Last Updated: April 02, 2026
Last Updated: April 02, 2026
Last Updated: April 02, 2026
Last Updated: April 02, 2026
Last Updated: April 02, 2026
Privacy Policy
We take your privacy seriously. Here you’ll find clear information about the data we collect, why we collect it, and how we keep it safe.
Revision History
This document forms part of the ELSYN Trust Centre and should be read alongside any applicable Terms of Use, Data Processing Agreement, Cookie Policy, Information Security documentation and other published governance materials.
Minor administrative or typographical amendments may be made without prior notice where they do not materially affect the rights of individuals.
Where material changes are made to this Privacy Policy, ELSYN will publish an updated version on its website and, where appropriate, notify customers through appropriate communication channels.
1. Purpose
The purpose of this Privacy Policy is to explain, in a clear and transparent manner, how Snipit Digital Ltd, trading as ELSYN ("ELSYN", "we", "our" or "us"), collects, uses, stores, protects and otherwise processes personal data when individuals interact with our website, software platform, products and services.
This Privacy Policy reflects our commitment to protecting personal information through responsible governance, appropriate technical and organisational safeguards, and compliance with applicable data protection legislation.
As an enterprise intelligence platform, ELSYN is designed to assist organisations in collecting, organising, analysing and managing information relevant to their operational, strategic and business intelligence requirements. In providing these services, ELSYN may process personal data relating to platform users, customer representatives, business contacts and, depending on customer configuration and lawful instructions, information contained within customer datasets.
We recognise that privacy, confidentiality and information security are fundamental to maintaining the trust of our customers. Privacy considerations are therefore incorporated into the design, development and operation of our services through principles of privacy by design and privacy by default.
This Privacy Policy describes:
what personal data we collect;
how personal data is obtained;
the lawful bases on which we process personal data;
how personal data is used;
how personal data is protected;
when personal data may be shared;
how long personal data is retained;
the rights available to individuals under applicable data protection law; and
how individuals may contact us regarding privacy-related matters.
Nothing within this Privacy Policy limits any rights available under applicable data protection legislation.
2. Scope
This Privacy Policy applies to personal data processed by ELSYN in connection with:
the ELSYN website;
the ELSYN intelligence platform;
customer workspaces;
enterprise user accounts;
authorised administrators;
demonstration requests;
customer onboarding activities;
customer support services;
sales and commercial enquiries;
marketing communications where permitted by law;
supplier and partner relationships;
recruitment enquiries submitted through the website;
event registrations;
webinars;
newsletters;
security enquiries;
platform administration;
system monitoring;
operational logging; and
other interactions with ELSYN products and services.
This Privacy Policy applies whether information is collected directly from individuals, automatically through use of our services, or provided to us by organisations acting on behalf of authorised users.
This Privacy Policy does not apply to:
third-party websites linked from our website;
third-party products or services operated independently of ELSYN;
customer systems that are not operated by ELSYN;
information processed solely under customer control where ELSYN acts exclusively as a processor, except where this Privacy Policy expressly explains our role.
Where ELSYN processes personal data solely on behalf of a customer under a written contract, that customer will ordinarily determine the purposes and means of processing and will act as the Data Controller for that processing activity.
3. Applicable Legislation
ELSYN processes personal data in accordance with applicable data protection and privacy legislation, including, where relevant:
the UK General Data Protection Regulation (UK GDPR);
the Data Protection Act 2018;
the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), as amended;
applicable international data protection legislation where ELSYN provides services outside the United Kingdom; and
any other applicable statutory or regulatory requirements relating to privacy, information governance or data protection.
Where different legal obligations apply within particular jurisdictions, ELSYN will take reasonable steps to comply with those obligations to the extent they apply to our processing activities.
4. Privacy Principles
ELSYN is committed to processing personal data in accordance with recognised data protection principles.
Accordingly, personal data will be processed
lawfully, fairly and transparently;
for specified, explicit and legitimate purposes;
only where necessary and proportionate;
accurately and, where appropriate, kept up to date;
only for as long as necessary;
using appropriate technical and organisational security measures; and
in a manner that demonstrates accountability for compliance with applicable data protection legislation.
These principles underpin the design, operation and governance of the ELSYN platform and support our broader commitment to responsible information management.
. Contact Details
Unless otherwise stated, the Data Controller for the processing activities described within this Privacy Policy is:
Snipit Digital Ltd
Trading as ELSYN
Website: https://elsyn.ai
General enquiries: info@elsyn.ai
Privacy enquiries: privacy@elsyn.ai
Where required by law, ELSYN will respond to privacy-related enquiries and data subject requests within the applicable statutory timescales.
If you have questions regarding this Privacy Policy or the way in which personal data is processed, we encourage you to contact us using the details above before escalating concerns to a supervisory authority.
6. Definitions
For the purposes of this Privacy Policy, the following definitions apply unless the context requires otherwise.
Account
A registered user profile providing authorised access to the ELSYN Platform.
Applicable Data Protection Law
Any legislation, regulation, statutory instrument or regulatory guidance governing the processing of Personal Data, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), and any successor legislation.
Authorised User
An individual authorised by a Customer to access and use the ELSYN Platform under a valid subscription or agreement.
Customer
Any organisation, public authority, government department, commercial entity or other legal person that has entered into an agreement with ELSYN for the provision of products or services.
