Big news! Syndigo acquires Taggstar to make product experiences dynamic and contextual.

Read More
close
search
globe
  • English
  • Français
  • German
  • Polski
Solutions
Product Experience Cloud for Brands
Product Experience Cloud for Brands
Product Experience Cloud for Retail
Product Experience Cloud for Retail
Master Data Management (MDM)
Master Data Management (MDM)
Product Information Management (PIM)
Syndication
Rich Media
GDSN
Vendor Central
Analytics
PowerReviews
Agentic Commerce Solutions
AI GoPilots
App Marketplace
Nutrition & Wellness
In-Store Solutions
Global Professional Services
Industries
Manufacturing
Retail
CPG
Foodservice
Restaurants & Operators
Industrial Manufacturing
Healthcare
Automotive Aftermarket
Partners
Become a Partner
Find a Partner
Enabler Partner
Partner Portal
Influencer Program
Syndigo Community
Resources
Syndigo Connect 2026
Blogs
Resource Library
Webinars
Glossary
Success Stories
Syndigo University
App Marketplace
Sustainability
1WorldSync Acquisition
Taggstar Acquisition
Innovation Updates
Company
About
Leadership Team
Careers
News
Events
Support
Talk to Sales
search
globe
  • English
  • Français
  • German
  • Polski
Talk to Sales
close

Syndigo Product Privacy Notice

Syndigo

Effective Date: March 13, 2026

Introduction and Scope

At Syndigo LLC, including our subsidiaries and affiliates (“Syndigo,” “we,” “us,” “our”), we take your privacy seriously. We are committed to protecting any personal information (“Personal Data”) that we process while delivering our products and services.

This Privacy Notice (the “Notice”) explains what Personal Data we process to provide the Services, why we process it, and how we keep it secure. When we say  “you,” we mean the end-users of our Services.

What This Notice Covers

This Notice applies to Personal Data we process while providing Syndigo’s products and services to business customers, including:

  • Product Experience Management (PXM)
  • Content Experience Suite
  • Syndication
  • Enhanced Content
  • Enterprise Data Suite (EDS)
  • Analytics
  • Master Data Management (MDM)/Product Information Management (PIM) solutions
  • The PowerReviews Platform
  • The BzzAgent Platform
  • Nutritionix Label Manager
  • Atrify
  • AI GoPilots™
  • 1WorldSync
  • Link Manager, and
  • Any other Syndigo service that links to this Notice

Collectively, we call these the “Services.”

Our Role in Processing Personal Data (Controllership)

When providing the Services, Syndigo acts primarily as a storage and service provider. Under many data protection laws, this means we serve as a data processor or service provider. This means:

  • Our customers decide and control what Personal Data we process and their independent uses of such Personal Data.
  • We process that data only according to their instructions.

Because our customers are the data controllers, they are responsible for determining how and why Personal Data is used and for responding to privacy rights requests, including requests for access, deletion, correction, restriction or objection, data portability, marketing preferences, and opt-outs from profiling, targeted advertising, or the sale or sharing of Personal Data.

Do Not Send Privacy Rights Requests to Syndigo

As a data processor, Syndigo is generally not authorized to respond directly to data subject rights requests relating to Personal Data processed through the Services. Therefore, please submit such requests to the brand, retailer, or business that originally collected your Personal Data. If a request is sent to Syndigo, we may forward it to the relevant customer and assist the customer in responding in accordance with our contractual obligations.

Sales / Data Broker Note

Syndigo does not sell Personal Data in the provision of its Services, and Syndigo does not operate as a data broker. Syndigo’s core business involves processing Personal Data solely on behalf of our customers (such as brands and retailers) through the Services and do not decide whether data is sold, shared, or otherwise disclosed. Accordingly, Syndigo is not directly responsible for implementing or honoring controller-level opt-out or deletion tools, including centralized or third-party opt-out or deletion mechanisms established by customers or regulators.

