Privacy Policy - Oxygen Content Fusion

Last Updated: March 23, 2026

Effective Date: March 23, 2026

1. INTRODUCTION

1.1 Who We Are

This Privacy Policy explains how Syncro Soft SRL ("we", "us", "our", "Syncro Soft") collects, uses, discloses, and protects personal information when you use the Oxygen Content Fusion platform (the "Platform" or "Service").

Syncro Soft SRL is the data controller for the personal information we collect and process through the Platform, except where we act as a data processor on behalf of organizations as described in Section 3.3 below.

Company Details:

  • Legal name: Syncro Soft SRL
  • Registration number: RO10639959 (J16/564/1998)
  • Registered address: Remus 5A, Craiova, 200082, Romania
  • Email: privacy@oxygenxml.com

1.2 Scope of This Policy

This Privacy Policy applies to:

  • Individuals who visit our website at fusion.oxygenxml.com
  • Individuals who create accounts on the Platform
  • Organizations that create Organization Workspaces
  • Authorized Users who are invited to join Organization Workspaces
  • Individuals who contact us for support or inquiries

This Privacy Policy does NOT apply to:

  • Content within Organization Workspaces, which is controlled by the organization that created the workspace (see Section 3.3 for details about our role as a data processor)
  • Third-party websites, applications, or services that may be linked from our Platform

1.3 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification to the email address associated with your account
  • Displaying a prominent notice on the Platform

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes become effective constitutes your acceptance of the revised Privacy Policy.

2. PERSONAL INFORMATION WE COLLECT

2.1 Information You Provide Directly

  1. Account Information. When you create an account on the Platform, we collect:
    1. Full name
    2. Email address
    3. Password (stored in encrypted form)
    4. Time zone and language preferences
    5. Company/organization name (if applicable)
    6. Job title or role (optional)
    7. Profile photo (optional)
    8. Phone number (optional)
  2. Organization Information. When you create an Organization Workspace, we collect:
    1. Organization name
    2. Workspace configuration and settings
    3. Billing contact information (name, email, address)
    4. VAT/Tax identification number
  3. Payment Information. When you subscribe to a paid plan, we collect:
    1. Billing name and address
    2. Payment method information (credit card details are processed and stored by our third-party payment processors; we do not directly store full credit card numbers)
    3. Purchase history and transaction records
    4. Invoicing details
  4. Communications. When you contact us for support, feedback, or inquiries, we collect:
    1. Your name and contact information
    2. The content of your messages and communications
    3. Any attachments or files you provide
    4. Information about your issue or request

2.2 Information We Collect Automatically

  1. Usage Information. When you access and use the Platform, we automatically collect:
    1. Pages and features you access and use
    2. Time, frequency, and duration of your activities
    3. Documents you view, create, or edit (metadata)
    4. Buttons you click and actions you take
  2. Device and Browser Information. We collect information about the devices and browsers you use to access the Platform:
    1. Device type, model, and operating system
    2. Browser type and version
    3. Screen resolution and display settings
    4. Device identifiers (such as IP address, device ID)
  3. Location Information. We collect approximate location information based on:
    1. IP address
    2. Time zone settings
    3. Language and regional settings
  4. Log Information. Our servers automatically record information when you use the Platform:
    1. IP addresses
    2. Access times and dates
    3. URLs of pages visited before and after using our Platform
    4. Browser requests and responses
    5. Error logs and diagnostic information
    6. API calls and responses
  5. Cookies and Similar Technologies. We use cookies, local storage, and similar technologies to collect information. See Section 6 below for detailed information about our use of cookies.

2.3 Information We Receive from Third Parties

  1. Single Sign-On (SSO) Services. If you create an account or log in using a third-party single sign-on service (such as Google, Microsoft, or GitHub), we receive:
    1. Your name
    2. Email address
    3. Profile photo
    4. Account identifier
    5. Any other information you authorize the SSO provider to share with us
  2. Payment Processors. Our payment processors (such as Verifone) provide us with:
    1. Payment confirmation and transaction status
    2. Limited payment method information (e.g., last 4 digits of card, card brand)
    3. Billing address information
    4. Information about failed payment attempts
  3. Analytics and Service Providers. We use third-party analytics and service providers that may collect information about your use of the Platform and share aggregated or pseudonymized data with us. See Section 7 for details about third-party services.
  4. Organization Administrators. When an organization invites you to join their Organization Workspace, we may receive:
    1. Your name and email address
    2. Your role or job title within the organization
    3. Any other information the organization provides about you

2.4 Sensitive Personal Information.

We do not intentionally collect or process "special categories of personal data" as defined under GDPR Article 9. If such information is inadvertently uploaded to the Platform as part of Organization Content, it is controlled by the organization, not by us. Organizations are responsible for ensuring they have a lawful basis for processing such data.

