Privacy Policy
Last updated: 3 May 2026. This notice explains how we process personal data under UK GDPR, EU GDPR, the Data Protection Act 2018 and PECR principles.
1. Controller and Contact
Synedica Labs is the controller for customer account, order and support data processed through this website. Privacy requests can be sent to [email protected].
2. Personal Data We Process
| Category | Examples | Purpose |
|---|---|---|
| Account data | Email, password-derived hash, encrypted profile record. | Account creation, login, checkout eligibility. |
| Identity/contact | Full name, phone, email. | Order support and shipment contact. |
| Shipping data | Address lines, city, postcode, country. | Delivery, address verification and courier fulfilment. |
| Order data | Items, quantities, totals, shipping method, status. | Order processing, fulfilment and records. |
| Payment metadata | Selected crypto, network, wallet address shown, conversion rate. | Payment reconciliation. We do not collect card data. |
| Technical data | IP, browser metadata, security logs. | Security, fraud prevention, performance and abuse protection. |
3. Lawful Bases
- Contract: account creation, checkout, order fulfilment and customer support.
- Legal obligation: accounting, tax, compliance and lawful request handling where applicable.
- Legitimate interests: fraud prevention, security, abuse prevention, site reliability and business records.
- Consent: any future optional analytics or marketing cookies will require consent before use.
4. Security
Traffic is protected by HTTPS/TLS via Cloudflare. Account personal information is designed to be encrypted client-side before local storage. Server-side order records may be stored in Cloudflare D1 for fulfilment and support. Access is limited to operational need.
5. Processors and Third Parties
We may use Cloudflare for hosting, security, D1 database and Pages Functions; CoinGecko for live crypto conversion; postcodes.io/getAddress.io for UK postcode lookup; couriers for fulfilment; and email systems for customer communications.
6. International Transfers
Some processors may operate infrastructure outside the UK/EEA. Where applicable, transfers rely on adequacy regulations, standard contractual clauses or equivalent lawful transfer mechanisms.
7. Retention
Order records are generally retained for up to 7 years where needed for accounting, tax, compliance and dispute handling. Support emails are retained as long as reasonably necessary. Local browser storage remains until you clear it or request deletion where applicable.
8. Your Rights
Depending on location and circumstances, you may have rights of access, rectification, erasure, restriction, portability, objection and complaint to a supervisory authority. We may need to verify identity before acting on a request.
9. Cookies and Local Storage
See our Cookie Policy. We currently use essential storage for cart, account and checkout functions and do not run behavioural advertising cookies.
10. How to Exercise Rights
Email [email protected] with the subject “Privacy Request”. We aim to respond within one month where legally required.