Customer Data
Any information, documents, files, datasets, intelligence requirements, uploaded content, configurations, searches, reports or other material submitted to, stored within or generated through the ELSYN Platform on behalf of a Customer.
Data Controller
The natural or legal person that determines the purposes and means of processing Personal Data, as defined under Applicable Data Protection Law.
Data Processor
A natural or legal person that processes Personal Data on behalf of a Data Controller.
ELSYN Platform
The software applications, websites, APIs, analytical services, artificial intelligence capabilities, databases, dashboards and related services operated by ELSYN.
Personal Data
Any information relating to an identified or identifiable natural person, as defined under Applicable Data Protection Law.
Processing
Any operation performed on Personal Data, whether by automated means or otherwise, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, analysis, restriction, erasure or destruction.
Professional User
Any individual accessing the ELSYN Platform for business, governmental, defence, academic or other professional purposes.
Publicly Available Information
Information lawfully available from publicly accessible sources, including official publications, government announcements, corporate disclosures, media reporting and other publicly accessible information. Public availability does not alter the legal status of any Personal Data contained within such information.
Services
All products, software, websites, APIs, intelligence capabilities, customer support services and related offerings provided by ELSYN.
Special Category Data
Personal Data requiring additional protection under Applicable Data Protection Law, including information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, health data or information concerning an individual's sex life or sexual orientation.
Sub-processor
A third party appointed by ELSYN to process Personal Data on behalf of a Customer in support of the Services.
User
Any individual who accesses or interacts with the ELSYN Platform or associated Services.
7. Data Controller and Data Processor Roles
The role performed by ELSYN when processing Personal Data depends upon the nature of the processing activity and the contractual relationship with the relevant Customer.
7.1 ELSYN as Data Controller
ELSYN acts as the Data Controller where it determines the purposes and means of processing Personal Data. This includes, but is not limited to:
administering the ELSYN website;
responding to enquiries and demonstration requests;
managing commercial relationships;
administering customer accounts;
managing billing and contractual records;
operating customer support services;
recruiting employees and contractors;
communicating product updates;
maintaining information security;
detecting and preventing fraud or misuse;
complying with legal and regulatory obligations;
maintaining audit records; and
improving the performance, reliability and security of the Services.
Where ELSYN acts as a Data Controller, it is responsible for ensuring that Personal Data is processed in accordance with Applicable Data Protection Law.
7.2 ELSYN as Data Processor
ELSYN will generally act as a Data Processor where Personal Data is processed solely on behalf of a Customer in accordance with documented instructions.
Examples include processing Customer Data relating to:
customer-defined intelligence requirements;
uploaded documents;
customer datasets;
authorised user activity;
analytical workflows;
report generation;
monitoring configurations;
workspace administration; and
other processing undertaken solely to provide the contracted Services.
In these circumstances, the Customer remains responsible for determining:
the purpose of processing;
the lawful basis for processing;
compliance with applicable legal obligations; and
the accuracy and legitimacy of Customer Data submitted to the ELSYN Platform.
7.3 Customer Responsibilities
Customers are responsible for ensuring that they have an appropriate legal basis for submitting any Personal Data to the ELSYN Platform.
Customers must ensure that:
they possess all necessary rights, permissions or legal authority to provide Personal Data to ELSYN;
they comply with Applicable Data Protection Law;
Personal Data is accurate, relevant and limited to what is necessary;
they do not submit information that they are prohibited from processing or sharing; and
any necessary notices or consents have been provided where required by law.
ELSYN does not independently verify the legality of Customer Data submitted to the Platform and relies upon Customers to comply with their own legal and regulatory obligations.7.4 Joint Controller Activities
In limited circumstances, ELSYN and a Customer may jointly determine the purposes and means of processing Personal Data.
Where this occurs, the respective responsibilities of each party will be documented within the applicable contractual arrangements or other legally binding documentation.
7.5 Third-Party Processors
ELSYN may engage carefully selected third-party service providers to support the delivery of the Services.
Where such providers process Personal Data on behalf of ELSYN or its Customers, appropriate contractual safeguards will be implemented to ensure compliance with Applicable Data Protection Law.
ELSYN remains responsible for exercising appropriate due diligence when selecting and managing Sub-processors.
7.6 Government, Defence and Regulated Customers
ELSYN provides software intended for professional and enterprise use, including by organisations operating within regulated environments.
Unless expressly agreed in writing, the Services are not intended for the storage, transmission or processing of classified information.
Customers remain solely responsible for determining the appropriate classification, handling requirements and legal basis for any information submitted to the ELSYN Platform.
Where Customers operate under sector-specific legal or regulatory requirements, including government security policies or contractual obligations, those Customers remain responsible for ensuring that their use of the Services complies with those requirements.
8. Categories of Personal Data
The categories of Personal Data processed by ELSYN depend upon how individuals and organisations interact with the Services.
ELSYN seeks to limit the collection and processing of Personal Data to that which is relevant, proportionate and necessary for the purposes described within this Privacy Policy.
The categories of Personal Data we may process include the following.
8.1 Identity Information
Identity information may include:
full name;
business title or role;
employer or organisation;
business contact details;
professional profile information where voluntarily provided;
account identifiers.
Identity information is generally collected when individuals create an account, request information, register for demonstrations, communicate with ELSYN or are designated as authorised users by a Customer.
8.2 Contact Information
Contact information may include:
business email address;
business telephone number;
correspondence address;
preferred communication preferences.
