Privacy Policy

Syn Eater Consulting (“Syneater”, “we”, “us”, or “our”) respects your privacy and is committed to protecting personal information in accordance with the laws of the Republic of South Africa, including the Protection of Personal Information Act 4 of 2013 (“POPIA”), the Promotion of Access to Information Act 2 of 2000 (“PAIA”), and the Electronic Communications and Transactions Act 25 of 2002 (“ECTA”), where applicable.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit syneater.com, submit an enquiry or quote request, communicate with us, or otherwise interact with our website and related online services (collectively, the “Website”).

This policy applies to personal information processed through the Website. If you engage us for paid services, a separate written agreement (such as a statement of work, master services agreement, or proposal) may contain additional privacy, confidentiality, and data-processing terms that apply to that engagement.

Use of the Website is also governed by our Terms of Use.

For purposes of POPIA, Syn Eater Consulting is the responsible party that determines the purpose and means of processing personal information collected through the Website.

Syn Eater Consulting

• Trading name: Syneater
• Website: https://syneater.com
• Email: [email protected]
• Telephone: +27 12 051 0686
• Physical address: Pretoria, Gauteng, South Africa

POPIA requires responsible parties to designate an Information Officer. Privacy enquiries, data subject requests, and Information Officer communications may be directed to [email protected] using the subject line “POPIA Request”.

In this Privacy Policy:

• “Personal information” has the meaning given in POPIA and includes information relating to an identifiable, living natural person and, where applicable, an identifiable juristic person.
• “Processing” means any operation performed on personal information, including collection, storage, use, disclosure, deletion, or destruction.
• “Operator” means a person who processes personal information on behalf of a responsible party.
• “Data subject” means the person to whom personal information relates.
• “Special personal information” includes religious or philosophical beliefs, race, health, biometric information, and other categories listed in POPIA.

We collect only personal information that is adequate, relevant, and not excessive for the purposes described in this policy, in line with POPIA Condition 3.

4.1 Information you provide directly

• Contact form: name, email address, subject, and message content.
• Business quote form (/quote): full name, work email, phone number (optional), role, company name, company website (optional), country or region, selected services, timeline, project summary, current setup (optional), and notes (optional).
• Penetration testing quote form (/pentest-quote): full name, work email, phone number (optional), role, company name, company website, country, industry, assessment types, target assets, environment details, user base (optional), business context, previous testing (optional), timeline, concerns, constraints (optional), asset owner, decision maker, and notes (optional).
• Communications you send to us by email, phone, WhatsApp, or other channels initiated via the Website.

4.2 Information collected automatically

• Technical and usage data such as IP address, browser type and version, device type, operating system, referring URL, pages viewed, date and time of access, and general interaction data.
• Security and anti-abuse data collected through Cloudflare Turnstile when you submit a form, which may include browser signals, challenge results, and related metadata used to distinguish legitimate users from automated abuse.
• Server, application, and security logs generated by our hosting and infrastructure providers.

4.3 Information we do not intentionally collect

Please do not submit special personal information, passwords, credentials, payment card numbers, or other highly sensitive secrets through the Website unless we have expressly requested them through a secure channel as part of an agreed engagement. Our quote forms include a confirmation that you will not submit secrets through the public form.

• When you complete and submit a form on the Website.
• When you contact us using contact details published on the Website.
• When you browse or interact with the Website and technical information is logged automatically.
• When third-party service providers process information on our behalf to operate, secure, or deliver the Website (for example, hosting, email delivery, or bot protection).

We process personal information for specific, explicitly defined, and lawful purposes connected with our business operations, in accordance with POPIA Condition 4. We will not process your personal information for a secondary purpose that is incompatible with the original purpose unless permitted by law or with your consent where required.

1. Responding to enquiries and quote requests — to assess your request, communicate with you, and provide information about our services (lawful basis: taking steps at your request; legitimate interests; consent where required).
2. Pre-sales and business development — to evaluate fit, scope, pricing, and next steps for potential engagements (lawful basis: legitimate interests; consent where required).
3. Website operation and security — to maintain availability, prevent fraud and abuse, troubleshoot errors, and protect the Website and users (lawful basis: legitimate interests; legal obligation where applicable).
4. Record keeping and compliance — to maintain business records, demonstrate compliance, and respond to lawful requests from regulators or authorities (lawful basis: legal obligation; legitimate interests).
5. Service delivery — where you become a client, to perform contractual obligations under a separate written agreement (lawful basis: contract; consent where required).

We do not sell personal information. We do not use your personal information for unsolicited direct marketing unless you have given appropriate consent or another lawful basis applies under POPIA section 69 and related regulations.

Where POPIA requires consent, we will request it in a clear and specific manner before processing. For example, our quote forms require you to confirm that we may contact you about your request.

If you choose not to provide personal information we reasonably require to respond to an enquiry or quote request, we may be unable to assess or progress your request. Basic browsing of the Website does not require you to submit personal information.

We do not add you to marketing lists solely because you submitted a contact or quote form. If you ask us to send service updates or marketing communications, you may withdraw consent or opt out at any time by contacting [email protected] or using the unsubscribe mechanism in a message, where provided.

