Privacy Policy

Last Updated: August 10, 2025

1. Introduction

Sysfora's services are intended for use by business customers, but we may process information about you when providing our services and operating our business. This Privacy Policy (the "Policy") provides a comprehensive description of how Sysfora collects, uses, and discloses information about you ("Personal Information"), as well as your rights and choices regarding such Personal Information. For purposes of this Policy, "Sysfora", "we", "our", and "us" refers to Sysfora Technologies Private Limited and its affiliates, and "you" or "your" refers to the individual interacting with us.

2. Applicability of this Policy

This Policy applies to all our Services and Website (collectively, the "Business").

Data protection laws distinguish between entities that control the purposes and means of processing information and entities that process information on behalf of other entities. The Sysfora Service Agreement or another written agreement (the "Agreement"), along with our terms and conditions and those of our partners and vendors, governs our provision of Services to a business customer (a "Company"). When Sysfora processes Personal Information on behalf of a Company to provide contracted Services, we do so in accordance with the terms of the Agreement and the Customer's instructions, not this Policy. If you wish to exercise your rights regarding Personal Information we are processing on behalf of a Company, you should contact the applicable Company for assistance, and Sysfora may forward communications we receive from you to the Company for resolution. We are not responsible for the privacy practices of our business customers, which may differ from those in our Policy.

Moreover, this Policy does not apply to any third-party applications or services that are used in connection with our Services, or any other products, services or accounts provided by other entities under their own terms of service and privacy policy (collectively, "Third-Party Services"). For example, a Company may connect, directly or through another application, messaging systems, e-mail services, e-commerce platforms, and other products and services to its Services account ("User Account").

If you do not agree with this Policy, then do not access or use the Services, Website or any other aspect of our Business.

3. Information Sysfora Processes

Sysfora will process information continuously through the operation of our Services and Websites, and through other interactions with our Business, as described in the Agreement. If you provide us with information about another individual, by acknowledging or agreeing to this Policy, you represent and warrant that you have the authority to do so and have delivered any required notices and obtained all necessary rights and consents to provide such information to us for processing in accordance with this Policy. If you believe information has been provided to us improperly, please notify us in accordance with the "Contact Us" section below.

A. Information Provided to Sysfora

We receive information when you submit it to our Business:

  • Contact Information, including your first name, last name, email address, phone number, business name or employer name, job title and address.
  • Communications, including when contacting sales or support, asking a question, providing product feedback or corresponding with our business teams.
  • Content, including any documentation, files or information you provide, which may include information about you or your business.
  • Third-Party Information, including information you provide about any clients, customers, co-workers, contractors, vendors or potential referrals, such as their Contact Information.
  • Job Applicant Data, including your employment and education history, transcripts, writing samples, and references as necessary to consider your job application for open positions.

The Services are intended for use by business customers and their employees and other authorized users ("Authorized Users"). If you or someone at your Company begins the process of applying for a User Account, we may receive information about you, your Company, and individuals associated with your Company. We may collect: (1) your Contact Information; (2) Identifying Data of Company owners, control persons and other relevant Company personnel, such as their date of birth, residential address, government-issued identification, and any information captured on such identification or through our identification verification process; and (3) other Company information requested by or provided to us. This information is needed to verify the identity of the customer wishing to use the Services, comply with legal and regulatory obligations applicable to us, determine the availability of Services offerings, and maintain your User Account.

In connection with providing Services, we receive additional information submitted by, on behalf of and relating to a Company and its Authorized Users, such as:

  • Authorized User Data, including your Contact Information, login credentials, and other information used by your Company to invite and manage Authorized Users.
  • Transaction Data, including information associated with your contracts, documentation, processes and playbooks made through you or your Company's User Account.
  • Connected Data, including information and documentation relating to you and your Company made available by Third-Party Services connected to the Services. Connected Data may be made available to Sysfora during the application process and after a User Account is opened for your Company. For example, some Third-Party Services (e.g., artificial intelligence systems and cloud service providers) may provide us with information about activities outside of the Services, like your location or business activity. Other third party services may disclose your Authorized User Data, and if your Company connects its email or messaging service, we may receive your email or messaging communications and attachments for processing. We may continue to access and receive Connected Data from a Third-Party Service until it is disconnected by you or your Company.

