Sintrio

Legal

Privacy Policy

Effective date: January 1, 2026Version 1.0Covers: CCPA / CPRA / VCDPA / CPA / GDPR

1. Introduction

This Privacy Policy describes how Sintrio LLC ("Sintrio", "we", "our", or "us"), a Wyoming limited liability company with offices at 2029 Black Jack Loop Num 3574, Cheyenne, WY 82001-7282, USA, collects, uses, discloses, and protects personal information about our customers, end-customers, website visitors, and other individuals (collectively, "you"). It applies to the Sintrio platform, our website at sintrio.io, our applications, our APIs, and any related services (collectively, the "Services").

We have designed this Policy to address the requirements of the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Colorado Privacy Act ("CPA"), as well as the European Union General Data Protection Regulation ("GDPR") and the United Kingdom Data Protection Act 2018 where applicable to European or UK data subjects.

2. Information We Collect

We collect several categories of personal information, depending on how you interact with Sintrio:

Identifiers

Name, business name, postal address, email address, phone number, IP address, account identifiers, and government-issued identification numbers where required by law.

KYC / KYB Documents

Copies of government-issued identification, articles of incorporation, beneficial-ownership disclosures, proof of address, tax identification numbers (such as Employer Identification Numbers), and any other documents we are required to collect under applicable anti-money laundering, counter-terrorist financing, and sanctions laws.

Browsing and Device Data

Information about the devices and browsers you use to access the Services, including IP address, operating system, browser type and version, device identifiers, language preferences, time zone, referring URLs, and actions taken on the Services.

Transaction Metadata

Information about transactions processed through the Services, including amounts, currencies, payment methods, merchant categories, geographic location of payer, dispute and chargeback indicators, and fraud-related signals. We do not store full primary account numbers on Sintrio infrastructure; card data is tokenized at the network or processor level in compliance with PCI DSS Level 1.

Communications

Records of your communications with Sintrio, including emails, chat sessions, support tickets, and phone recordings made for quality and training purposes (where permitted by law).

3. How We Use Information

We use personal information for the following purposes, with the indicated retention periods:

  • Account administration — to create, maintain, and secure your account. Retained for the duration of the account plus seven (7) years after closure.
  • Transaction processing — to process, settle, and reconcile payments. Retained for ten (10) years per US tax recordkeeping norms.
  • Fraud and AML monitoring — to detect, investigate, and prevent fraudulent and illicit activity. Retained for at least five (5) years post-termination.
  • Customer support — to respond to your inquiries. Retained for three (3) years after the last interaction.
  • Marketing communications — only where you have opted in. Retained until you opt out.
  • Analytics and product improvement — to understand usage and improve the Services. Retained for two (2) years in aggregated or pseudonymized form.
  • Legal compliance — to comply with subpoenas, court orders, and regulatory inquiries. Retained as long as legally required.

4. Legal Basis for Processing

Where the GDPR applies, we process personal information based on one or more of the following legal bases: (a) performance of a contract to which you are a party; (b) compliance with a legal obligation to which we are subject; (c) our legitimate interests in operating, securing, and improving the Services, balanced against your rights and freedoms; and (d) your consent, where required.

5. Sharing and Disclosure

We may share personal information with the following categories of recipients:

  • Employees and contractors bound by confidentiality obligations, on a need-to-know basis;
  • Subprocessors including hosting providers, KYC verification vendors, fraud scoring providers, communication tools, and analytics providers, each contractually bound to protect personal information;
  • Regulators and authorities including the Financial Crimes Enforcement Network (FinCEN), the Internal Revenue Service (IRS), the Office of Foreign Assets Control (OFAC), state attorneys general, and any other competent authorities, where required by law;
  • Card networks and banking partners including Visa, Mastercard, American Express, Discover, and our acquiring and issuing bank partners;
  • Professional advisors including auditors, accountants, and legal counsel; and
  • Successors in connection with a merger, acquisition, financing, or sale of all or substantially all of our assets.

We do not sell personal information in the traditional sense of the word. Under the CCPA/CPRA, certain analytics or advertising cookies may be considered "sharing" for cross-context behavioral advertising purposes; you may opt out using the "Do Not Sell or Share My Personal Information" link in our cookie banner.

6. International Transfers

Sintrio is headquartered in the United States, and personal information may be transferred to, processed, and stored in the United States or other jurisdictions in which our service providers operate. Where personal information is transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States or other third countries, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, the EU-US Data Privacy Framework where applicable, and the UK International Data Transfer Addendum.

7. Security Measures

Sintrio implements administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include: encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256); strict access controls based on least-privilege principles; multi-factor authentication for all employee access to production systems; continuous monitoring and audit logging; clear separation between development, staging, and production environments; regular penetration testing and vulnerability scanning conducted by independent third parties; mandatory security awareness training for all employees and contractors; and PCI DSS Level 1 vendor certification renewed annually.

8. Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

  • Right to know what personal information we collect and how we use it;
  • Right of access to a copy of the personal information we hold about you;
  • Right to correct inaccurate or incomplete personal information;
  • Right to delete personal information, subject to legal and regulatory exceptions;
  • Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising;
  • Right to limit the use and disclosure of sensitive personal information;
  • Right to non-discrimination for exercising any of the rights above;
  • Right to data portability in a structured, commonly used, machine-readable format;
  • Right to lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact us at privacy@sintrio.io or by mail at the address listed below. We will respond to verifiable consumer requests within forty-five (45) days, or as otherwise required by applicable law. We may need to verify your identity before fulfilling certain requests.

9. Children's Privacy

The Services are not directed to individuals under the age of thirteen (13), and we do not knowingly collect personal information from children. If you become aware that a child has provided personal information to us in violation of the Children's Online Privacy Protection Act (COPPA), please contact us so that we can take appropriate action.

10. Cookies

Sintrio uses cookies and similar technologies as described in our Cookie Policy. You can manage your cookie preferences through our cookie banner or your browser settings.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. We will post the updated Policy on our website with a new effective date and, where required, notify you by email. We encourage you to review this Policy periodically.

12. Contact

For privacy inquiries, please contact our Data Protection Officer:

Sintrio LLC — Data Protection Officer
Email: dpo@sintrio.io
Privacy queries: privacy@sintrio.io
2029 Black Jack Loop Num 3574
Cheyenne, WY 82001-7282, USA
Phone: +1 (319) 323-7348