What This Notice Does Not Cover

This Notice does not apply to Personal Data we collect or process in other contexts, such as:

  • Personal Data you provide directly through Syndigo’s public website (www.syndigo.com)
  • Data we process for analytics to improve usability
  • Data processed to deliver customer support
  • Data processed through Syndigo University
  • Data used for our own sales and marketing activities
  • Personal Data of Syndigo employees or applicants
  • Data used for security of our websites, platforms and services
  • Data used to validate contractual access entitlement

In these situations, Syndigo acts as a data controller, and different privacy notices apply (for example, our general privacy notice or our HR specific notices).

Basis of Processing

Within the scope of this Notice, we process Personal Data based on the documented instructions of our customers. To learn about our customers’ lawful bases for processing your Personal Data, please read their respective privacy notices.  

How We Receive Personal Data

We receive Personal Data in the following main ways:

  • From our customers and their representatives: for example, when employees, contractors, or other authorized users enter information into the Services.
  • From customer-provided user lists: customers may upload or share lists of authorized users so that Syndigo can create accounts or enable access within the Services.
  • From embedded content on customer websites: when our tools are integrated into brand or retailer websites, limited interaction data may be collected as visitors engage with that content.
  • From use of the Services: when users access or interact directly with the Services, certain activity and technical data are automatically recorded.
  • For Link Manager: From interactions with customer links or QR codes: when a user scans or accesses a link generated through tools such as Link Manager, certain technical information may be collected automatically and stored temporarily in system logs for security, troubleshooting and service integrity purposes, including the IP address associated with the request and approximate location derived from that IP address, in order to route the user to the appropriate destination, and generate aggregated analytics.

Categories of Personal Data

Depending on the Service used, we may process the following categories of Personal Data:

  • Account and Identification Data
    • Credentials such as username, email address, and password
    • IP address
    • First and last name
  • Professional and Contact Data
    • Company (tenant) name and job title
    • Application role (for example, administrator or standard user)
    • Phone number and work or personal email address
  • Technical and Usage Data
    • Browser type and version
    • Operating system
    • General device or network information associated with access to the Services
  • Product-Specific Data Categories: Some data elements are only processed in connection with particular products or modules:
    • Enhanced Content and ContentCast: For visitors to customer websites where these tools are enabled, we may process:
      • Randomly generated identifiers such as user ID, session ID, or visitor ID
      • IP address
        • Enhanced Content: collected momentarily and not stored
        • ContentCast: anonymized before storage
      • User agent and browser information, including page views and time on page
      • Approximate location data such as city, region, state, country, or continent
      • Delivery-related interaction events, such as content loaded, displayed, or clicked
    • Swogo: For visitors to customer websites using Swogo:
      • Interactions with suggested or related products, including basket activity
      • Selection of product variations
      • Records of related products purchased and associated order identifiers generated by the customer’s website
    • PowerReviews Platform and BzzAgent Platform: For consumers who submit reviews or participate in campaigns:
      • Review text, ratings, and submitted content
      • Usernames or public handles
      • Public social media content and engagement metrics
      • Timestamps and related metadata associated with submissions or interactions
    • Link Manager: For visitors who access links or scan QR codes generated through Link Manager, we may process:
      • IP address associated with the request
      • Approximate geographic location derived from the IP address, such as country or regional subdivision (for example, state or province)
      • Information about the link or QR code accessed
      • Date and time of the interaction
      • Aggregated analytics derived from link access or QR code scans, such as the number of scans within particular countries or regions over a given period

Purposes of Processing

We process Personal Data only as necessary to provide and operate the Services, including to:

  • Enable access and use of the Services, such as account creation, login, and user authentication.
  • Operate content and campaign features, including the submission, display, moderation, validation, and reporting of related activity.
  • Provide analytics and reporting to customers, including aggregated insights and benchmarking.
  • Maintain security, availability, and integrity of the Services, including fraud prevention and system monitoring.
  • Create and maintain activity logs so customers can audit actions performed within their environments.
  • Improve and personalize the Services and user experience.
  • For Link Manager: To route users to the appropriate destination based on geographic region and to generate aggregated usage analytics for our customers.

Data Retention and Deletion

Syndigo retains Personal Data only for as long as necessary to provide the Services and in accordance with customer instructions, applicable law, and our contractual obligations. Our customers determine the appropriate retention period(s) in their role as data controllers.

Syndigo may also retain limited Personal Data where required to comply with legal obligations, resolve disputes, enforce agreements, maintain security, or meet legitimate business and audit requirements.