B. Information Generated and Collected by Sysfora

We generate, collect and derive information when you use or interact with our Services, Website and other products and services provided or used by our Business:

  • Use Data, including information and metadata about the pages or content you visit, the features you interact with, the workflows you construct, how much time you spend on a particular Website or using the Services, login and crash data, Third-Party Services you elect to connect to or use with the Services, your preferences or selections, the time of day you browse, and your referring and exiting pages.
  • Device Data, including information about the type of device or browser you use, your device's operating software and settings, your internet service provider, and device identifiers, such as IP address and advertising identifier.
  • Location Data, including an approximate geolocation derived from your IP address or business information.

We use cookies and other technologies to help us process information:

  • Log Files, which are files that record events that occur in connection with your use of technology services, including the Services and Website.
  • Cookies, which are small data files stored on your device that act as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate websites and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
  • Pixels (also known as web beacons), which are code embedded in a website, email, application or advertisement that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access technology that contains a pixel, the pixel may permit us or a separate entity to track your interactions. We may incorporate pixels from separate entities that allow us to track our conversions, bring you advertising, and provide you with additional functionality.
  • Device Fingerprinting, which is the process of analyzing and combining sets of data elements from your device, such as JavaScript objects and installed fonts, to create a "fingerprint" of your device and uniquely identify your device or applications on your device.
  • Software Development Kits (also referred to as SDKs), which are software tools used by developers to interact with a third-party platform.

C. Information Collected by Sysfora from Other Sources

We also collect and receive information from other sources:

  • Identity Verification, Fraud and Compliance Monitoring, and Business Information Providers, which may help us supplement our understanding of your business and its personnel, maintain security, prevent fraud and comply with regulation and contractual obligations.
  • Vendors and Console Users transacting with or supporting our business customers (e.g., merchants and accounting firms). For example, a merchant might supply us with their payment details and tax identification number so our business customers can make bill payments and report on their tax obligations.
  • Service Providers, which help us operate our Business.
  • Social Networks and Advertising Providers, including to help us identify or enrich our understanding of prospective customers, and to serve and measure advertising.
  • Joint Marketing, Business Partnership, Referrals, and Rewards Partners that we engage for joint marketing activities and our referrals and rewards programs.
  • Other Data Suppliers that provide information about industries, business trends, organizations and other matters related to our business.
  • Publicly-Available Sources, including information in the public domain that helps us identify potential customers and partners or conduct due diligence and risk management for potential and existing customers.

The categories of information we collect and receive from these sources may include all of the categories identified above in "Information Provided to Sysfora" and "Information Generated and Collected by Sysfora." We treat the information obtained from other sources in accordance with any laws or contractual obligations applicable to us.

4. How Sysfora Uses Information

We use information for business and commercial purposes in accordance with the practices described in this Policy. In addition, Sysfora uses information to operate our Services, Website, and Business as follows:

  • Providing and Maintaining Our Services, Website and Business. To provide, operate and manage our Services, Website and other parts of our Business, including to perform customer validation and enable you to use our Services, prevent or address technical issues and disruptions, and analyze and monitor usage and activities.
  • Communicating with You. To send you notices, updates, security alerts, information regarding changes to our policies and terms, and support administrative messages.
  • Security and Fraud Prevention. To maintain the safety and security of our Business and manage risk, including identifying and troubleshooting any issues with the Services, investigating suspicious activity, detecting and preventing potentially fraudulent or unauthorized transactions and breaches of policies and terms, and threats of harm, including in an automated fashion.
  • Legal Obligations and Enforcing Our Rights. To fulfill legal, regulatory and contractual obligations, including when cooperating with government authorities, courts and regulators in accordance with applicable law, maintaining records to demonstrate compliance with applicable law and regulation, protecting our legal rights and pursuing remedies available to us.
  • Developing and Improving Our Business. To make the Services and other aspects of our Business as useful as possible for customers, including by improving and expanding our products and operations. For example, we may develop or improve Services by analyzing how you use features, the documentation you submit or information associated with your transactions.
  • Auditing and Research. To conduct internal reporting, auditing, and research, including focus groups and surveys.
  • Marketing and Advertising. To develop, send and measure advertising, direct marketing, and communications about our products, offers, promotions, rewards, events, and Services. We may also use information to engage in personalized advertising, including Interest-based Advertising (discussed further below in the "Analytics and Advertising" section).
  • Generating Aggregate or De-identified Information. To develop de-identified information by removing or masking information that could be used to identify you and by aggregating or combining information with other information.
  • At Your Direction. To fulfill any other purpose at your direction, including as expressed through your or your Company's use of Services functionality. For example, if you direct us to connect your User Account to a Third-Party Service, such as Dropbox, Slack, Google Docs or Teams, we will process that request accordingly.

