Sysora
Sign InHire Now

Legal

Privacy Policy

How Sysora Infotech handles your personal data — written in plain language, designed to comply with the Indian DPDP Act 2023 and the EU/UK GDPR.

Last updated: 9 May 2026

1. Who we are

This Privacy Policy is issued by Sysora Infotech(“Sysora”, “we”, “us”), a sole-proprietorship registered in Yamunanagar, Haryana, India. For purposes of the EU/UK GDPR, Sysora Infotech is the data controller for personal data processed through sysorastack.com and its sub-domains.

You can reach us about anything in this policy at support@sysorastack.com.

2. What data we collect

We only collect what we need to run the product and be useful to you.

  • Account data — name, email address, password hash, organisation name.
  • Billing data — billing address, country, last four digits of card. Full card details are handled by our payment processor and never stored on Sysora servers.
  • Workspace content — documents, prompts, brand guidelines, integrations data, and conversations you create with your AI employees.
  • Operational data — log files, IP addresses, browser type, device type, and pages visited. Used for security, debugging, and aggregate product analytics.
  • Support data — emails and tickets you send us, plus our replies.

3. How we use your data

  • To provide the Sysora platform and the AI employees you have hired.
  • To bill you for paid plans and recover failed payments.
  • To send you product, security, and account notifications.
  • To improve the product through aggregate, de-identified analytics.
  • To prevent fraud, abuse, and unauthorised access.
  • To comply with our legal obligations under Indian, EU, and UK law.

4. Legal bases for processing (GDPR)

If you are in the EU or UK, we rely on the following lawful bases:

  • Contract — to deliver the service you signed up for.
  • Legitimate interests — to keep the service secure, debug issues, and improve the product.
  • Legal obligation — to comply with tax, accounting, and law-enforcement requests.
  • Consent — for optional marketing emails. You can withdraw consent at any time from your account or by emailing us.

5. Sub-processors

Sysora uses a small number of trusted vendors to run the platform. We share the minimum data required for each vendor to do its job, under contract terms that require equivalent protection.

  • Cloud hosting — Railway and Vercel (workloads, static assets, edge caching).
  • Database and storage — Supabase (Postgres + object storage).
  • AI model providers — Anthropic (Claude) and OpenAI, used by your AI employees on demand. Inputs are not used to train provider models.
  • Email — Postmark or equivalent for transactional emails.
  • Payments — Stripe.
  • Analytics — Plausible or PostHog (privacy-respecting; no third-party advertising cookies).

The current full list is available on request from support@sysorastack.com.

6. International transfers

Your data may be processed outside India, the EU, or the UK — for example by US-based AI providers. Where required, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards approved under DPDP and GDPR.

7. How long we keep your data

  • Active workspace data is retained while your account is active.
  • Closed accounts are fully deleted within 30 days, except where law requires longer retention (typically billing records for up to 7 years).
  • Backups are rotated on a 30-day cycle.

8. Your rights

Under DPDP and GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and personal data.
  • Export your data in a machine-readable format.
  • Object to specific processing or withdraw consent.
  • Lodge a complaint with your local data-protection authority. EU/UK customers can also raise concerns with their national supervisory authority.

To exercise any of these rights, email support@sysorastack.com. We aim to respond within 14 days.

9. Children

Sysora is not intended for users under 18. We do not knowingly collect data from minors.

10. Security

We use industry-standard practices: encryption in transit (TLS 1.2+), encryption at rest, role-based access, principle-of-least-privilege for engineering access, and audit logging. No system is perfect, so if you discover a vulnerability please report it responsibly to support@sysorastack.com.

11. Changes to this policy

We may update this policy as the product evolves. Material changes are announced via email and on the dashboard. The “Last updated” date at the top of this page always reflects the current version.

12. Contact

Sysora Infotech
Yamunanagar, Haryana, India
support@sysorastack.com

Ready to hire your first AI employee?

Setup takes under 10 minutes. No card required to explore.

Hire Your First AI EmployeeTalk to founder