Book a Strategy Call

✓ Done-For-You Deployment · ✓ 30-Day Launch · ✓ Guaranteed Results · ✓ AI-Powered Systems

Legal

Privacy Policy

Last updated: 3 April 2026

1. Introduction

Sytoso (“we”, “us”, or “our”) is an AI & Business Automation Agency providing done-for-you client acquisition and operations systems to professional services firms across healthcare, legal & accounting, and real estate. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or engage our services.

We are committed to protecting personal information in compliance with applicable privacy laws across all markets we serve, including the United States (HIPAA, CCPA), Canada (PIPEDA), the United Kingdom (UK GDPR), and Australia (Privacy Act 1988).

2. Information We Collect

2.1 Information You Provide

  • Name, email address, phone number, and practice details submitted via contact or booking forms
  • Information shared during discovery calls or assessments
  • Communications you send to hello@sytoso.com

2.2 Automatically Collected Information

  • IP address, browser type, device information, and operating system
  • Pages visited, time spent on site, and referring URLs
  • Cookies and similar tracking technologies (see Section 7)

3. How We Use Your Information

  • To respond to enquiries and schedule assessments
  • To deliver and improve our services
  • To send service-related communications (not marketing without consent)
  • To comply with legal obligations
  • To analyse website performance and user experience

We do not sell your personal information to third parties. We do not use your data to train public AI models.

4. Vertical-Specific Compliance

4.1 Healthcare — HIPAA Compliance

When Sytoso provides services to covered entities (healthcare practices) under a Business Associate Agreement (BAA), any Protected Health Information (PHI) we access is handled in strict accordance with HIPAA:

  • BAA executed before any access to patient data
  • All PHI is encrypted in transit and at rest using AES-256 encryption
  • PHI is never used to train AI models or shared with third parties outside the BAA
  • Access is limited to personnel necessary to perform contracted services
  • Breach notification procedures are in place per HIPAA requirements

4.2 Legal & Accounting — Client Confidentiality

When Sytoso provides services to law firms and accounting practices, we handle client data with appropriate confidentiality safeguards. We do not access or process privileged client communications. Data shared with Sytoso for the purpose of deploying intake and marketing systems is governed by a Data Processing Agreement (DPA) where applicable.

4.3 Real Estate — Lead & Transaction Data

When Sytoso deploys lead management and CRM integration systems for real estate clients, buyer and seller data is processed solely for the purpose of delivering the contracted service. We do not retain, sell, or share lead data beyond what is required for system operation. All CRM integrations are governed by the data processing terms of the respective CRM platform.

5. Data Sharing and Disclosure

We may share your information only in the following circumstances:

  • Service providers: Third-party vendors who assist in operating our website and services (e.g. scheduling tools, hosting), bound by confidentiality obligations
  • Legal requirements: When required by law, court order, or governmental authority
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to you
  • With your consent: For any other purpose with your explicit agreement

6. International Data Transfers

Sytoso serves clients across the US, Canada, UK, Australia, and other markets. Where personal data is transferred internationally, we implement appropriate safeguards including standard contractual clauses (SCCs) for EU/UK transfers and equivalent protections for other jurisdictions. By using our services, you consent to the transfer of your information as described in this policy.

7. Cookies

Our website uses cookies and similar technologies to enhance your experience. Types of cookies used:

  • Essential cookies: Required for the website to function. Cannot be disabled.
  • Analytics cookies: Help us understand how visitors use our site (e.g. page views, session duration). Used only in aggregate form.
  • Preference cookies: Remember your settings and preferences.

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

8. Data Retention

We retain personal information only as long as necessary to fulfil the purposes described in this policy, or as required by law. Client data under active service agreements is retained for the duration of the agreement plus 7 years for compliance purposes. You may request deletion of your data at any time (subject to legal retention requirements) by contacting hello@sytoso.com.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request erasure of your personal data (subject to legal obligations)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection / Restriction: Object to or restrict processing of your data
  • Withdrawal of consent: Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at hello@sytoso.com. We will respond within 30 days.

10. Security

We implement industry-standard technical and organisational security measures including TLS encryption for data in transit, AES-256 encryption for data at rest, access controls and audit logging, and regular security assessments. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but maintain appropriate safeguards proportionate to the risk.

11. Children's Privacy

Our services are directed exclusively to businesses (B2B) and are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. For material changes, we will provide notice via email or a prominent notice on our website.

13. Contact Us

For privacy-related questions, requests, or complaints:

Sytoso

Email: hello@sytoso.com

LinkedIn: linkedin.com/company/sytoso

View Terms & Conditions →