3. HOW WE USE PERSONAL INFORMATION

3.1 Legal Bases for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we must have a legal basis for processing your personal information. We rely on the following legal bases:

  • Contract Performance (Article 6(1)(b)): Processing is necessary to provide the Platform services to you under our agreements.
  • Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests, such as improving our services, detecting fraud, and ensuring security, provided such interests are not overridden by your rights and interests.
  • Legal Compliance (Article 6(1)(c)): Processing is necessary to comply with our legal obligations, such as tax laws, accounting requirements, and responses to lawful government requests.
  • Consent (Article 6(1)(a)): In some cases, we ask for your explicit consent to process your personal information, such as for marketing communications or certain optional features.
  • Vital Interests (Article 6(1)(d)): In rare cases, processing may be necessary to protect your vital interests or those of another person.

3.2 Purposes of Processing

We use your personal information for the following purposes:

  1. Providing and Operating the Platform (Legal basis: Contract performance, legitimate interests)
    1. Creating and managing your user account
    2. Authenticating your identity and managing access controls
    3. Enabling you to create, edit, and collaborate on documents
    4. Facilitating communication between users within workspaces
    5. Processing payments and maintaining billing records
    6. Providing customer support and responding to your inquiries
  2. Improving and Developing the Platform (Legal basis: Legitimate interests)
    1. Analyzing usage patterns to understand how the Platform is used
    2. Identifying and fixing bugs, errors, and performance issues
    3. Developing new features and functionality
    4. Conducting research and testing to improve user experience
    5. Generating aggregated, anonymized analytics and insights
  3. Security and Fraud Prevention (Legal basis: Legitimate interests, legal compliance)
    1. Detecting, preventing, and responding to security incidents and threats
    2. Identifying and preventing fraudulent activity and abuse
    3. Enforcing our terms of service and policies
    4. Protecting the rights, property, and safety of Syncro Soft, our users, and the public
    5. Maintaining audit logs for security monitoring
  4. Communications (Legal basis: Contract performance, legitimate interests)
    1. Sending you service-related announcements and updates
    2. Responding to your questions, comments, and support requests
    3. Sending administrative messages about your account or subscription
    4. Notifying you of important changes to the Platform or our policies
  5. Marketing and Promotional Communications (With Your Consent)(Legal basis: Consent (you can withdraw consent at any time))
    1. Sending you newsletters, promotional offers, and information about new features
    2. Inviting you to participate in surveys, contests, or research studies
    3. Sharing information about products and services we think may interest you
  6. Legal and Compliance Obligations(Legal basis: Legal compliance, legitimate interests)
    1. Complying with applicable laws, regulations, and legal processes
    2. Responding to lawful requests from government authorities and law enforcement
    3. Establishing, exercising, or defending legal claims
    4. Conducting audits and maintaining records as required by law
    5. Preventing money laundering and complying with financial regulations
  7. Business Operations (Legal basis: Legitimate interests)
    1. Managing our business operations and internal administration
    2. Conducting financial and accounting activities
    3. Planning and managing our business strategy
    4. Analyzing business performance and market trends

3.3 Data Controller vs. Data Processor Roles

When We Are the Data Controller:
  • We act as the data controller for:
    • Your personal account information (name, email, password, etc.)
    • Your usage of the Platform outside of Organization Workspaces
    • Your billing and payment information
    • Your communications with us
    • Analytics and log data about your use of the Platform
  • As the data controller, we determine the purposes and means of processing this personal information, and we are responsible for complying with data protection obligations.
When We Are the Data Processor:
  • When you access and use an Organization Workspace, the organization that created the workspace acts as the data controller for:
    • Content you create, upload, or edit within the workspace
    • Your activities and usage within the workspace
    • Comments, annotations, and collaborative activities within the workspace
    • Any personal data contained in Organization Content
  • We act as a data processor, processing this information on behalf of the organization according to their instructions and our Data Processing Agreement with them.

