Legal and compliance
Privacy, terms and data protection
How Sepolo and SYNAP IoT s.r.o. collect, protect and process personal data across the Sepolo platform and websites.
Last updated: May 11, 2026
Privacy Policy
This Privacy Policy describes how Sepolo and SYNAP IoT s.r.o. collect, use, disclose, store and protect personal data in connection with the Sepolo platform, websites and related services.
This Privacy Policy applies to https://sepolo.app, https://sepolo.dk and https://sepolo.de.
Sepolo is owned and operated by SYNAP IoT s.r.o., V celnici 1031/4, 110 00 Prague, Czech Republic. VAT Number: CZ06024386.
Contact email: support@sepolo.app. GDPR contact: gdpr@sepolo.app.
By using Sepolo, you acknowledge that your personal data may be processed as described in this Privacy Policy.
1. Data Controller and Data Processor
Depending on the context, SYNAP IoT s.r.o. acts either as a data controller or as a data processor.
Data Controller
SYNAP IoT s.r.o. acts as a data controller when processing personal data relating to website visitors, marketing activities, customer account administration, billing and payments, customer support, security and fraud prevention, and legal compliance.
Data Processor
SYNAP IoT s.r.o. acts as a data processor when processing customer business data stored within the Sepolo platform on behalf of customers.
- Employee data
- Customer data
- Vendor data
- Uploaded files and documents
- Service reports
- Maintenance records
- Operational records
- IoT telemetry and device data
2. Categories of Personal Data
Account and User Information
- Name
- Email address
- Phone number
- Company information
- User roles and permissions
- Authentication data
Customer and Vendor Information
- Customer names
- Vendor names
- Email addresses
- Phone numbers
- Addresses
- Business information
Technical and Usage Data
- IP address
- Browser type and version
- Device identifiers
- Operating system
- Login activity
- Audit logs
- Session information
- Usage statistics
- Diagnostic information
IoT and Telemetry Data
- Device identifiers
- Sensor data
- Event logs
- Operational timestamps
- Diagnostic information
- Asset telemetry
- Maintenance telemetry
Uploaded Content
- Documents
- Images
- Attachments
- Reports
- Service documentation
- Other files submitted through the platform
Payment and Billing Information
Payment processing is handled by Stripe. Sepolo does not store full payment card information.
- Billing address
- Subscription information
- Transaction records
- VAT information
- Invoice information
3. Purposes and Legal Bases for Processing
| Purpose | Legal basis |
|---|---|
| Providing the Sepolo platform and services | Performance of a contract |
| Customer account management | Performance of a contract |
| Authentication and security | Legitimate interests |
| Billing and subscription management | Performance of a contract |
| Customer support | Legitimate interests |
| Platform monitoring and diagnostics | Legitimate interests |
| Preventing fraud and abuse | Legitimate interests |
| Compliance with legal obligations | Legal obligation |
| Analytics and platform improvement | Legitimate interests and consent where required |
| Marketing communications | Consent or legitimate interests |
5. International Data Transfers
Sepolo services and customer data are hosted within Microsoft Azure datacenters located in Germany.
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are implemented.
- European Commission Standard Contractual Clauses (SCCs)
- Transfers to countries with adequacy decisions
- Contractual safeguards with service providers
6. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.
We may retain data longer where required by law or necessary for legal claims.
| Data category | Retention period |
|---|---|
| Account information | Duration of customer relationship plus up to 7 years |
| Transaction and invoice records | Up to 7 years |
| Security and audit logs | Up to 12 months |
| Support communications | Up to 3 years |
| Analytics data | Up to 26 months |
| Backup data | According to internal backup schedules |
7. Security Measures
- Encryption in transit
- Secure cloud infrastructure
- Access control and role-based permissions
- Authentication and identity management
- Security monitoring and logging
- Backup and recovery procedures
- Network security controls
- Multi-factor authentication support
8. Your Rights
Under applicable data protection laws, you may have the following rights. Requests may be submitted to gdpr@sepolo.app.
- Access your personal data
- Correct inaccurate data
- Request deletion of personal data
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent
- Lodge a complaint with a supervisory authority
10. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Updated versions will be published on our websites together with the updated revision date.
Terms of Service
These Terms of Service govern access to and use of the Sepolo platform and related services.
Introduction
By accessing or using Sepolo, you agree to these Terms.