We use this information to communicate with Customers, respond to enquiries, administer accounts and provide Services.
8.3 Account Information
Where individuals use the ELSYN Platform, we may process information relating to account administration, including:
usernames;
authentication credentials;
password hashes;
multi-factor authentication settings;
account status;
licence allocation;
user permissions;
workspace membership;
notification preferences;
account creation and modification records.
Passwords are never stored in plain text.
8.4 Technical Information
When individuals access our website or platform, certain technical information may be processed automatically.
This may include:
IP address;
browser type;
browser version;
operating system;
device type;
language settings;
session identifiers;
network information;
access timestamps;
diagnostic information;
application version.
Technical information assists ELSYN in maintaining platform security, detecting misuse, improving system performance and supporting Customers.
8.5 Usage Information
ELSYN maintains records relating to the operation of the Platform.
Depending upon customer configuration, usage information may include:
login activity;
report generation;
dashboard usage;
searches performed;
intelligence requests;
saved monitoring topics;
alert configurations;
feature utilisation;
workspace activity;
administrative actions;
audit events.
Usage information assists with platform administration, customer support, security monitoring and service improvement.
8.6 Customer Data
Customers determine the information they choose to submit to the ELSYN Platform.
Customer Data may include:
intelligence requirements;
monitoring criteria;
uploaded documents;
spreadsheets;
reports;
images;
structured datasets;
watchlists;
notes;
operational information;
analytical requirements;
workflow configurations;
user-generated content.
Customers remain responsible for ensuring they possess an appropriate legal basis for submitting any Personal Data contained within Customer Data.
8.7 Communication Records
ELSYN may retain records relating to communications with Customers, suppliers and prospective Customers.
This may include:
email correspondence;
customer support requests;
meeting notes;
webinar registrations;
feedback submissions;
sales enquiries;
demonstration requests;
service communications.
Communication records assist with customer support, quality assurance and contractual administration.
8.8 Payment and Commercial Information
Where applicable, ELSYN may process information necessary to administer commercial relationships.
This may include:
organisation details;
billing contacts;
invoice references;
subscription records;
payment status;
contractual information.
ELSYN does not ordinarily store complete payment card information where payments are processed by authorised third-party payment providers.
8.9 Sensitive Personal Data
ELSYN does not intentionally request or require the submission of Special Category Data unless specifically agreed as part of a lawful Customer engagement.
lawful Customer engagement.
Where Customers submit Special Category Data, Customers remain responsible for ensuring they possess an appropriate lawful basis and satisfy all applicable legal obligations relating to that processing.
ELSYN implements additional safeguards where processing of Special Category Data is authorised and necessary.
9. Sources of Personal Data
Personal Data processed by ELSYN may be obtained from a variety of lawful sources depending upon how the Services are used.
These sources include the following.
ndividuals may provide Personal Data directly to ELSYN when they:
contact us;
submit enquiries;
request demonstrations;
create accounts;
register for events;
subscribe to communications;
request support;
participate in surveys;
communicate with our personnel.
9.2 Customer Organisations
Customer organisations may provide Personal Data relating to their authorised users, administrators or representatives for the purposes of administering the Services.
9.3 Customer Uploads
Customers may upload information into the ELSYN Platform for processing as part of their use of the Services.
Such information may include Personal Data where Customers determine this to be necessary for their legitimate operational purposes.
Customers remain responsible for ensuring they have lawful authority to submit such information.
9.4 Automatically Collected Information
Certain technical and operational information is collected automatically through the operation of our website and Services.
Examples include:
authentication events;
security logs;
device information;
browser information;
session activity;
usage statistics;
system diagnostics.
9.5 Publicly Available Information
Depending upon Customer configuration, the ELSYN Platform may process information derived from publicly available sources.
Examples may include publicly available:
government publications;
regulatory announcements;
corporate disclosures;
court judgments;
official press releases;
publicly accessible websites;
publicly available media publications;
publicly accessible social media content where lawfully available.
The fact that information is publicly available does not remove obligations under Applicable Data Protection Law.
9.6 Licensed Information
Where appropriate, ELSYN or its Customers may obtain information from licensed commercial providers.
Such information remains subject to the applicable contractual, licensing and legal restrictions governing its use.
9.7 Third-Party Integrations
Where Customers choose to integrate third-party systems with ELSYN, Personal Data may be received from those systems in accordance with Customer instructions and applicable contractual arrangements.
ELSYN only processes such information for the purposes of providing the requested Services.
10. Data Minimisation
ELSYN is committed to the principle of data minimisation.
Where practicable, we design our systems and operational processes to ensure that only the minimum amount of Personal Data necessary to achieve a legitimate business purpose is processed.
We encourage Customers to avoid submitting unnecessary Personal Data and to review the information held within their workspaces on a regular basis.
Where technical controls permit, Customers may configure their use of the Platform in a manner that reduces the volume of Personal Data processed.
ELSYN regularly reviews its systems, operational procedures and governance arrangements to support ongoing compliance with data minimisation principles.
11. Intelligence Data and Analytical Processing
ELSYN is an intelligence and analytical software platform designed to assist organisations in discovering, organising, analysing and managing information relevant to their operational, strategic and business intelligence requirements.
The Platform is intended to support informed decision-making by presenting structured analytical outputs derived from information processed in accordance with Customer instructions and applicable law.
