Skip to main content
Home About
Domestic
Commercial
Get a Quote 07519 857 614

Privacy Policy

Last updated: 3 June 2026

This Privacy Policy explains how Synto Solutions Ltd. ("we", "us", "our") collects, uses, stores and protects personal data when you visit https://www.syntosolutions.co.uk or interact with our services. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communications Regulations 2003 (PECR).

Who we are

Synto Solutions Ltd. is a private limited company registered in England and Wales (company number 17091142). Our registered office is 128 City Road, London, EC1V 2NX, United Kingdom. We are the data controller for the personal data we collect through this website and our services.

What data we collect

We collect personal data only when you choose to share it with us. Specifically:

  • Contact form / quote requests: name, email address, phone number, postcode, property details, frequency, optional photographs of the property, and any free-text notes you provide.
  • AI chatbot conversations: the content of messages you send to our on-site assistant, plus any name, email, postcode or phone number you choose to share within the chat. Conversations are processed in real time to generate replies and may be retained alongside your enquiry if you ask us to follow up.
  • Email replies: any information you include when you respond to us by email.
  • Technical data: IP address, browser type, device and approximate region, collected automatically by our hosting provider for security, fraud prevention and rate-limiting purposes.
  • Anonymous analytics: aggregated, non-identifying page-view and performance data through Vercel Analytics. No cookies are set and no personal data is collected.

Lawful basis for processing

Under Article 6 of the UK GDPR, we rely on the following lawful bases:

  • Legitimate interests (Art. 6(1)(f)) for responding to enquiries, generating quotes, protecting the website from abuse, and analysing aggregate site performance.
  • Performance of a contract (Art. 6(1)(b)) where we need your data to deliver a cleaning service you have booked.
  • Consent (Art. 6(1)(a)) where you have explicitly opted in to marketing communications. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) where we must retain records for tax, accounting or regulatory purposes.

How we use your data

We use your personal data to:

  • Respond to your enquiry and prepare a written quote.
  • Schedule, deliver and invoice cleaning services.
  • Communicate with you about your booking, including confirmations, reminders and follow-up messages.
  • Validate the form input you submit (we use an AI service to detect obvious errors or spam in real time, see "Third-party processors" below).
  • Maintain records required for tax, accounting and insurance purposes.
  • Improve our website and services through aggregated, anonymous analytics.

We do not sell, rent, or trade your personal data, and we do not use it for automated decision-making with legal effects.

Third-party processors

We use a small number of trusted suppliers ("data processors") to operate the website and our services. Each is contractually required to handle your data securely and only on our instructions:

  • Vercel Inc. (United States) — website hosting, serverless functions and anonymous performance analytics.
  • Resend Inc. (United States) — transactional email delivery for quote confirmations and replies.
  • Upstash Inc. (United States / EU) — Redis-based rate limiting to protect our forms from abuse.
  • Google LLC (United States) — Gemini AI model used to power our on-site chatbot and to validate contact-form submissions.

We do not share your data with any other third party except where required by law (for example, in response to a valid court order or HMRC request).

International data transfers

Some of the processors listed above are based outside the UK, primarily in the United States. Where personal data is transferred outside the UK, we rely on appropriate safeguards as required by Articles 44 to 49 of the UK GDPR. These include the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or the UK extension to the EU-US Data Privacy Framework where the recipient is certified.

Cookies and analytics

In line with PECR, we only set cookies that are strictly necessary for the website to function (for example, to remember your cookie consent choice). We do not use advertising or third-party tracking cookies.

Performance is monitored using Vercel Analytics, which is a cookie-free, privacy-first solution that aggregates anonymised page-view data. No personal identifiers are collected and no profile is built about you.

Data retention

We keep your personal data only for as long as necessary for the purposes set out above. As a guide:

  • Quote enquiries that do not become customers: deleted after 12 months of inactivity.
  • Customer records: retained for the duration of the business relationship and for 6 years afterwards, in line with HMRC record-keeping requirements.
  • Chatbot transcripts: processed in memory by the AI provider and not retained by us unless attached to an active enquiry.
  • Server logs and rate-limiting data: retained for up to 30 days.

Data security

The website is served exclusively over HTTPS with HSTS, X-Content-Type-Options, X-Frame-Options and a strict Permissions-Policy header. Form submissions are validated, rate-limited and protected by anti-spam controls. Access to back-office systems is restricted to authorised personnel and protected by strong authentication. While no system can be guaranteed 100% secure, we take all reasonable technical and organisational measures expected of a UK SME under Article 32 of the UK GDPR.

Your rights under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — request deletion of your data, subject to our legal retention obligations.
  • Right to restrict processing — ask us to limit how we use your data.
  • Right to data portability — receive your data in a structured, commonly used, machine-readable format.
  • Right to object — object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email us at info@syntosolutions.co.uk. We will respond within one calendar month, as required by Article 12 of the UK GDPR.

Complaints and the ICO

If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve the matter. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. The "Last updated" date at the top of this page will always show when the most recent change was made. For material changes, we will take reasonable steps to notify you in advance.

Contact

For privacy-related enquiries or to exercise any of your rights, contact us at info@syntosolutions.co.uk, or write to us at the registered office address listed under "Who we are" above.