Service Provider
The Sepolo platform is provided by SYNAP IoT s.r.o., V celnici 1031/4, 110 00 Prague, Czech Republic. VAT Number: CZ06024386.
Eligibility
You must be authorized to enter into binding agreements on behalf of your organization in order to use Sepolo.
Customer Accounts
- Maintaining account confidentiality
- Managing user access
- Ensuring authorized use
- Securing credentials
- Ensuring data entered into Sepolo complies with applicable laws
Subscription Services
Sepolo is provided as a subscription-based software service. Pricing and billing terms are provided separately.
- User-based licensing
- Asset-based licensing
- Add-on services
- Trial periods
- Enterprise plans
Acceptable Use
SYNAP IoT s.r.o. reserves the right to suspend accounts violating these Terms.
- Use Sepolo unlawfully
- Attempt unauthorized access
- Disrupt platform operations
- Upload malicious code
- Interfere with security features
- Use the platform for illegal activities
Intellectual Property
All rights, title and interest in the Sepolo platform, including software, branding, interfaces and documentation, remain the exclusive property of SYNAP IoT s.r.o.
Customers retain ownership of their own data.
Availability and Support
We aim to maintain high platform availability but do not guarantee uninterrupted operation.
Maintenance, updates and unforeseen technical events may occasionally affect availability.
Support is provided via support@sepolo.app.
Limitation of Liability
To the maximum extent permitted by law, SYNAP IoT s.r.o. shall not be liable for indirect damages, loss of profits, loss of data, business interruption or consequential damages.
- Total liability shall not exceed the fees paid by the customer during the preceding 12 months.
Termination
Customers may terminate subscriptions according to agreed subscription terms.
- Fees remain unpaid
- These Terms are violated
- Continued service would create legal or security risks
Governing Law
These Terms shall be governed by the laws of the Czech Republic.
Data Processing Agreement (DPA)
This Data Processing Agreement forms part of the agreement between SYNAP IoT s.r.o. and the customer regarding use of the Sepolo platform.
Roles of the Parties
The customer acts as the Data Controller. SYNAP IoT s.r.o. acts as the Data Processor.
Subject Matter and Duration
Processing activities relate to provision of the Sepolo platform and associated services.
Processing continues for the duration of the customer relationship unless otherwise required by law.
Categories of Personal Data
- Employee information
- Customer information
- Vendor information
- Uploaded files
- Service records
- Device telemetry
- Contact details
- Operational data
Processor Obligations
- Process data only on documented instructions
- Maintain confidentiality
- Implement appropriate security measures
- Assist with data subject rights requests where reasonably possible
- Notify customers of personal data breaches without undue delay
- Delete or return customer data upon termination where applicable
Subprocessors
The customer authorizes use of subprocessors necessary for provision of the Sepolo platform. Current subprocessors are listed in the Sepolo Subprocessor List.
International Transfers
Where transfers outside the EEA occur, SYNAP IoT s.r.o. shall ensure appropriate safeguards are implemented.
Security Measures
- Encrypted communications
- Secure Azure infrastructure
- Access controls
- Authentication controls
- Logging and monitoring
- Backup procedures
- Role-based access management
Audit Rights
Reasonable information regarding security measures may be provided upon written request, subject to confidentiality obligations.
Subprocessor List
Infrastructure and Cloud Hosting
| Provider | Purpose | Region |
|---|---|---|
| Microsoft Azure | Cloud hosting and infrastructure | Germany |
Payment Processing
| Provider | Purpose | Region |
|---|---|---|
| Stripe | Payment processing and subscription billing | Global |
Security and Compliance
Sepolo is designed with a security-first and GDPR-focused architecture.
Sepolo services and customer data are hosted within Microsoft Azure datacenters located in Germany.
Security Overview
- Encrypted communications using HTTPS/TLS
- Secure Azure cloud infrastructure
- Role-based access control
- Authentication and identity protection
- Security logging and monitoring
- Backup and disaster recovery procedures
- Secure development practices
- Principle of least privilege
- Multi-factor authentication support
Data Protection
- Role-based permissions
- Audit logging
- Secure authentication
- Data access management
- Controlled data hosting within the European Union
IoT and Telemetry Security
Sepolo may process telemetry and operational data from IoT devices.
Telemetry data is transmitted and stored using secure Microsoft Azure infrastructure and protected through access controls and security monitoring.
Contact Information
Security and privacy inquiries may be directed to support@sepolo.app or gdpr@sepolo.app.