ELSYN is not designed to replace professional judgement and should not be relied upon as the sole basis for operational, legal, financial or strategic decisions.
11.1 Categories of Information Processed
Subject to Customer configuration and applicable contractual arrangements, the Platform may process information derived from one or more of the following categories:
Customer-supplied information;
Customer-generated analytical content;
publicly available information;
licensed commercial information;
organisational metadata;
operational system information;
user activity records;
authorised third-party integrations.
The categories of information processed vary depending upon the Services subscribed to by each Customer.
11.2 Intelligence Requirements
Customers define the operational requirements that determine how the Platform is configured.
These requirements may include:
organisations;
individuals;
locations;
events;
infrastructure;
industries;
capabilities;
technologies;
geopolitical developments;
regulatory matters;
operational topics; and
other monitoring criteria selected by the Customer.
ELSYN processes information only in accordance with Customer configuration and documented processing activities.
11.3 Analytical Outputs
Depending upon Customer configuration, the Platform may generate analytical outputs including:
intelligence summaries;
structured reports;
topic monitoring;
alerting;
trend analysis;
historical comparisons;
timeline generation;
multilingual translations;
entity extraction;
thematic classification;
prioritisation;
confidence indicators;
supporting citations where available.
Analytical outputs are intended to assist professional users by organising information into a structured format.
They do not constitute legal advice, financial advice, intelligence assessments issued by a public authority, or professional recommendations.
12. Artificial Intelligence
ELSYN uses artificial intelligence technologies as one component of the Services provided to Customers.
Artificial intelligence assists with the efficient processing, organisation and presentation of information but operates alongside broader governance, security and operational controls.
The extent to which AI functionality is available depends upon the Services purchased by the Customer.
12.1 AI-Assisted Processing
AI technologies may assist with activities including:
summarisation;
classification;
multilingual translation;
information extraction;
entity recognition;
document comparison;
transcription of authorised audio or video content;
identification of emerging themes;
report drafting;
historical pattern analysis;
information prioritisation.
These capabilities are intended to improve efficiency and assist professional users in reviewing large volumes of information.
12.2 Human Oversight
ELSYN is designed to support human decision-making rather than replace it.
Customers remain responsible for:
reviewing analytical outputs;
applying professional judgement;
determining operational significance;
verifying conclusions where appropriate;
making decisions based upon their own governance, policies and legal obligations.
Where Customers obtain analyst services from ELSYN under separate contractual arrangements, those services will be governed by the applicable Statement of Work or service agreement.
12.3 Accuracy of AI Outputs
Artificial intelligence systems are capable of producing inaccurate, incomplete or misleading outputs.
Accordingly:
AI-generated content should be reviewed before being relied upon;
analytical outputs may require independent verification;
Customers should consider original source material where appropriate;
Customers should not assume that AI-generated content is free from error.
ELSYN continually seeks to improve the quality and reliability of its Services but does not guarantee the completeness or accuracy of all analytical outputs.
12.4 Model Improvement
ELSYN does not use Customer Data to train proprietary artificial intelligence models unless expressly authorised by the relevant Customer or otherwise permitted under the applicable contractual arrangements and Applicable Data Protection Law.
Where anonymised or aggregated operational information is used to improve the reliability, security or performance of the Platform, reasonable measures will be taken to prevent the identification of individual persons.
13. Automated Decision-Making
ELSYN does not use Personal Data to make decisions that produce legal effects concerning individuals or similarly significant decisions solely through automated processing.
The Platform generates analytical information designed to assist professional users.
Final operational, commercial, regulatory and strategic decisions remain the responsibility of the Customer.
Where future Services introduce functionality capable of constituting automated decision-making under Applicable Data Protection Law, ELSYN will provide appropriate transparency and safeguards in accordance with legal requirements.
14. Data Provenance and Traceability
ELSYN recognises that transparency regarding the origin of information is an important component of responsible intelligence analysis.
Where supported by the relevant Service configuration, the Platform may maintain metadata relating to the origin, processing history or analytical context of information processed through the Platform.
Depending upon Customer configuration, provenance information may include:
originating source references;
processing timestamps;
analytical workflow history;
confidence indicators;
translation history;
processing metadata;
report generation records.
The availability of provenance information varies according to the source material, Customer configuration and subscribed Services.
14.1 Confidence Indicators
Certain Services may include confidence indicators or other analytical metadata intended to assist professional users in understanding the relative confidence associated with analytical outputs.
Confidence indicators are provided as decision-support information only and should not be interpreted as statements of fact or certainty.
14.2 Explainability
Where reasonably practicable, ELSYN seeks to present analytical outputs in a manner that enables professional users to understand the basis upon which information has been organised or analysed.
The degree of explainability available may vary depending upon:
the source material;
Customer configuration;
third-party technologies utilised;
the analytical techniques applied; and
technical limitations associated with particular artificial intelligence models.
ELSYN continually reviews developments in explainable artificial intelligence and seeks to improve transparency where appropriate.
14.3 Responsible Use
Customers are responsible for ensuring that analytical outputs generated by the Platform are used responsibly and in accordance with applicable law, internal organisational policies and ethical standards.
ELSYN does not encourage or support unlawful surveillance, discriminatory profiling, or the misuse of Personal Data.
Customers remain responsible for ensuring that the Platform is configured and used in a lawful and proportionate manner appropriate to their operational environment.
15. Lawful Bases for Processing
ELSYN processes Personal Data only where a valid lawful basis exists under Applicable Data Protection Law.
