Privacy policy
Effective 2026-04-23
Who we are
Symoxy Corp, doing business as Symoxy, is a Florida corporation that provides custom software development, media asset management (MAM) automation, and technical advisory services. This policy explains how we handle personal data collected through https://symoxy.com.
For any privacy question or to exercise a right described below, contact us at hello@symoxy.com.
What personal data we collect
We collect the information visitors actively send through the contact form, plus limited technical, security, and aggregate analytics data needed to operate, secure, and improve the site.
Contact form. When you submit /contact, we collect:
- your name (2–80 characters)
- your email address
- your company name (optional)
- the type of engagement you are exploring (custom development, integration, advisory, or not sure)
- your timeline (now, 1–3 months, or exploring)
- your message (10–2,000 characters of free text)
Please do not include sensitive personal information, passwords, trade secrets, confidential client data, health information, financial account details, government ID numbers, or other information you would not want sent through a website contact form.
Bot protection. The form is protected by Cloudflare Turnstile. When you submit the form, Turnstile passes a verification token and client-side signals — which may include your IP address, TLS fingerprint, User-Agent, browser characteristics, and interaction signals — to Cloudflare so Cloudflare can confirm the submission is not abusive or automated. Cloudflare processes these signals to distinguish humans from bots, block automated traffic, and improve Turnstile's bot-detection capabilities. Turnstile does not set tracking cookies in its standard configuration.
Aggregate analytics. We use Cloudflare Web Analytics, which is cookieless. Cloudflare states it does not use cookies or other client-side state, and does not fingerprint individuals via IP address, User-Agent, or other signals for the purpose of analytics. We see aggregate page-view counts, referrers, and country-level location — not individual visitor profiles.
We do not use advertising cookies, marketing pixels, targeted advertising, or third-party advertising trackers. We do not sell personal data.
Why we collect it
| Data | Purpose | GDPR Article 6 lawful basis (for EU / UK visitors) |
|---|---|---|
| Contact-form submission | Respond to your inquiry and, if the project proceeds, take steps to enter into a contract with you | Art. 6(1)(b) — steps at your request prior to entering into a contract; and/or Art. 6(1)(f) — our legitimate interest in responding to business inquiries |
| Turnstile signals | Prevent spam and abusive automated submissions | Art. 6(1)(f) — legitimate interest in keeping the contact channel usable |
| Cloudflare Web Analytics | Understand aggregate traffic so we can improve the site | Art. 6(1)(f) — legitimate interest; balanced by the cookieless, non-identifying design |
Who we share it with
We use the following service providers to operate the site, protect the contact form, understand aggregate traffic, deliver lead notifications, and respond to inquiries. These providers process data under their own privacy policies, security controls, and, where applicable, data processing terms.
- Vercel hosts the site and receives HTTP requests needed to serve the website. Privacy: https://vercel.com/legal/privacy-policy. DPA: https://vercel.com/legal/dpa.
- Resend delivers the lead-notification email when you submit the contact form. Resend receives your name, email, company (if supplied), engagement type, timeline, and message. Privacy: https://resend.com/legal/privacy-policy. DPA: https://resend.com/legal/dpa.
- Cloudflare verifies Turnstile tokens and provides Cloudflare Web Analytics. Turnstile privacy notice: https://www.cloudflare.com/turnstile-privacy-policy/. General privacy policy: https://www.cloudflare.com/privacypolicy/.
- Google Workspace hosts our business email inbox. Contact-form submissions and any follow-up email threads are stored in our Google Workspace account. Privacy policy: https://policies.google.com/privacy.
We do not share personal data with anyone else except where required by law (for example, a valid subpoena) or where necessary to protect Symoxy's legal rights.
How we protect personal data
We use reasonable technical and organizational safeguards appropriate for a small business website, including reputable hosting and email providers, HTTPS, access controls, and limiting access to contact-form submissions to Symoxy personnel who need it. No internet transmission or storage system can be guaranteed to be completely secure.
How long we retain it
- Contact-form submissions and related email threads are kept while the opportunity is live and for up to 24 months afterward for business-record purposes, unless a longer period is needed for legal, tax, dispute-resolution, or security reasons. After that, we delete or anonymize the data from active systems, subject to backup and provider retention schedules. You can ask us to delete sooner at any time.
- Turnstile verifications are transient — we keep only a pass/fail result with the submission, and Cloudflare handles the underlying signals per its own retention rules.
- Cloudflare Web Analytics data is aggregate and retained per Cloudflare's published schedule; because it does not identify you, we have no per-visitor record to delete.
Your rights
Depending on where you live, you may have some or all of the following rights. Symoxy will honor any of these requests from any visitor, regardless of whether a specific statute technically applies to us.
- Access — ask what personal data we hold about you.
- Correction — ask us to fix inaccurate data.
- Deletion — ask us to delete the data we hold (subject to legal retention obligations).
- Portability — receive your data in a common machine-readable format.
- Objection / restriction — object to, or ask us to pause, certain processing.
- Opt out of sale or sharing for targeted advertising — we do not sell personal data or share it for cross-context behavioral advertising, so there is nothing to opt out of, but you can confirm that in writing from us at any time.
- Non-discrimination — we will not treat you differently for exercising any of these rights.
California (CCPA / CPRA): California residents have the rights above, plus the right to know the categories and specific pieces of personal information we collect, the right to limit use of sensitive personal information, and the right to designate an authorized agent. We do not sell or share personal information as those terms are defined under the CPRA.
EU / UK (GDPR / UK GDPR): You may lodge a complaint with your national data protection authority. In the UK that is the Information Commissioner's Office (https://ico.org.uk). Where processing is based on consent, you can withdraw it at any time without affecting processing that has already occurred.
Other US states: Symoxy is a small business and is likely below the applicability thresholds of most comprehensive US state privacy laws. Even where a specific law does not apply, we will make a good-faith effort to honor reasonable privacy requests from any visitor.
How to exercise your rights
Email hello@symoxy.com from the address you used to contact us, or include enough detail that we can verify the request belongs to you. We will respond within 45 days (California / most US state laws) or one month (GDPR / UK GDPR), and will tell you if we need more time.
Cookies and tracking technologies
Symoxy does not use advertising, marketing, or analytics cookies. Cloudflare Web Analytics is cookieless by design. Cloudflare Turnstile does not set tracking cookies in its standard configuration. Some Cloudflare security features, if triggered or enabled, may use strictly necessary cookies or similar technologies to protect the site, manage traffic, or prevent abuse.
Children's privacy
The site is not directed to children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a child has submitted information through the contact form, email hello@symoxy.com and we will delete it.
International data transfers
Symoxy is based in Florida, USA, and our service providers may process data in the United States and other countries. If you contact us from outside the United States, your data may be transferred to and processed in the United States.
Where applicable, we rely on Data Privacy Framework certification, Standard Contractual Clauses, data processing agreements, or other lawful transfer mechanisms used by our service providers.
Changes to this policy
We will update this page when our practices change. The effective date at the top reflects the current version. Material changes affecting how we use personal data will be signaled with a prominent notice on the site and, where feasible, by email to anyone who has an active conversation with us.
Governing law
This policy is governed by the laws of the State of Florida, USA, without regard to its conflict-of-laws principles. Nothing in this policy limits any right you have under a mandatory law of your own jurisdiction.
Questions? Email hello@symoxy.com.