Skip to main content

Prepared for legal review

Privacy Policy

How Synli handles account, billing, and scan data.

Last updated 2026-06-15

Scope

This policy explains how Synli handles personal data when you use synli.ai, app.synli.ai, and related accessibility scanning services. It covers account data, billing data, scan data, and support communication.

Account and sign-in data

Synli stores the information needed to operate an account: email address, name when provided, profile image when supplied by an identity provider, locale preference, organization membership, invitations, and security events.

Users who sign in with supported OAuth providers can use Synli without creating a Synli password. If a user chooses email and password sign-in, Synli stores an Argon2id password hash with a server-side pepper, not a plaintext password.

Scan data and customer site access

When you run scans, Synli processes URLs, crawl metadata, accessibility findings, screenshots, page structure, report content, and the configuration required to perform the scan.

For interactive site login, Synli stores encrypted browser session state rather than the customer's site password. If you explicitly save credentials for automated scanning, those secrets are encrypted for crawler use and are not returned in plaintext through the API after saving.

Cookies and tracking

Synli does not include product analytics SDKs or tracking pixels in the marketing site or web app. Synli uses cookies and browser storage for necessary functions such as locale preferences, authentication, OAuth security state, and user interface preferences.

AI analysis

Some accessibility analysis uses Google's Vertex AI, with processing in the EU. AI output is supporting analysis and does not replace manual accessibility review or legal judgement.

Hosting and subprocessors

Synli's production infrastructure runs on Google Cloud in Europe: the primary region is in Finland, with supporting queues in Belgium. Synli also uses service providers for billing, email, authentication, and AI processing.

Your rights and contact

  • Request access, correction, deletion, restriction, or portability where applicable.
  • Object to processing based on legitimate interests where applicable.
  • Contact support@synli.ai for privacy requests or legal@synli.ai for legal notices.
  • Contact your local data protection authority if you believe your rights have not been respected.