Privacy Policy

This website, synoforge.com, is operated by SynoForge Labs (Private) Limited, a private limited company incorporated in Sri Lanka. SynoForge Labs is a software studio, and this site is our marketing site. It has no user accounts, no login, and takes no payments.

Our registered office is at 8 Senanayake Avenue, Nawala, Colombo, Sri Lanka.

For any privacy or legal matter, including any request about your personal data, you can reach us at hello@synoforge.com. SynoForge Labs is the controller responsible for the personal data described in this policy.

This policy is effective from 26 June 2026.

We keep data collection to a minimum. There are only two ways we collect personal data through this website.

First, when you use our contact form, we collect the information you choose to send us. This is your name, your email address, your company name (optional), the project type you select, and the message you write. Please only include information that is necessary for your enquiry.

Second, our hosting and anti-spam systems automatically record standard server and security logs when your browser requests pages from our site. These logs can include your IP address and request metadata such as the date and time of the request, the page or resource requested, your browser type, and similar technical details. We use this information to serve the site, keep it secure, and prevent abuse.

We do not use analytics, and we do not build profiles about you. We do not collect special category data, and you should not send us sensitive personal data through the contact form.

We use the personal data you submit through the contact form to read, understand, and respond to your enquiry, and to carry out reasonable follow-up about the project or service you asked about. Our lawful basis for this is our legitimate interest in responding to people who contact us about our services and in running our business. Where your message relates to taking steps at your request before entering into a contract, or to performing a contract with you, we may also rely on that as a basis.

We use server and security logs to operate the website, keep it available, protect it against attacks and spam, and diagnose technical problems. Our lawful basis for this is our legitimate interest in keeping our site secure and working correctly, and in some cases compliance with a legal obligation.

Where we rely on consent, for example if the optional anti-spam challenge is enabled and sets a functional cookie, we will only act on that basis with your agreement, and you can withdraw consent at any time.

We never sell your personal data, and we never share it for advertising.

We do not use analytics cookies, we do not use marketing or advertising cookies, and we do not use tracking pixels.

The only cookie that may be set is a single functional cookie used by our optional anti-spam challenge, Cloudflare Turnstile, and only if and when that challenge is enabled. This cookie helps confirm that a real person, rather than an automated bot, is submitting the contact form. It is not used to track you across other websites.

Because we do not use analytics or marketing cookies, there is nothing of that kind for you to opt into or out of on this site.

We use a small number of trusted providers to run the website and handle contact-form messages. They process personal data only on our behalf and only to provide their service to us.

• Vercel hosts and serves the website. As part of hosting, Vercel processes server logs, which can include the IP address and request metadata described above.
• Resend delivers the emails generated by the contact form, so that your message and its contents reach us.
• Cloudflare Turnstile is an optional anti-spam challenge that helps us tell real visitors apart from bots. When enabled, it may set a single functional cookie, as described in the cookies section.

We do not give your personal data to any other third parties for their own purposes. We may disclose information if we are required to do so by law or where it is necessary to establish, exercise, or defend our legal rights.

We are a Sri Lankan company, but some of our providers process data outside Sri Lanka, for example in the United States or the European Union. This means your personal data may be transferred to and processed in countries other than your own.

When personal data is transferred internationally, we take reasonable steps to ensure it remains protected, including relying on providers that offer appropriate safeguards such as standard contractual clauses or equivalent contractual and technical protections. If you would like more detail about these transfers, please contact us at hello@synoforge.com.

We keep contact-form submissions only for as long as we need them to respond to your enquiry and for reasonable business follow-up. Once a conversation is closed and there is no ongoing reason to keep your message, we delete it.

Server and security logs are kept for a limited period by our hosting and anti-spam providers for operational and security purposes, and are then removed or overwritten in the ordinary course of their service.

Depending on where you are and the law that applies to you, including data protection laws in the EU and the UK, you may have the following rights over your personal data.

• The right to access the personal data we hold about you.
• The right to ask us to correct personal data that is inaccurate or incomplete.
• The right to ask us to delete your personal data.
• The right to object to our processing of your personal data, including where we rely on legitimate interests.
• The right to ask us to restrict how we use your personal data.
• The right to receive your personal data in a portable, machine-readable format and, where feasible, to have it transferred to another provider.
• The right to withdraw consent at any time, where we rely on consent, without affecting the lawfulness of processing carried out before you withdrew it.

To exercise any of these rights, contact us at hello@synoforge.com. We will respond within a reasonable time and in line with applicable law. We may need to verify your identity before acting on a request.

If you believe we have not handled your personal data properly, you also have the right to complain to a data protection authority. If you are in the EU or the UK, this is usually the supervisory authority in the country where you live or work.

We take reasonable technical and organisational measures to protect personal data against loss, misuse, and unauthorised access. These measures include serving the site over encrypted connections, limiting who can access contact-form messages, and using reputable providers with their own security practices.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. We encourage you to share only the information needed for your enquiry.

Our website and services are directed to businesses, not to children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us at hello@synoforge.com and we will delete it.

We may update this policy from time to time, for example if we change our providers or how we handle data. When we do, we will update the effective date at the top of this page. We encourage you to review this policy occasionally so you stay informed about how we handle personal data.

This policy and any dispute relating to it are governed by the laws of Sri Lanka, and the courts of Colombo, Sri Lanka have jurisdiction.