our own marketing site and the installer binary.
  • Portuguese tax authority — invoice data as required by law.

We do not transfer customer data outside these processors. A customer's operational data (measurements, alarms, user accounts inside SyncTide) stays on their own server and is never received by us.

5. How long we keep it

  • Contact-form submissions: deleted after 12 months if no business relationship develops.
  • Customer records: kept for the duration of the commercial relationship plus 10 years after the last invoice, as required by Portuguese tax law.
  • MAC addresses of customer servers: kept while the licence is active. Deleted on request once the licence is permanently retired.
  • Aggregate analytics: Cloudflare retains them for 6 months.

6. Your rights (GDPR)

You have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data (right to be forgotten), subject to legal retention obligations.
  • Restrict or object to specific processing.
  • Data portability — receive your data in a structured machine-readable format.
  • Withdraw consent at any time for consent-based processing.
  • Lodge a complaint with the Portuguese data protection authority, Comissão Nacional de Protecção de Dados (CNPD), or the authority in your EU country of residence.

To exercise any of these rights, email info@synctide.com from the address associated with your record. We reply within 30 days and usually much sooner.

7. Security

Our business-side systems rely on industry-standard protections (TLS in transit, strong credentials, MFA on administrative accounts). On the product side, SyncTide itself uses Ed25519 signatures for licence and update integrity, MAC-binding, rate-limited authentication and an integrity manifest to detect tampering of binary files.

8. Changes to this policy

We update this page when our practices change. The Last updated date at the top always reflects the latest version. Material changes affecting existing customers will be notified by email.

9. Contact

Questions or requests: info@synctide.com.