Effective date: January 1, 2026

This Privacy Policy explains how Synendo (“we”, “us”, “our”) handles personal data in connection with VisionTagger (the “App”) and the VisionTagger product website (the “Website”).

If you are a consumer or data subject in certain jurisdictions (including the EEA/UK), you may have mandatory privacy rights. This policy is intended to describe our practices transparently and does not limit any rights you may have under applicable law.

1. Scope

This Privacy Policy applies to:

• the VisionTagger Website and any pages that link to this policy,
• the VisionTagger macOS application,
• support requests submitted through the in-app feedback form.

It does not cover third-party services that you access independently, including the checkout and payment flow operated by our Merchant of Record.

2. Key points

• VisionTagger generates metadata locally on your Mac. We do not receive your images or the metadata generated from them, and we do not process your image content on our servers.
• We do not use advertising cookies.
• We do not use in-app analytics or telemetry to track how you use VisionTagger.
• We process limited personal data for:
  • website operation and security (basic server logs),
  • app licensing/activation and fraud prevention,
  • update checks,
  • support messages you submit.

3. Who is responsible for your data (Controller)

Controller: Synendo
Contact: apps@synendo.com

If you are in the EEA/UK and we appoint an EU/UK representative or Data Protection Officer (DPO), we will list those details on the Website or in an updated version of this policy.

4. What we do not collect

We do not collect or store:

• the images you process in VisionTagger,
• the metadata generated from your images (unless you choose to paste it into a support request),
• in-app analytics, behavioral telemetry, or usage profiling about how you use VisionTagger.

5. Cookies and analytics (Website)

We do not use advertising cookies.

We may use cookieless measurement on the Website to understand basic traffic patterns (for example, aggregated page views). If we use cookieless measurement, it is designed not to rely on browser identifiers or cross-site tracking.

Our hosting provider may use strictly necessary technical mechanisms (for example, for security, rate limiting, or load balancing). If we add cookies or similar technologies in the future, we will update this Privacy Policy and, where required, request your consent.

6. Personal data we may process

6.1 Website technical data (server logs)

When you visit the Website, our hosting infrastructure may automatically process basic technical data such as:

• IP address,
• date/time of request,
• requested page/URL,
• browser and device information (user agent),
• referrer URL (if provided by your browser),
• error logs (if a request fails).

Purpose: operate and secure the Website, prevent abuse, and troubleshoot.
Legal basis (EEA/UK): legitimate interests (Website operation and security).
Retention: retained only as long as necessary for security and operations (typically a short period set by our hosting provider), then deleted or anonymized.

6.2 Support and feedback requests (in-app form)

When you submit a feedback/support request, we process the information you provide, which may include:

• message content,
• optional (first) name,
• optional email address,
• app and system version,
• an identifier of the app installation (used to help diagnose issues and respond).

Please avoid submitting sensitive personal information in feedback messages. If you include personal data in your message, you control what you share.

Purpose: respond to your request and provide support.
Legal basis (EEA/UK): contract necessity (customer support related to the App) and/or legitimate interests (providing and improving support).
Retention: retained for up to 90 days, unless a longer period is necessary to resolve an ongoing issue, enforce our agreements, or meet legal obligations.

6.3 License activation and license validation

VisionTagger includes a license activation/validation flow. When you enter a license key, the App may validate it with our licensing service.

Depending on implementation, validation may involve processing:

• license key,
• technical information needed to validate the license (for example, app version and basic device/OS details),
• connection metadata (for example, IP address and request headers) as part of normal network operation and security logging.

We do not use license validation to build usage profiles or to track your activity within the App.

Purpose: activate and manage your license; prevent fraudulent use and protect service integrity.
Legal basis (EEA/UK): contract necessity (license delivery) and legitimate interests (fraud prevention and security).
Retention: licensing records and security logs are retained only as long as necessary for licensing operations, fraud prevention, dispute handling, and legal obligations.

6.4 Update checks

When the App checks for updates, it may connect to our update feed. Our infrastructure will receive typical connection data (for example, IP address and request headers) and may receive basic app/OS version information required to determine update eligibility.

Purpose: provide software updates and maintain the security and reliability of VisionTagger.
Legal basis (EEA/UK): legitimate interests and/or contract necessity.
Retention: update-feed logs are retained only as long as necessary for security and operations, then deleted or anonymized.

7. Purchases and payments

Purchases of VisionTagger are processed by FastSpring acting as our Merchant of Record. FastSpring is the legal seller for the transaction and is responsible for payment processing, tax/VAT handling, invoicing, fraud screening, and checkout data.

• FastSpring will process personal data you provide during checkout (for example, name, email, billing details, tax details) according to its own policies.
• We may receive limited transaction or fulfillment data necessary to deliver and support the license (for example, confirmation that a purchase occurred, an order reference, refund/chargeback status, and/or license fulfillment status).

For FastSpring’s terms and privacy information, see:

• https://fastspring.com/legal
• https://fastspring.com/privacy

8. Sharing and recipients

We do not sell personal data.

We may share limited personal data with:

• FastSpring for sales, payments, and fulfillment processes related to your purchase (see Section 7),
• hosting providers that deliver the Website and update feed and process standard logs on our behalf,
• support tooling providers (if we add any in the future) that help us receive and respond to support requests.

Where we use service providers, we seek to use appropriate contractual protections (such as data processing terms) consistent with applicable law.

9. International transfers

Our service providers may process data outside your country. Where EEA/UK transfer rules apply, we use appropriate safeguards (such as Standard Contractual Clauses or other recognized transfer mechanisms) where required.

10. Data retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

• Support requests: up to 90 days (unless extended as described in Section 6.2).
• Website and update-feed logs: short operational retention (typically set by our hosting provider), then deleted or anonymized.
• Licensing records: retained as needed to operate licensing, prevent fraud, handle disputes, and comply with legal obligations.

11. Security

We use reasonable administrative, technical, and organizational measures to protect personal data, including access controls and encryption in transit where applicable. No method of transmission or storage is 100% secure.

12. Your rights (EEA/UK and similar jurisdictions)

Depending on your location, you may have rights to:

• access your personal data,
• correct inaccurate data,
• delete data,
• object to or restrict processing,
• data portability,
• withdraw consent where processing is based on consent,
• lodge a complaint with your supervisory authority.

To exercise rights, contact: apps@synendo.com. We may need to verify your request before responding.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on the Website and update the effective date above. Changes apply from the posted effective date.

14. Contact

Privacy questions or requests: apps@synendo.com