The lawful basis relied upon will depend upon the nature of the processing activity, the relationship between ELSYN and the individual concerned, and whether ELSYN is acting as a Data Controller or Data Processor.
Where ELSYN acts solely as a Data Processor, the relevant Customer is responsible for identifying the appropriate lawful basis for processing Personal Data.
Where ELSYN acts as a Data Controller, we may rely upon one or more of the lawful bases described below.
15.1 Performance of a Contract
We process Personal Data where necessary to perform a contract with an individual or organisation, or to take steps prior to entering into a contract.
Examples include:
creating and administering user accounts;
providing access to the ELSYN Platform;
delivering subscribed Services;
providing customer support;
administering licences;
managing subscriptions;
processing payments and invoices;
fulfilling contractual obligations.
15.2 Legitimate Interests
ELSYN may process Personal Data where it is necessary for our legitimate business interests, provided those interests are not overridden by the rights and freedoms of individuals.
Examples include:
protecting the security of the Platform;
preventing fraud and misuse;
monitoring system performance;
maintaining audit logs;
improving platform functionality;
responding to security incidents;
defending legal claims;
maintaining business records;
managing customer relationships;
developing new platform capabilities.
Where we rely upon legitimate interests, we assess the impact on affected individuals and implement safeguards where appropriate.
15.3 Legal Obligations
We may process Personal Data where necessary to comply with legal or regulatory obligations.
Examples include:
responding to lawful requests from competent authorities;
complying with court orders;
maintaining accounting and tax records;
complying with sanctions or export control obligations where applicable;
fulfilling statutory reporting requirements;
maintaining records required by law.
15.4 Consent
Where required by law, ELSYN will obtain consent before processing Personal Data.
Consent may be relied upon for activities such as:
sending certain marketing communications;
placing non-essential cookies;
processing information where consent is the appropriate lawful basis under Applicable Data Protection Law.
Individuals may withdraw consent at any time where consent is the lawful basis relied upon.
Withdrawal of consent does not affect the lawfulness of processing undertaken before consent was withdrawn.
15.5 Vital Interests
ELSYN may process Personal Data where necessary to protect the vital interests of an individual or another natural person.
We anticipate relying upon this lawful basis only in exceptional circumstances.
15.6 Public Task
Where ELSYN provides Services to public authorities or organisations exercising official authority, the relevant public authority may rely upon the lawful basis of Public Task for certain processing activities.
Unless otherwise specified, ELSYN generally acts as a Data Processor in relation to such processing.
16. How We Use Personal Data
ELSYN processes Personal Data only for specified, explicit and legitimate purposes.
Depending upon the circumstances, Personal Data may be used to:
Platform Operations
create and administer accounts;
authenticate users;
provide access to subscribed Services;
manage permissions;
administer customer workspaces;
maintain service availability.
Service Delivery
deliver intelligence and analytical services;
process Customer Data in accordance with documented instructions;
generate reports;
operate dashboards;
manage monitoring activities;
support Customer workflows.
Customer Support
respond to enquiries;
investigate technical issues;
resolve support requests;
communicate service updates;
provide implementation assistance.
Security
detect unauthorised access;
investigate suspected misuse;
monitor platform security;
maintain audit records;
identify malicious activity;
investigate security incidents;
protect Customers and the Platform.
Business Administration
manage contracts;
administer subscriptions;
process invoices;
maintain accounting records;
communicate with Customers;
manage suppliers;
administer commercial relationships.
Compliance
comply with legal obligations;
maintain governance records;
support regulatory compliance;
respond to lawful requests;
protect legal rights.
Service Improvement
Where appropriate and permitted by law, ELSYN may analyse operational information to:
improve platform performance;
enhance reliability;
identify software defects;
improve security;
optimise user experience;
develop new functionality.
Where reasonably practicable, service improvement activities will utilise aggregated, anonymised or pseudonymised information.
17. Disclosure of Personal Data
ELSYN does not sell Personal Data.
We disclose Personal Data only where necessary for legitimate business purposes, to comply with legal obligations, or in accordance with Customer instructions.
Personal Data may be disclosed to the following categories of recipients.
17.1 Service Providers
ELSYN may engage carefully selected third-party providers to support the operation of the Services.
Examples include providers of:
cloud infrastructure;
secure hosting;
identity management;
authentication;
payment processing;
customer support systems;
communication platforms;
monitoring services;
analytics;
software development tools.
All providers are subject to appropriate contractual obligations relating to confidentiality, security and data protection.
17.2 Professional Advisers
Personal Data may be shared with professional advisers where reasonably necessary.
This may include:
legal advisers;
auditors;
accountants;
insurers;
regulatory consultants.
Such disclosures are limited to information necessary for the relevant purpose.
17.3 Regulatory Authorities
ELSYN may disclose Personal Data where required by law or where disclosure is necessary to:
comply with legal obligations;
comply with lawful requests from competent authorities;
protect legal rights;
prevent fraud;
investigate criminal activity;
protect the safety of individuals.
Where legally permitted, we will seek to limit disclosures to the minimum information reasonably required.
17.4 Corporate Transactions
Where ELSYN is involved in a merger, acquisition, investment, restructuring or sale of assets, Personal Data may be transferred as part of that transaction, subject to appropriate confidentiality and legal safeguards.
Affected individuals will be notified where required by Applicable Data Protection Law.