Notwithstanding the above, we may use information that does not identify you for any purpose permitted by law or contractual obligation applicable to us. For information on your rights and choices regarding how we use your Personal Information, please see the "Your Rights and Choices" section below.

5. Disclosure of Information by Sysfora

We disclose information we collect in accordance with the practices described in this Privacy Policy. The categories of parties to whom we disclose information are:

  • Service Providers. We disclose information to service providers that process information on our behalf. Service providers assist us with services, such as artificial intelligence, cloud infrastructure, website hosting, analytics, collaboration and technical support. Depending on the service, we provide information on a continuous basis (e.g., fraud services) or on an as-needed basis. We contractually prohibit our service providers from retaining, using, or disclosing information about you for any purpose other than performing services for us, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law or contractual obligation. Additional information about the subprocessors we use to support delivery of our Services is made available at trust.sysfora.com.
  • Affiliates. We disclose information to our affiliates and related entities.
  • Business Customers. We disclose information to our business customers to provide Services on their behalf. For example, we may disclose information to your Company to process your payment, provide Services, report on your use of your Company's User Account, respond to your and their questions, comply with your and their requests, and otherwise comply with the law. In addition, your Company can assign different roles to Authorized Users, which will have different associated capabilities and permissions. We will disclose information about your use of the Services to other Authorized Users who may include members of your Company's finance department, your manager, a Company service provider or other Company personnel. Our business customers are independent entities and their processing of information is subject to their own policies and terms.
  • Connected Services. We disclose information to Third-Party Services and their providers if you or your Company use Third-Party Services in connection with the Services.
  • Identity Verification and Customer Validation Services. We disclose information as necessary to verify your identity and perform other compliance functions.
  • Vendors and Service Providers. To assist us in meeting business operations needs and to perform certain services and functions, we may provide Personal Information to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, email communication software, web analytics services, and other information technology providers, among others. Pursuant to our instructions, these parties will access, process, or store Personal Information only in the course of performing their duties to us.
  • Marketing and Advertising. We disclose information to vendors, platforms, analytics providers and other parties for marketing and advertising related purposes. For more information on our online advertising practices, see the "Analytics and Advertising" section below.
  • Mergers and Acquisition. We disclose information in connection with, or during negotiations of, any proposed or actual financing, merger, purchase, sale or any other type of equity or debt transaction or acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
  • Security, Fraud Detection and Compelled Disclosure. We disclose information to comply with the law, regulations, payment network rules, or legal process, investigate suspicious or potentially fraudulent activity, and where required in response to lawful requests by regulators, law enforcement.
  • Referrals and Joint Marketing. We disclose information about you and your Company's User Account to our partners in connection with facilitating referral partnerships or engaging in joint marketing activities. For example, if you or your Company were referred to us through a referral partner, we may disclose information with our referral partner to confirm the status of your application and to calculate the referral fee.
  • At Your Request. We disclose information at your request or direction.
  • With Notice to You and Your Consent. We may otherwise disclose information after providing notice to you and obtaining your consent.

Notwithstanding the above, we may disclose information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by law or contractual obligation applicable to us. For information on your rights and choices regarding how we share information about you, please see the "Your Rights and Choices" section below.

6. Analytics and Interest-Based Advertising

Where permitted under laws applicable to our Business, we use analytics services to help us understand how users access and use the Website and other aspects of our Business. In addition, we work with agencies, advertisers, ad networks, and other technology services to place advertisements on our behalf on other websites and services. For example, we may place ads through Google, LinkedIn and Facebook that you may view on their platforms as well as on other websites and services.

