How we handle
your data.

Syphor Inc. ("Syphor," "we," "us") operates the website at syphor.com and provides operations intelligence services to hospitality businesses. Our registered office is in Toronto, Canada. Contact: our privacy contact form.

We collect three categories of information:

• Account information: name, email address, company name, role, billing details.
• Usage data: pages visited on syphor.com, features used in our product, logs and error reports — used to operate and improve the service.
• Customer operational data: the data we read on your behalf from systems you authorize — point of sale, reservations, reviews, accounting, scheduling, and the like. This data remains yours; we are a processor on your behalf.

• Deliver the service: read your authorized systems and generate the daily Brief.
• Communicate with you: account messages, security notices, service updates.
• Improve our product: usage analytics that help us prioritize features. Aggregated and anonymized.

We share information only with:

• Service providers who help us operate the service (hosting, payment processing, support tooling), each bound by data processing agreements.
• Legal authorities when required by court order or law.
• Successor entities in the event of a merger or acquisition, with the same protections in force.

Customer data is stored on our cloud infrastructure (Cloudflare edge + our analysis tier on tenant-isolated infrastructure). Retention policies:

• Raw transaction-level data: retained 90 days, then summarized.
• Summarized data: retained for the life of the account.
• Backups: daily encrypted snapshots, 30-day retention.
• Account closure: full export available; deletion within 30 days of request.

EU and Canadian data-residency options available on request for enterprise customers.

• Encryption in transit: TLS 1.3 on all connections.
• Encryption at rest: AES-256 in our database and backups.
• Two-factor authentication required on all administrative accounts.
• Audit logs for every access, export, and configuration change, retained 12 months.
• Internal access: Syphor employees only access customer data with explicit consent for support cases. All access is logged.

Full security posture and certification roadmap on the security page.

Depending on your jurisdiction, you have the right to:

• Access the information we hold about you
• Correct inaccurate information
• Export your data in a portable format
• Delete your account and data
• Object to certain processing

EU residents have rights under GDPR. California residents have rights under CCPA. Canadian residents have rights under PIPEDA. To exercise any right, submit a request through our privacy contact form — we respond within 30 days, often faster.

We use cookies only for:

• Strictly necessary purposes: session, authentication.
• Analytics: measuring how the site is used, in aggregate. You can opt out at any time.

We do not use advertising cookies. We do not share cookie data with third-party advertisers.

Our service is not intended for individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact our privacy contact form and we will delete it.

We may update this policy as the service evolves or laws change. If we make material changes, we will notify customers 30 days in advance via email and via a notice on syphor.com. The effective date above will always reflect the latest version.

For any privacy question, to exercise a right above, or to file a complaint:

• Privacy inquiries: privacy contact form
• Security questions: security contact form
• Mail: [Registered Office Address]