17.5 Customer Instructions
Where ELSYN acts as a Data Processor, Personal Data may be disclosed or transferred only in accordance with documented Customer instructions or where otherwise required by law.
18. International Transfers
ELSYN seeks, wherever reasonably practicable, to store and process Personal Data within jurisdictions that provide an appropriate level of legal protection.
Where Personal Data is transferred outside the United Kingdom, ELSYN will implement appropriate safeguards in accordance with Applicable Data Protection Law.
Such safeguards may include:
UK International Data Transfer Agreements (IDTAs);
the UK International Data Transfer Addendum to the EU Standard Contractual Clauses;
adequacy regulations adopted by the UK Government;
other legally recognised transfer mechanisms.
Where no recognised transfer mechanism exists, ELSYN will not transfer Personal Data unless another lawful exception applies.
ELSYN periodically reviews international transfer arrangements to ensure continued compliance with evolving legal and regulatory requirements.
19. Information Security
ELSYN recognises that the confidentiality, integrity and availability of information are fundamental to the delivery of its Services.
We maintain technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access and other forms of unlawful processing.
Our security programme is risk-based and is reviewed periodically to reflect changes in technology, business operations, legal requirements and the evolving threat landscape.
Security controls are selected having regard to:
the nature of the Personal Data processed;
the risks presented by the processing;
the likelihood and severity of harm to individuals;
the state of technological development;
the cost and proportionality of implementing safeguards.
While ELSYN implements appropriate safeguards, no internet-connected system can guarantee absolute security.
20. Technical and Organisational Measures
ELSYN implements a combination of technical, physical and organisational measures designed to safeguard Personal Data throughout its lifecycle.
These measures may include, where appropriate:
Access Management
role-based access controls;
least privilege principles;
authenticated user access;
multi-factor authentication where supported;
privileged account management;
periodic access reviews;
account lifecycle management.
Encryption
Where appropriate, ELSYN uses recognised encryption technologies to protect Personal Data.
This may include:
encryption during transmission;
encryption of stored information where appropriate;
secure cryptographic protocols;
encrypted administrative communications where supported.
Encryption measures are periodically reviewed in line with recognised industry practices.
Infrastructure Security
ELSYN operates using professionally managed cloud infrastructure and associated security controls appropriate to the Services provided.
Security measures may include:
network segmentation;
secure configuration management;
vulnerability remediation;
infrastructure monitoring;
resilience measures;
environment separation where appropriate.
Secure Development
Security considerations are incorporated throughout the software development lifecycle.
This includes, where appropriate:
change management procedures;
security testing;
defect management;
code review processes;
dependency management;
secure deployment practices.
ELSYN seeks to identify and remediate security issues in a timely manner.
Personnel Security
Access to Personal Data is restricted to individuals who require access for legitimate business purposes.
Personnel with access to Personal Data are expected to:
comply with internal security requirements;
maintain confidentiality;
receive appropriate guidance relating to information handling;
use company systems responsibly.
Supplier Management
ELSYN undertakes appropriate due diligence when selecting third-party providers that may process Personal Data.
Where providers process Personal Data on our behalf, appropriate contractual provisions relating to confidentiality, security and data protection are implemented.
Supplier relationships are subject to periodic review.
21. Audit Logging and Monitoring
To assist with security, operational resilience and regulatory accountability, ELSYN maintains audit and monitoring capabilities appropriate to the Services provided.
Depending upon system configuration, audit records may include:
user authentication events;
account administration;
permission changes;
report generation;
configuration changes;
administrative activity;
system events;
security events;
API activity where applicable.
Audit records are used for purposes including:
security monitoring;
incident investigation;
troubleshooting;
operational support;
compliance monitoring;
service improvement.
Access to audit information is restricted to authorised personnel with a legitimate operational need.
Audit information is retained only for as long as reasonably necessary, taking into account legal, contractual and operational requirements.
22. Incident Management
ELSYN maintains procedures for identifying, assessing, responding to and managing information security incidents.
Where an incident involving Personal Data is identified, ELSYN will:
investigate the nature and scope of the incident;
take reasonable steps to contain and mitigate the impact;
assess any potential risks to affected individuals;
comply with applicable legal notification obligations;
implement corrective actions where appropriate.
Where ELSYN acts as a Data Processor, Customers will be notified of relevant Personal Data breaches without undue delay where required under applicable contractual arrangements or Applicable Data Protection Law.
23. Business Continuity and Operational Resilience
ELSYN recognises the importance of maintaining the availability of Services.
Accordingly, we seek to implement operational measures designed to support business continuity and service resilience.
Such measures may include:
resilient cloud infrastructure;
backup procedures;
recovery processes;
system monitoring;
service maintenance;
resilience planning.
Business continuity arrangements are periodically reviewed and updated to reflect operational requirements.
Nothing within this Privacy Policy should be interpreted as guaranteeing uninterrupted availability of the Services.
24. Data Retention
ELSYN retains Personal Data only for as long as reasonably necessary to fulfil the purposes for which it was collected, to comply with legal obligations, to resolve disputes, to enforce contractual rights and to maintain appropriate business records.
Retention periods vary depending upon:
the category of information;
contractual obligations;
regulatory requirements;
operational necessity;
legal limitation periods.
Where ELSYN acts as a Data Processor, Customer Data is retained in accordance with Customer instructions and applicable contractual arrangements.
