SylphoraSylphora
Sign inGet started

Privacy Policy

Last updated: May 2026

At Sylphora we respect your privacy. This policy explains what data we collect, how we use it, and your rights, in compliance with the GDPR.

1. Data controller

The data controller is Sylphora. You can contact us at any time to exercise your rights.

2. Data we collect

We collect: (a) account data (email, name); (b) olfactive profile data you provide voluntarily; (c) history of generated reports; (d) payment data processed by Stripe (we do not store cards); (e) technical data (IP, browser) for security and analytics.

3. Purpose

We use your data to provide the service, generate personalized recommendations, process payments, send account-related communications and improve the platform.

4. Legal basis

Processing is based on contract performance, your consent (non-essential cookies, marketing) and our legitimate interest (security and product improvement).

5. Data sharing

We only share data with necessary providers: Supabase (database and authentication), Stripe (payments), Google (AI models and optional authentication). All comply with European data protection standards.

6. Retention

We keep your data while your account is active. After deletion we keep strictly what is necessary to comply with legal obligations (invoicing: 6 years).

7. Your rights

You have the rights of access, rectification, erasure, objection, restriction and portability. You can exercise them by writing to us. You can also file a complaint with the AEPD (www.aepd.es).

8. Security

We apply technical and organizational measures: encryption in transit (HTTPS), access control (RLS), backups and continuous monitoring.

9. Minors

The service is not directed to people under 16. If we detect minors' data, we will delete it.