Trust and data handling

Public legal links

Synli links its Privacy Policy, Terms, and Trust page from public landing surfaces and sign-in context so buyers, users, and compliance reviewers can find them before and after registration.

No tracking SDKs

The marketing site and web app do not include product analytics SDKs or tracking pixels. Necessary cookies and browser storage support locale preferences, authentication, OAuth security state, and interface preferences.

European hosting

Production infrastructure runs on Google Cloud in Europe: the primary region is in Finland, with supporting queues in Belgium when a service is unavailable in the primary region.

AI processing in Europe

Production AI analysis runs on Google's Vertex AI, with processing in the EU. AI output supports human review and is not a substitute for it.

Credentials and interactive login

Interactive login lets a user complete SSO or MFA in a controlled browser session. Synli stores encrypted browser session state for the scan rather than the customer's site password.

Password security

OAuth users can use Synli without creating a Synli password. If a Synli account password is used, it is stored as an Argon2id hash with a server-side pepper. Saved site credentials are encrypted for crawler use.

What this page does not claim

• That Synli alone makes a customer fully GDPR compliant.
• That all customer data always remains in Europe without exception.
• That passwords never pass through Synli infrastructure during use.
• That automated scanning finds every accessibility issue.
• That AI output is legally binding.