Sintorio was built from day one to be GDPR-native. Every single byte of personal data and every frame of video you process stays within our secure environment, is deleted immediately after use, and is never used to train AI models.

1. Data Controller

Sintorio
Registered seat: Vilnius, Lithuania
Email: privacy@sintorio.com

2. Legal Bases for Processing (Art. 6 GDPR)

Account & Processing: Performance of contract (Art. 6(1)(b)).
Analytics: Legitimate interests (Art. 6(1)(f)).
Marketing: Consent (Art. 6(1)(a)).

3. Zero-Retention Policy for Video Content

The moment a video finishes processing, all source files and intermediate files are permanently deleted from our local processing infrastructure. We do not keep backups or archives of your raw video uploads.

4. Infrastructure & Data Processors

Video Processing: Performed on private, dedicated hardware in Lithuania (Sintorio).
Database & Auth: Supabase (EU Servers).
Payments: Stripe (PCI-Compliant).
AI Transcription: OpenAI (API via SCCs).

5. International Transfers

Video processing happens locally in Lithuania. If we transfer limited data (e.g., transcripts) to third-party APIs outside the EEA, we ensure appropriate safeguards (SCCs) are in place.

6. Your Rights & Complaints

You may exercise your GDPR rights (Access, Erasure, Rectification) by emailing privacy@sintorio.com.

You also have the right to lodge a complaint with the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija): L. Sapiegos str. 17, 10312 Vilnius, Lithuania
Website: https://vdai.lrv.lt/