POPIA restricts unsolicited electronic direct marketing. We comply with applicable requirements, including honouring objections and opt-out requests without undue delay.

The Website may use cookies, local storage, or similar technologies to support core functionality, remember preferences (such as theme settings), improve performance, and understand general usage patterns.

Cloudflare Turnstile may set or access cookies or use similar technologies when you submit a form. For more information, refer to Cloudflare's privacy documentation.

You can manage cookies through your browser settings. Disabling cookies may affect certain Website features, including form verification.

We do not sell, rent, or trade personal information. We may disclose personal information only where necessary and subject to appropriate safeguards:

• Operators and service providers who assist us to host, secure, deliver email from form submissions, or operate the Website (for example, hosting providers, email/SMTP providers, and Cloudflare for Turnstile). These parties are expected to process information only on our instructions and implement appropriate security measures.
• Professional advisers such as lawyers, accountants, or insurers, where necessary and subject to confidentiality obligations.
• Law enforcement, regulators, courts, or other authorities where required by law, court order, or to protect our rights, users, or the public.
• A successor entity in connection with a merger, acquisition, reorganisation, or sale of assets, subject to this policy or equivalent protections.

Where operators process personal information on our behalf, we take reasonable steps to ensure they are bound by written contracts or terms requiring POPIA-compliant processing and security safeguards, as required by POPIA section 21.

Some of our operators may process or store personal information outside South Africa (for example, where cloud, security, or email infrastructure is hosted abroad). Where personal information is transferred cross-border, we will take reasonable steps required by POPIA section 72, which may include ensuring the recipient is subject to adequate data protection laws, binding agreements, or appropriate safeguards.

By using the Website and submitting personal information, you acknowledge that such transfers may occur for the purposes described in this policy.

We implement reasonable technical and organisational measures designed to protect personal information against loss, unauthorised access, disclosure, alteration, or destruction, in line with POPIA section 19. Measures may include:

• Secure hosting and transport encryption (HTTPS/TLS) where supported.
• Access controls limiting staff access to personal information on a need-to-know basis.
• Form validation, anti-abuse controls (including Cloudflare Turnstile), and monitoring.
• Administrative policies for handling enquiries and quote requests.
• Backups and recovery procedures appropriate to our operations.

No method of transmission or storage over the internet is completely secure. While we strive to protect personal information, we cannot guarantee absolute security. You are responsible for ensuring that information you submit is appropriate for the channel used and does not include secrets unless expressly requested through a secure method.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law.

• Enquiry and quote records are generally retained for a period necessary to respond, evaluate, and maintain business records (typically up to 3 years unless a longer period is required for legal, tax, or dispute purposes).
• Client-related records are retained in accordance with contractual obligations and applicable legal retention requirements.
• Server and security logs may be retained for shorter operational periods unless needed for incident investigation.

When personal information is no longer required, we will delete, destroy, or de-identify it in a manner consistent with POPIA and our internal retention practices.

We take reasonable steps to ensure personal information is complete, accurate, not misleading, and updated where necessary, in accordance with POPIA section 16. Please notify us if your information changes or if you believe we hold inaccurate information.

Subject to POPIA and applicable exceptions, you have the right to:

• Request confirmation of whether we hold personal information about you.
• Request access to personal information we hold about you.
• Request correction or deletion of personal information where appropriate.
• Object to processing of personal information in certain circumstances.
• Request restriction of processing in certain circumstances.
• Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, where applicable.
• Withdraw consent where processing is based on consent (without affecting prior lawful processing).
• Lodge a complaint with the Information Regulator.

To exercise these rights, email [email protected] with the subject line “POPIA Request” and sufficient detail for us to identify you and your request. We may need to verify your identity before responding. We will respond within a reasonable period and in accordance with POPIA timeframes.

Access to certain records may also be governed by PAIA. PAIA requests may be submitted to [email protected] and will be handled in accordance with applicable legislation.

If we become aware of a security compromise involving personal information, we will take steps required by POPIA section 22, which may include assessing the incident, taking remedial action, and notifying the Information Regulator and affected data subjects where required by law.

The Website is intended for business and professional users. We do not knowingly collect personal information from children under 18 without appropriate consent. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

The Website may contain links to third-party websites, platforms, or tools (for example, WhatsApp or partner sites). We are not responsible for the privacy practices of third parties. You should review their privacy policies before providing personal information to them.

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. The updated version will be published on syneater.com with a revised effective date. Material changes may be highlighted on the Website where appropriate. Continued use of the Website after an update constitutes notice of the revised policy.

For privacy questions, Information Officer enquiries, or data subject requests:

Syn Eater Consulting

• Email: [email protected]
• Telephone: +27 12 051 0686
• Address: Pretoria, Gauteng, South Africa
• Website: https://syneater.com

Information Regulator

If you believe your personal information has been processed unlawfully, you may lodge a complaint with the Information Regulator:

• Website: https://inforegulator.org.za
• Email: [email protected]
• Telephone: 010 023 5200
• Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001