Where ELSYN acts as a Data Controller, retention periods are determined by our internal governance requirements and applicable legal obligations.
A more detailed retention schedule may be maintained separately as part of ELSYN's internal governance documentation.
24.1 Secure Deletion
Where Personal Data is no longer required, ELSYN seeks to ensure that it is securely deleted, anonymised or otherwise rendered inaccessible, taking into account:
the storage medium;
technical feasibility;
legal obligations;
contractual commitments;
operational requirements.
Backup systems may retain information for a limited period before secure overwriting occurs in accordance with normal backup lifecycle processes.
25. Confidentiality
ELSYN treats information entrusted to it by Customers as confidential unless:
disclosure is authorised by the Customer;
disclosure is required by law;
disclosure is necessary to protect legal rights;
the information is already lawfully in the public domain.
Personnel and authorised service providers with access to confidential information are expected to maintain appropriate standards of confidentiality consistent with their contractual and legal obligations.
Confidentiality obligations continue after termination of employment, engagement or contractual relationships where required by law or contract.
26. Individual Rights
Individuals whose Personal Data is processed by ELSYN may have rights under Applicable Data Protection Law.
The rights available will depend upon the circumstances of the processing, the lawful basis relied upon, and whether ELSYN is acting as a Data Controller or Data Processor.
Nothing within this section limits any statutory rights available under Applicable Data Protection Law.
26.1 Right of Access
Individuals may have the right to request confirmation of whether ELSYN processes their Personal Data and, where applicable, to receive a copy of that Personal Data together with information regarding:
the purposes of processing;
the categories of Personal Data concerned;
the recipients or categories of recipients to whom the Personal Data has been disclosed;
anticipated retention periods, where available;
the existence of applicable data protection rights;
the source of the Personal Data where it was not obtained directly from the individual;
information relating to international transfers where applicable.
Where ELSYN acts as a Data Controller, requests should be submitted using the contact details provided in this Privacy Policy.
Where ELSYN acts solely as a Data Processor, requests should ordinarily be directed to the relevant Customer acting as the Data Controller.
ELSYN will assist Customers in responding to lawful requests where required under applicable contractual arrangements.
26.2 Right to Rectification
Individuals may request that inaccurate or incomplete Personal Data be corrected.
Where ELSYN acts as a Data Controller, reasonable steps will be taken to correct verified inaccuracies without undue delay.
Where ELSYN acts as a Data Processor, requests should generally be directed to the relevant Customer responsible for determining the accuracy of the information concerned.
26.3 Right to Erasure
Individuals may have the right, in certain circumstances, to request that Personal Data be erased.
This right is not absolute and may be limited where continued processing is necessary:
to comply with legal obligations;
to establish, exercise or defend legal claims;
to fulfil contractual obligations;
for reasons of public interest recognised by law;
where another lawful basis permits continued processing.
Where ELSYN acts solely as a Data Processor, requests for erasure will generally be referred to the relevant Customer unless otherwise required by law.
26.4 Right to Restrict Processing
Individuals may request that processing of their Personal Data be restricted in certain circumstances, including where:
the accuracy of the Personal Data is contested;
the processing is believed to be unlawful;
Personal Data is no longer required but must be retained for legal claims;
an objection to processing is being considered.
Where processing is restricted, Personal Data may continue to be stored but will generally not be further processed except where permitted by Applicable Data Protection Law.
26.5 Right to Object
Individuals may have the right to object to processing carried out on the basis of legitimate interests or, where applicable, processing undertaken for direct marketing purposes.
ELSYN will consider all objections on a case-by-case basis, taking into account the applicable legal basis and any overriding legitimate grounds for continuing the processing.
Where an objection relates to processing undertaken solely on behalf of a Customer, the relevant Customer may be responsible for determining how the request is handled.
26.6 Right to Data Portability
Where required by Applicable Data Protection Law, individuals may request that certain Personal Data provided by them be supplied in a structured, commonly used and machine-readable format.
This right applies only where the legal conditions for data portability are satisfied.
26.7 Rights Relating to Automated Decision-Making
As described in Section 13, ELSYN does not ordinarily make decisions producing legal or similarly significant effects concerning individuals solely through automated processing.
Should this position change in relation to any future Services, ELSYN will implement appropriate safeguards and provide any additional information required under Applicable Data Protection Law.
27. Exercising Your Rights
Individuals wishing to exercise any applicable privacy rights should contact ELSYN using the contact details provided in this Privacy Policy.
To help protect Personal Data from unauthorised disclosure, ELSYN may request reasonable information to verify the identity of the individual making the request before responding.
Identity verification measures will be proportionate to the nature of the request and the sensitivity of the Personal Data concerned.
27.1 Response Times
Where ELSYN acts as a Data Controller, we aim to respond to valid requests without undue delay and, in any event, within the timescales required by Applicable Data Protection Law.
Where permitted by law, response periods may be extended where requests are particularly complex or numerous.
If an extension is required, we will inform the individual and explain the reasons for the delay.
27.2 Requests Made to ELSYN as a Data Processor
Where ELSYN receives a request relating to Personal Data processed solely on behalf of a Customer, we may:
refer the request to the relevant Customer;
advise the requester to contact the Customer directly; or
assist the Customer in responding, where required under the applicable contractual arrangements.
The Customer remains responsible for determining how such requests should be handled where it acts as the Data Controller.
