Privacy Policy

Data controller

Synaptic Four (sole proprietorship)
Owner: Alexander Senf
Königstraße 5, 70173 Stuttgart, Germany
Contact: contact@synapticfour.com

Data Protection Officer

A Data Protection Officer is currently not required for our business. For data protection requests, please contact us directly using the email address provided in the Impressum.

What data do we collect?

Contact form: Data you enter (name, email, message) are processed and transmitted for the purpose of handling your enquiry. The form also sends an email subject line to the form service (Formspree) so enquiries can be sorted in our mailbox. If you open the contact page via an internal link with a topic in the URL, that subject line may be pre-filled in your browser before you submit; you can edit it. If you reach our website via an ad, campaign parameters (UTM parameters such as utm_source, utm_medium, utm_campaign, utm_term, utm_content) may be present in the URL. These parameters are stored together with your submitted enquiry so we can evaluate internally which channels generate enquiries. We do not pass these UTM parameters on to third parties.

Server logs: The site is hosted on GitHub Pages (GitHub, Inc.). When you visit the site, access data (e.g. IP address, browser, time) may be collected by the host. These data are necessary for the operation of the site. This website does not set any non-essential cookies.

External course checkout: when you open checkout from the training page, you leave this website and are redirected to Systeme.io. The external provider processes data under its own responsibility according to its privacy policy.

Links to GitHub: When you open links to github.com or other GitHub-controlled pages, GitHub, Inc. may process personal data as set out in GitHub’s privacy statement. That processing is outside our control and is governed solely by GitHub.

Legal basis (Art. 6 GDPR)

Processing of the contact form is based on your consent (Art. 6(1)(a) GDPR). Transmission via the contact form only takes place on the basis of your explicit consent. Processing of server logs and localStorage for the cookie notice is based on legitimate interests (Art. 6(1)(f) GDPR) to provide and secure the website and to store your banner preference. You may withdraw your consent at any time.

Technical and organisational safeguards

The website is delivered over HTTPS. We apply data minimisation and only process data required for operation, contact handling, and the listed external services. No analytics or advertising trackers are used on this site.

Is data provision mandatory?

Providing your data is generally voluntary. Without the required contact form details (name, email, message and consent), we cannot process your enquiry via the form.

Retention period

Enquiries and the associated correspondence are deleted or otherwise anonymised after processing is complete, unless legal retention obligations apply. Formspree processes and retains personal data only as long as required for the purposes described in this privacy policy (e.g. to provide the form service and comply with legal obligations). In addition, log files may be processed for security and maintenance purposes. The exact duration may vary depending on the type of data; server/system logs are managed according to the requirements of the respective provider.

Your rights

You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object (Art. 21). You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise these rights, please contact us at the email address given in the imprint. We will process your request without undue delay, generally within one month (Art. 12(3) GDPR). We do not build classic visitor profiles ourselves; however, when the website is accessed, technically required access data are processed by the hosting provider GitHub (e.g. IP address, timestamp). Your rights also concern contact form data (via Formspree) and any correspondence we keep.

Disclosure and external recipients

Data are disclosed only in the cases described below (in particular to technical service providers and platform operators).

Processor: Contact form

The contact form is operated by Formspree (Formspree.io, USA). Your entries are transmitted to Formspree’s servers. A data processing agreement is in place. Where data are transferred to the USA, transfer is based on the EU Commission’s standard contractual clauses. Further information: https://formspree.io/.

Email (receipt): Private Email (privateemail.com)

The information you submit via the contact form (including for handling your enquiry) is processed using an email mailbox hosted by Private Email (privateemail.com), a product of Namecheap. We use this mailbox exclusively for communication related to your enquiry. After processing is complete, we delete emails unless legal retention obligations or technical reasons (e.g. security/backup processes) apply. Details regarding processing by the email provider are set out in the Private Email privacy policy: https://privateemail.com/privacy.

Hosting provider: GitHub Pages

The site is delivered via GitHub Pages (GitHub, Inc., USA; server location may be in the USA). When pages are requested, GitHub processes technically required access data (e.g. IP, timestamp). This processing falls under GitHub’s responsibility as platform operator. Privacy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement.

Social media presence: LinkedIn

We maintain a company presence on LinkedIn (LinkedIn Ireland Unlimited Company / LinkedIn Corporation, USA). When you visit our LinkedIn page or interact with our content, LinkedIn may process personal data (e.g. usage data, device information). In this context, joint controllership under Art. 26 GDPR may apply; the applicable framework is defined by LinkedIn’s published terms and notices. For transfers to the USA, LinkedIn uses, among other mechanisms, the EU Commission’s standard contractual clauses. Privacy: https://www.linkedin.com/legal/privacy-policy.

External course checkout: Systeme.io

Course checkout is provided by Systeme.io (ITACWT Limited, Ireland). When you click the checkout link, you leave our website and are redirected to a Systeme.io page. Data processed there (e.g. technical access data, order and payment data) is handled under Systeme.io’s responsibility. For payment processing, additional payment providers (e.g. Stripe) may be used within the checkout flow; the specific provider and its privacy terms are shown there. Privacy: https://systeme.io/privacy-policy.

External services: PCMS (map.synapticfour.com)

When you open PCMS at https://map.synapticfour.com (including via links on this site), you leave synapticfour.com; processing there is described in PCMS’s own Art. 13 notice: https://map.synapticfour.com/privacy (English) or https://map.synapticfour.com/de/privacy (German). The controller is Synaptic Four (Stuttgart), as on this page and in our imprint. PCMS handles pseudonymous research session data; the assessment flow does not ask for your name, email, or postal address. Consent is obtained in a multi-step flow inside PCMS (Art. 6(1)(a) GDPR), and optional cloud storage in the research database is performed only with explicit opt-in. Hosting is provided via Vercel (USA; international transfers are addressed in that notice); optional cloud research storage may use Supabase (often in the EU region for production—operators should verify). For study deployments, operators may enable a documented research configuration that hides lightweight share controls so participants rely on full session exports rather than compressed URL payloads (see the PCMS repository). PCMS does not use advertising or marketing analytics cookies, as stated there. The ethics framework and validation protocol are additionally available inside the PCMS web app at https://map.synapticfour.com/ethics and https://map.synapticfour.com/validation (with locale prefix for non-default languages, e.g. German: /de/ethics and /de/validation).

Cookies and local storage

This site does not set any non-essential cookies. No analytics or marketing cookies are used. A cookie notice stores your acknowledgment (“Got it”) only locally in your browser (localStorage) so the notice is not shown again. This storage is not used for tracking.

Withdrawal of consent

You may withdraw consent you have given (e.g. for contact) at any time with effect for the future. Contact us at the email address given in the imprint.

Automated decision-making (Art. 22 GDPR)

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you in connection with this website.

No medical devices, no diagnosis

None of the solutions described on this site are designed or approved as medical devices under the EU MDR. They are not intended to diagnose, treat, or monitor diseases or health conditions and do not replace medical or psychological advice.

Fonts and analytics

This site uses system fonts only (no Google Fonts). No analytics or tracking tools are used.