As part of this process, we may use tracking technologies (including incorporating them into our Website and emails), as well as incorporating into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you ("Interest-based Advertising").

For further information on the types of tracking technologies we use and your rights and choices regarding analytics and Interest-based Advertising, please see the "Your Rights and Choices" section below. You will continue to see advertising, including potentially from us, even if you opt out of personalized advertising.

7. Data Transfer

Our business operates from India. Any personal information we collect may be transferred to, processed, used, handled, and stored in India and other jurisdictions. Data protection laws in India may differ from those in your country of residence, and the laws of your country of residence may not apply to our Business. Nevertheless, we take appropriate measures to comply with applicable data protection requirements where feasible.

8. Additional Important Information

  • Security. We use organizational, technical, and administrative measures designed to protect your Personal Information from loss, theft, misuse, and unauthorized access, disclosure, alteration and destruction. However, no information security program or transfer via the internet is entirely secure so we cannot guarantee the security of your Personal Information.
  • Use by Minors. Our Service is not directed to children under the age of 13. We do not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to us, please email us at contact@sysfora.com. We will investigate any notification and take appropriate action. If you are 13 or older, but under 18, you must have permission from your parent or guardian to use our Services.
  • Retention. Sysfora collects and stores Personal Information for the purposes outlined in this Policy. We retain Personal Information for as long as we continue to have a business or operational purpose to retain it, and may continue to retain and use Personal Information as necessary to comply with (or demonstrate compliance with) our legal or regulatory obligations, resolve disputes, prevent fraud, and enforce our rights. Please note that our retention obligations may require us to retain your Personal Information after you are no longer an Authorized User or your Company's User Account has closed. These retention obligations may also prohibit us in some cases from deleting Personal Information after you have asked us to delete your Personal Information. When the applicable retention period elapses, we will delete or de-identify your Personal Information in accordance with our policies and procedures.
  • Changes to this Privacy Policy. We reserve the right to modify and reissue this Policy at any time by posting an updated version. If we have an existing relationship with you, you represent a Company, or you are an Authorized User, we may provide notice through our Website, your Company’s User Account, or directly using the contact information you have provided to us. If we do not have an existing relationship with you, for example, if you only visit our Website, any notice will be posted on our Website. Any privacy notice is effective upon posting or when it is otherwise provided to you. We encourage you to review this Policy regularly to stay informed about the personal information we collect, how we use and process it, and under what circumstances we may disclose it to third parties.

9. Your Rights and Choices

  • User Account. Sysfora Services are intended for use by business customers, and you may only use a User Account if you are an employee or other Authorized User of a Company that has opened a User Account. The information in a Company's User Account is governed by our Agreement with the business customer. You should direct questions about Personal Information we are processing on behalf of a Company to that Company's administrators. If you are an Authorized User, you may also be able to access, update, or delete certain information within your Company's User Account through the Services, provided that the Company and its administrators are responsible for determining how that data is processed.
  • Tracking Technology Choices.
    • Cookies and Pixels. Most browsers and devices accept cookies by default. You can instruct your browser or device, by changing its settings, to decline or delete cookies. If you use multiple browsers or devices, you may need to instruct each separately. Your ability to limit cookies is subject to your settings and limitations.
    • Do Not Track. Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to "Do Not Track" signals. For more information on "Do Not Track," visit http://www.allaboutdnt.com.
  • Communications.
    • E-mails. You can opt out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link. Please note that you cannot opt-out of non-promotional emails, such as those about your Company's User Account, transactions, servicing, or our ongoing business relations.
    • Text or SMS Messages. If you have opted in to receiving text or SMS messages related to your use of the Services, you can opt-out at any time by texting "STOP" to the short code. After you send the SMS message "STOP" to us, we will send you an SMS message to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from us. Text messaging originator opt-in data and consent will not be shared, sold, rented or otherwise disclosed by us for marketing purposes. For more information, please see the Agreement.

    Please note that your opt out is limited to the email address or phone number used and will not affect subsequent subscriptions.

10. Contact Us

Where applicable, to exercise your rights regarding your personal information, to ask general questions about this Policy, our data practices, or our compliance with applicable law, or if you experience any difficulties accessing the information in this Privacy Policy, please contact us at contact@sysfora.com