What This Means for You:

  1. If you have questions about how your personal data is processed within an Organization Workspace, or if you want to exercise data subject rights regarding that data, you should contact the organization (the data controller), not us.
  2. We will cooperate with organizations to help them fulfill their obligations to you as data subjects, but we cannot independently respond to requests regarding Organization Content without the organization's authorization.

4. HOW WE SHARE PERSONAL INFORMATION

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your personal information only in the limited circumstances described below:

4.1 Within Organization Workspaces

  • With Other Authorized Users: When you join an Organization Workspace, your profile information (name, email, profile photo) and your activities within that workspace (documents you access, edits you make, comments you post) are visible to other authorized users and administrators of that workspace, as determined by the organization's settings and permissions.
  • With Organization Administrators: Organization administrators have broad access to information about users in their workspace, including your activities, content, and usage patterns within the workspace.

This sharing is necessary to provide the collaborative features of the Platform and is controlled by the organization that invited you, not by us.

4.2 Service Providers and Subprocessors

We engage third-party companies to perform services on our behalf, such as:

  • Infrastructure and Hosting: Cloud hosting providers (e.g., AWS) that store and process data
  • Payment Processing: Payment processors (e.g., Verifone) that handle payment transactions
  • Customer Support: Customer support platforms (e.g., Zendesk) that help us provide support services
  • Analytics: Analytics services (e.g., Google Analytics) that help us understand usage patterns
  • Security and Monitoring: Security tools that help us detect and prevent threats and monitor system performance

We maintain a list of our current subprocessors and service providers at : https://www.oxygenxml.com/content_fusion/llm_providers_list.html. We will notify organizations of changes to our subprocessors in accordance with our Data Processing Agreements.

These service providers have access to personal information only to perform their functions on our behalf and are contractually obligated to protect the information and use it only for the purposes we specify.

4.3 Business Transfers

If Syncro Soft is involved in a merger, acquisition, asset sale, bankruptcy, reorganization, or similar transaction, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform before your information is transferred and becomes subject to a different privacy policy.

4.4 Legal Requirements and Protection of Rights

We may disclose your personal information if we believe it is necessary to:

  • Comply with applicable laws, regulations, legal processes, or enforceable governmental requests
  • Enforce our agreements, terms of service, and policies, including investigation of potential violations
  • Detect, prevent, or address fraud, security, or technical issues
  • Protect against harm to the rights, property, or safety of Syncro Soft, our users, or the public, as required or permitted by law

We will attempt to notify you of legal requests for your information unless prohibited by law or if providing notice would undermine the purpose of the request.

4.5 With Your Consent

We may share your personal information with third parties when you explicitly consent to such sharing, such as when you authorize us to share information with specific partners or services you choose to integrate with the Platform.

4.6 Aggregated and Anonymized Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. For example:

  • Usage statistics and trends ("X% of users use feature Y")
  • Performance benchmarks and analytics
  • Industry reports and research studies

This information is not considered personal information and is not subject to this Privacy Policy.

5. INTERNATIONAL DATA TRANSFERS

5.1 Where We Store and Process Data

Syncro Soft is based in Romania (European Union). However, some of our service providers and subprocessors may be located outside the European Economic Area (EEA), including in the United States, Caanda and other countries.

When we transfer personal information outside the EEA, we ensure that appropriate safeguards are in place to protect your personal information in accordance with GDPR requirements.

5.2 Safeguards for International Transfers

We implement the following safeguards for international data transfers:

  • Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses (also known as Model Clauses) for transfers to countries that do not have an adequacy decision from the European Commission.
  • Adequacy Decisions: We may transfer data to countries that have been deemed by the European Commission to provide an adequate level of data protection (such as UK, Switzerland, Canada, Japan, etc.).
  • Additional Security Measures: Where required under GDPR, we implement additional technical and organizational measures to ensure data protection, particularly for transfers to countries without adequacy decisions (such as the United States).
  • Data Processing Agreements: Our contracts with service providers and subprocessors include data protection clauses that comply with GDPR requirements for international transfers.