Upon termination or expiration of the applicable customer agreement, Syndigo will delete or return Personal Data in accordance with the customer’s instructions and the terms of our contractual agreements, unless retention is required or permitted under applicable law.

Cookies and Tracking Technologies

If a service uses cookies or tracking technologies, please refer to the applicable cookie notice found within the applicable product or service.

Data Integrity & Security

Syndigo has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction. You can learn more about our security practices here.

Sharing Personal Data

Syndigo does not sell Personal Data and shares Personal Data only as necessary to operate, secure, and improve the Services, as authorized by our customers, or as otherwise required by law. We may share Personal Data with:

  • Syndigo affiliates, for internal administrative support, and operational purposes consistent with this Notice and our contractual agreements with each customer.
  • Service providers (sub-processors), who process Personal Data on our behalf under contractual obligations requiring confidentiality, appropriate security measures, and use of the data solely to provide services to Syndigo or as legally required. These service providers commonly include:
    • Cloud infrastructure and hosting providers
    • Software-as-a-Service and technical support providers
  • Third parties authorized by our customers, such as partners, agencies, consultants, retailers, brands, or other companies with whom the customer chooses to collaborate. In the context of Enhanced Content, syndication, or similar distribution features, these third parties may receive data made available through the customer’s configuration of the Services. In most cases, access is limited to aggregated or de-identified information, unless the customer expressly enables broader visibility.

Processing of Personal Data by Our Customers

Certain features of the Services allow our customers to access and view information processed within their environments, which may include Personal Data as well as aggregated or de-identified data, depending on the customer’s configuration and the specific Service used. Customers may use this information for their own legitimate business purposes, such as performance reporting, billing, auditing, compliance, analytics, and operational management. Syndigo provides these capabilities solely as a service provider and does not control or determine the customers’ independent uses of such Personal Data.

International Transfers of Personal Data

Syndigo LLC is headquartered in the USA, and Syndigo affiliates are established in multiple jurisdictions, including the USA, UK, India, Canada, Brazil, Mexico, France, Poland, Germany, Ireland, and Switzerland. Our service providers also operate globally, and information about them can be found here.

When Personal Data is transferred internationally, Syndigo implements appropriate safeguards designed to ensure that the data continues to receive a level of protection consistent with applicable data protection laws. These safeguards may include:

  • Adequacy decisions where recognized by relevant authorities, such as transfers to the United Kingdom, Brazil, or Switzerland, from the European Economic Area (EEA) based on the European Commission’s adequacy decisions and any other relevant adequacy findings from relevant jurisdictions.
  • Standard Contractual Clauses (SCCs) adopted by relevant authorities, such as the EU 2021 SCCs, the UK International Transfer Addendum, UK International Data Transfer Agreement, and any other approved data transfer mechanisms.
  • Participation in, or reliance on, the Data Privacy Framework (DPF) and equivalent mechanisms for transfers involving the United States.
  • Other legally approved transfer mechanisms are recognized under applicable data protection laws.

Data Privacy Framework (DPF)

For individuals whose Personal Data is safeguarded by the Data Privacy Framework, before sending your Personal Data to a third party, we will do one of two things:

  • Seek your consent; or
  • Demand privacy and security: We will ensure the third party maintains the same level of privacy and security for your data as we do. We are accountable and  liable for the protection of your Personal Data when we transfer it to others except when we can prove that we are not responsible for an event that leads to any unauthorized or improper processing. We either send it to a country, territory or sector within a country that is recognized as providing the same level of personal data protection as the country of origin or the Data Privacy Framework, or use safeguards like the Data Privacy Framework (as defined below) or the SCCs with necessary adjustments for transfers from the UK or Switzerland, or use specific transfer instruments like the UK International Data Transfer Agreement.

Other Disclosure of Your Personal Data

We may disclose your Personal Data if the law requires it, or if we have a good-faith belief that we need to disclose it to comply with official investigations or legal proceedings (where initiated by government officials or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates for business purposes, if necessary and as described in the section above.