27.3 Refusal of Requests
Applicable Data Protection Law recognises that certain requests may be refused, wholly or in part, where an exemption applies or where the legal conditions for exercising the relevant right have not been met.
Where ELSYN refuses a request while acting as a Data Controller, we will explain the reasons for the decision unless prohibited by law and will inform the individual of any applicable rights to complain to the relevant supervisory authority.
28. Complaints and Supervisory Authorities
ELSYN takes privacy concerns seriously and encourages individuals to contact us in the first instance if they believe that their Personal Data has been processed unlawfully or if they have concerns regarding this Privacy Policy.
We will investigate concerns fairly, impartially and in accordance with our internal governance procedures.
Individuals also have the right to lodge a complaint with the supervisory authority responsible for data protection within their jurisdiction.
For individuals located in the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO).
Further information regarding the ICO, including details of how to make a complaint, is available from the ICO's official website.
Submitting a complaint to the ICO does not affect any other legal rights or remedies available under Applicable Data Protection Law.
29. Requests from Regulatory Authorities
Where ELSYN receives a lawful request for information from a court, regulator, law enforcement agency or other competent authority, we will assess the request to ensure that it is legally valid before disclosing Personal Data.
Unless prohibited by law, ELSYN may notify the relevant Customer where a request relates to Personal Data processed on that Customer's behalf.
ELSYN seeks to disclose only the minimum amount of information reasonably necessary to comply with applicable legal obligations.
30. Cookies and Similar Technologies
ELSYN uses cookies and similar technologies to support the operation, security and performance of its website and Services.
Cookies are small text files placed on a user's device that enable websites to recognise returning visitors, remember preferences and improve functionality.
Depending on how our website and Services are used, cookies may be used to:
maintain secure user sessions;
remember user preferences;
support authentication;
improve website performance;
analyse website usage;
diagnose technical issues;
enhance user experience;
support security monitoring.
Where required by law, ELSYN will obtain consent before placing non-essential cookies on a user's device.
Users may manage cookie preferences through our cookie consent mechanism or through their browser settings.
Disabling certain cookies may affect the availability or functionality of parts of the Services.
Further information regarding cookies is available within the ELSYN Cookie Policy.
31. Marketing Communications
ELSYN may communicate with existing or prospective Customers regarding its products, services, events, product updates and other information relevant to professional users.
Marketing communications will be sent only where permitted under Applicable Data Protection Law.
Where consent is required, individuals may withdraw that consent at any time.
Every marketing communication sent electronically will include an appropriate mechanism enabling recipients to unsubscribe or update their communication preferences.
Operational, security or contractual communications relating to active customer relationships may continue where necessary regardless of marketing preferences.
32. Third-Party Websites and Services
The ELSYN website or Services may contain links to third-party websites, products or services.
ELSYN does not control and is not responsible for the privacy practices, content or security of third-party websites.
Individuals are encouraged to review the privacy notices published by those organisations before providing Personal Data.
The inclusion of a link does not constitute endorsement of any third-party organisation, product or service.
33. Children's Privacy
ELSYN is designed for use by organisations, businesses, public sector bodies and professional users.
The Services are not intended for children under the age of eighteen.
ELSYN does not knowingly collect Personal Data directly from children through its website or Services.
Where we become aware that Personal Data relating to a child has been collected unlawfully, appropriate steps will be taken to delete or otherwise manage that information in accordance with Applicable Data Protection Law.
34. Changes to this Privacy Policy
ELSYN may amend this Privacy Policy from time to time to reflect:
changes in applicable legislation;
regulatory guidance;
technological developments;
changes to our Services;
changes to our processing activities;
improvements to our governance arrangements.
The most recent version of this Privacy Policy will always be published on the ELSYN website.
Where changes materially affect the rights of individuals, ELSYN will take reasonable steps to provide notice through appropriate communication channels where required by Applicable Data Protection Law.
The "Last Updated" date shown at the beginning of this document indicates when the current version became effective.
35. Contact Information
Questions regarding this Privacy Policy or the processing of Personal Data may be directed to ELSYN using the details below.
Data Controller
Snipit Digital Ltd
Trading as ELSYN
Website: https://elsyn.ai
General Enquiries: rory.marks@elsyn.ai
Privacy Enquiries: rory.marks@elsyn.ai
If a Data Protection Officer is appointed in the future, updated contact details will be published within this Privacy Policy and on the ELSYN website.
36. Supervisory Authority
Individuals who believe that ELSYN has processed Personal Data unlawfully have the right to lodge a complaint with the competent supervisory authority.
For individuals located within the United Kingdom, the relevant supervisory authority is the Information Commissioner's Office (ICO).
ELSYN encourages individuals to contact us in the first instance so that concerns may be investigated and, where appropriate, resolved promptly.
Nothing within this Privacy Policy affects any statutory rights available under Applicable Data Protection Law.
Schedule A – Summary of Categories of Personal Data
The categories of Personal Data processed by ELSYN may include:
Category
Examples
Identity Information
Name, employer, job title
Contact Information
Business email address, telephone number
Account Information
Username, authentication settings, permissions
Technical Information
IP address, browser information, device information
Usage Information
Login records, searches, reports generated, audit activity
Customer Data
Uploaded documents, intelligence requirements, workspace content
Communications
Emails, support requests, meeting records
Commercial Information
Subscription details, billing contacts, invoices
The categories processed will depend upon the Services used and the Customer's configuration.