5.3 Your Rights Regarding International Transfers

You have the right to obtain information about the safeguards we use for international transfers and, in some cases, to obtain a copy of the Standard Contractual Clauses we have implemented.

If you have concerns about international transfers of your personal information, please contact us at privacy@oxygenxml.com.

6. COOKIES AND TRACKING TECHNOLOGIES

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies (web beacons, pixels, local storage, device identifiers) to recognize you, remember your preferences, understand how you use the Platform, and improve your experience.

6.2 Types of Cookies We Use

6.2.1 Strictly Necessary Cookies (Essential).Legal basis: Legitimate interests (essential for service provision). These cookies are essential for the Platform to function and cannot be disabled. They include:

  • Authentication cookies that keep you logged in
  • Security cookies that protect against fraud and abuse
  • Load balancing cookies that distribute traffic across our servers

6.2.2 Functional Cookies. Legal basis: Legitimate interests, consent (depending on jurisdiction). These cookies enable enhanced functionality and personalization:

  • Language and locale preferences
  • UI customization and display settings
  • Recently accessed documents and workspaces
  • User interface state and preferences

6.2.3 Analytics and Performance Cookies. Legal basis: Consent (you can opt out). These cookies help us understand how users interact with the Platform:

  • Google Analytics (anonymized IP addresses)
  • Usage statistics and feature adoption metrics
  • Performance monitoring and error tracking
  • A/B testing and feature experiments

6.2.4 Marketing and Advertising Cookies. Legal basis: Consent (you can opt out) These cookies are used for marketing purposes:

  • Tracking conversions from advertising campaigns
  • Retargeting and remarketing activities

6.3 Third-Party Cookies

Some cookies are placed by third-party services we use, such as:

  • Google Analytics for usage analytics

These third parties have their own privacy policies, and we do not control their use of cookies. We encourage you to review their privacy policies.

6.4 Managing Cookies

Browser Settings: Most web browsers allow you to manage cookie preferences through your browser settings. You can typically:

  • Block all cookies
  • Block third-party cookies only
  • Delete cookies after each session
  • Receive notifications when cookies are being set

Please note that blocking essential cookies will prevent the Platform from functioning properly.

Cookie Consent Tool: When you first visit our website, we display a cookie consent banner that allows you to accept or customize your cookie preferences.

Do Not Track: Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry standard for how to respond to DNT signals, and we do not respond to DNT signals at this time.

6.5 Cookie Duration

  • Session Cookies: Deleted when you close your browser
  • Persistent Cookies: Remain on your device for a set period (typically 30 days to 2 years) or until you manually delete them

We review and minimize cookie duration to balance functionality with privacy.

7. THIRD-PARTY SERVICES AND INTEGRATIONS

7.1 Third-Party Services We Use

The Platform may integrate with or use the following categories of third-party services:

  • Cloud Infrastructure: AWS, Vercel
  • Identity Providers: Google, GitHub
  • Payment Processing: Verifone, or other payment processors
  • Email Services: AWS SES, or similar email delivery services
  • Analytics: Google Analytics or similar analytics platforms
  • Monitoring and Security: Statuspage.io, or similar monitoring services

A complete and current list of our service providers and subprocessors is available at : https://www.oxygenxml.com/content_fusion/llm_providers_list.html.

7.2 Third-Party Links

The Platform may contain links to third-party websites, applications, or services that are not operated or controlled by us. This Privacy Policy does not apply to those third-party services.

We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

7.3 Single Sign-On (SSO)

If you choose to create an account or log in using a third-party single sign-on service (such as Google, Microsoft, GitHub, or SAML-based enterprise SSO), we will receive certain information from that service as described in Section 2.3.

Your use of third-party SSO services is governed by those services' terms and privacy policies. We recommend reviewing their policies before using SSO features.

7.4 Third-Party Integrations

Organizations may configure integrations with third-party services (such as MS Teams notifications, GitHub integration, or other productivity tools). When you use these integrations within an Organization Workspace:

  • The organization controls which integrations are enabled
  • Information may be shared with the integrated third-party service
  • The third party's privacy policy governs how they handle your information
  • We are not responsible for third-party integrations configured by organizations

8. DATA RETENTION

8.1 Retention Principles We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, resolve disputes, and enforce our agreements.