We reserve the right to use aggregated, anonymous data about individuals whose Personal Data we process in our Services for any legal business purpose. Once aggregated or anonymized, this data can no longer be used to identify any individual. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

If we must disclose your Personal Data to comply with official investigations or legal proceedings started by governmental and/or law enforcement officials, we may not be able to ensure that such recipients will maintain the privacy and security of your Personal Data.

Risk of Harm

Whenever Personal Data is collected and processed, there is always a slight risk that the Personal Data may be breached, misused, or otherwise result in a harm to you. However, we take several measures to ensure that this risk is mitigated as much as possible. These measures include limiting the Personal Data about you that we collect and process to solely what is necessary, not collecting sensitive Personal Data about you, and implementing appropriate security measures, as described in this Notice.

Privacy Rights

If your Personal Data is processed through our Services, you may have certain rights under applicable data protection laws (for example, right of access, correction, deletion, restriction, objection, or data portability). Because Syndigo processes Personal Data solely on behalf of our customers, your rights request must be exercised in the first instance directly with the customer who provided your Personal Data to us. Syndigo does not decide how Personal Data is used and is generally not permitted to respond directly to individual rights requests.

If sending the request directly to the Syndigo customer is not possible for any reason and you decide to contact us with such a request, please provide the name of the Syndigo customer who submitted your Personal Data to us. We will forward your request to that customer and support them in responding to your request, consistent with our role, as well as contractual and legal obligations.  

EU-U.S. and Swiss-U.S. Data Privacy Frameworks, and the UK Extension

With respect to Personal Data processed in the scope of this Notice, Syndigo LLC complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (the “Data Privacy Framework” or “DPF”) as adopted and put forward by the U.S. Department of Commerce regarding the processing of Personal Data.  Syndigo LLC commits to upholding and has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.

To learn more about the Data Privacy Framework, and to view Syndigo LLC’s certification, please visit https://www.dataprivacyframework.gov/s/ and https://www.dataprivacyframework.gov/s/participant-search (search for Syndigo LLC), respectively.

In this section, we also acknowledge the right of EU, UK, and Swiss individuals to access their Personal Data pursuant to the Data Privacy Framework (as defined below) and will grant individuals reasonable access to Personal Data we received pursuant to the Data Privacy Framework Principles when instructed by our customers. In addition, we will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate or processed in violation of the Data Privacy Framework Principles. Additionally, if we have received your Personal Data in reliance on the Data Privacy Framework, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized. An individual may request access to their Personal Data, or otherwise correct, amend, delete, withdraw their consent, or limit the processing of their Personal Data in line with the Data Privacy Framework Principles by contacting our customer.

U.S. Regulatory Oversight

Syndigo LLC is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Dispute Resolution

Where a privacy complaint or dispute cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information through the web form located here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/.

If a complaint or dispute related to Personal Data cannot be resolved through Syndigo’s internal process, in addition to the VeraSafe Dispute Resolution Procedure, Syndigo has agreed to cooperate with the EU data protection authorities and the Swiss Federal Data Protection and UK Information Commissioner, and to take part in the dispute resolution procedures of the panel established by such data protection authorities.    

Binding Arbitration

If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter binding arbitration with you under the Data Privacy Framework’s “Recourse, Enforcement and Liability Principle” and Annex I of the Data Privacy Framework.

Privacy of Children

Our services are not meant for anyone under the age of eighteen and we do not knowingly collect Personal Data from minors. If we learn that we process Personal Data from a child under the age of thirteen, we will delete the Personal Data we have stored as quickly as possible. If you believe that we might have any Personal Data from or about a child under the age of thirteen, please contact us or the customer that has provided the child’s information to us.

Changes to this Notice

If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Last updated” date. By continuing to use the Services after we post any of these changes, you accept the modified Notice.

Contact Us

If you have any questions about this Notice or our processing of your Personal Data in the context of the Services, please  contact us by email at privacy@syndigo.com.

Please allow up to four weeks for us to reply.

European Union Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

United Kingdom Representative

We have appointed VeraSafe as our representative in the UK for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd
37 Albert Embankment
London SE1 7TL
United Kingdom

Data Protection Officer

We have appointed VeraSafe as our Data Protection Officer (“DPO”). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

 VeraSafe, LLC
100 M Street S.E., Suite 600
Washington, D.C. 20003
USA

Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/