8.2 Retention Periods

8.2.1 Account Information

  • Active accounts: Retained for the duration of your account
  • Closed accounts: Retained for 90 days after account deletion, then permanently deleted
  • Exception: Information required for legal, tax, or accounting purposes may be retained longer (typically 7 years for financial records)

8.2.2 Organization Content

  • Active workspaces: Retained for the duration of the organization's subscription
  • Terminated subscriptions: Retained for 30 days after termination (retrieval period), then permanently deleted
  • Exception: Information may be retained longer if required by law or to resolve disputes

8.2.3 Usage Logs and Analytics

  • Detailed logs: Retained for 90 days for security and debugging purposes
  • Aggregated analytics: May be retained indefinitely in anonymized form

8.2.4 Support Communications

  • Retained for 3 years to provide continuity of support and resolve recurring issues

8.2.5 Marketing Communications

  • Retained until you unsubscribe or withdraw consent, then deleted within 30 days

8.2.6 Payment and Billing Records

  • Retained for 7 years to comply with tax and accounting obligations

8.3 Deletion Procedures

When we delete personal information:

  • It is removed from active systems immediately
  • It is removed from backups within 90 days
  • Deletion is permanent and irreversible
  • Aggregated, anonymized data that cannot identify you may be retained indefinitely

8.4 Legal Holds

We may be required to retain certain personal information longer than our standard retention periods if:

  • Required by law, regulation, or legal process
  • Necessary to establish, exercise, or defend legal claims
  • Subject to litigation hold or investigation
  • Required to comply with regulatory audits or investigations

9. YOUR PRIVACY RIGHTS

9.1 Rights Under GDPR (For EEA Users)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

  • Right of Access (Article 15): You have the right to obtain confirmation of whether we process your personal information and to access that information.
  • Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal information.
  • Right to Erasure / "Right to be Forgotten" (Article 17): You have the right to request deletion of your personal information in certain circumstances, such as when:
    • The information is no longer necessary for the purposes for which it was collected
    • You withdraw consent (where processing is based on consent)
    • You object to processing based on legitimate interests and there are no overriding legitimate grounds
    • The information was unlawfully processed
    • Deletion is required to comply with a legal obligation
  • Right to Restriction of Processing (Article 18): You have the right to request that we restrict processing of your personal information in certain circumstances, such as when you contest the accuracy of the information or object to processing.
  • Right to Data Portability (Article 20): You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to Object (Article 21): You have the right to object to processing of your personal information based on legitimate interests or for direct marketing purposes.
  • Right Not to Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, place of work, or place of alleged infringement.

9.2 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us at:

  • Email: privacy@oxygenxml.com
  • Subject Line: "Privacy Rights Request - [Your Name]"
  • Mail: Syncro Soft SRL, Remus 5A, Craiova, 20082, Romania, Attn: Data Protection / Privacy Rights

Please include in your request:

  • Your full name and email address associated with your account
  • A description of the right you wish to exercise
  • Sufficient information to verify your identity
  • Any specific information or records you are requesting (for access requests)
  • Verification: To protect your privacy and security, we will verify your identity before fulfilling your request. We may request additional information to confirm your identity, such as asking you to log in to your account or providing government-issued identification.
  • Response Time: We will respond to your request within 30 days. In some cases, we may extend this period by an additional 60 days if the request is complex or we receive multiple requests, in which case we will inform you of the extension and the reasons for it.
  • Free of Charge: Exercising your rights is generally free of charge. However, if your requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee or refuse to act on the request.

9.3 Limitations on Rights

In some cases, we may not be able to fully comply with your request, such as when:

  • We need to retain information to comply with legal obligations
  • The information is necessary to establish, exercise, or defend legal claims
  • We have overriding legitimate grounds for processing (for objection requests)
  • The request is manifestly unfounded or excessive
  • Complying would adversely affect the rights and freedoms of others

We will explain the reasons if we cannot fully comply with your request.

9.4 Rights Regarding Organization Content

For personal information contained in Organization Content (i.e., content within Organization Workspaces where you are an invited user), the organization is the data controller, not us.

To exercise your rights regarding Organization Content, you should contact the organization directly. We will cooperate with organizations to help them fulfill their obligations to you, but we cannot independently respond to requests regarding Organization Content.

9.5 Contact Supervisory Authority

You have the right to lodge a complaint with our local data protection supervisory authority if you believe we have violated your privacy rights:

  • Romanian Supervisory Authority

    Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)

    Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București

    Phone: +40 318 059 211

    Email: anspdcp@dataprotection.ro

    Website: www.dataprotection.ro

  • EU-wide information: You can find your local supervisory authority at https://edpb.europa.eu/about-edpb/board/members_en

10. DATA SECURITY

10.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  1. Technical Measures:
    • Encryption of data in transit using TLS 1.2 or higher
    • Encryption of data at rest for sensitive information
    • Secure authentication protocols and password hashing
    • Regular security testing, including penetration testing and vulnerability assessments
    • Intrusion detection and prevention systems
    • Firewalls and network segmentation
    • Secure software development practices
    • Regular security patches and updates
  2. Organizational Measures:
    • Access controls and least-privilege principles (employees only have access to data necessary for their role)
    • Background checks for employees with access to personal information
    • Confidentiality agreements for employees and contractors
    • Security awareness training for all staff
    • Incident response procedures and plans
    • Regular security audits and assessments
  3. Physical Measures:
    • Secure data center facilities with access controls
    • Redundant systems and backups
    • Disaster recovery and business continuity plans

10.2 Third-Party Security

We carefully select service providers and subprocessors that maintain appropriate security standards.

10.3 Your Responsibility

While we implement strong security measures, the security of your personal information also depends on you:

  • Choose a strong password: Use a unique, complex password for your account
  • Enable two-factor authentication (2FA): If available, enable 2FA for additional security
  • Keep your credentials confidential: Never share your password or authentication tokens
  • Log out of shared devices: Always log out when using public or shared computers
  • Be cautious of phishing: Be wary of suspicious emails asking for your credentials
  • Report suspicious activity: Notify us immediately if you suspect unauthorized access to your account

10.4 Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR requirements (within 72 hours of becoming aware of the breach).Our notification will include:

  • The nature of the breach
  • The categories and approximate number of individuals affected
  • The likely consequences of the breach
  • Measures we have taken or propose to take to address the breach
  • Contact information for further inquiries

If you believe your account has been compromised, please contact us immediately at security@oxygenxml.com.

10.5 Limitations

No security system is perfect, and we cannot guarantee absolute security. Transmission of information via the internet is not completely secure. While we strive to protect your personal information, we cannot guarantee the security of information transmitted to or from the Platform, and you do so at your own risk.

11. CHILDREN'S PRIVACY

11.1 Age Restrictions

The Platform is not intended for children under the age of 16 (or under 13 in jurisdictions where the age of digital consent is lower). We do not knowingly collect personal information from children under the applicable age of digital consent.

11.2 Parental Consent

If we learn that we have collected personal information from a child under the applicable age without verifiable parental consent, we will take steps to delete that information as quickly as possible.

If you believe that a child under the applicable age has provided us with personal information without parental consent, please contact us at privacy@oxygenxml.com, and we will investigate and take appropriate action.

11.3 Educational and Organizational Use

In some cases, organizations (such as educational institutions) may invite users under 18 to join Organization Workspaces. In these cases:

  • The organization is responsible for obtaining any necessary parental consent
  • The organization acts as the data controller for the child's activities within the workspace
  • We act as a data processor and process data according to the organization's instructions
  • Parents should contact the organization regarding any questions or concerns about their child's data

12. CHANGES TO OUR PRIVACY PRACTICES

We may update our privacy practices and this Privacy Policy from time to time. When we make material changes, we will notify you as described in Section 1.3.

Material changes may include:

  • Changes to the types of personal information we collect
  • Changes to how we use or share personal information
  • Changes to your rights or how to exercise them
  • Changes to our data retention practices
  • Changes to our legal basis for processing

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

13. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

  • Email: privacy@oxygenxml.com, Subject Line: "Privacy Inquiry - [Your Topic]"
  • Mail:

    Syncro Soft SRL

    Attn: Data Protection / Privacy Team

    Address: Remus 5A, Craiova, 200082, Romania

Products

Features

Shop

Resources

Support

Company

© 2002-2026 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor