WEBSITE AND SERVICES PRIVACY NOTICE
WHO WE ARE:
Name: Syli (also referred to as "we", "us", "our")
Address: 124 Finchley Road, London, United Kingdom, NW3 5JS
Company Registered in England and Wales Number: 13932897
E-mail: hello@syli.org.uk
Date Created/Updated: 27 March 2026
We take the privacy, including the security, of personal information we hold about you seriously. This privacy notice is designed to inform you about how we collect personal information about you and how we use that personal information. You should read this privacy notice carefully so that you know and can understand why and how we use the personal information we collect and hold about you.
We have appointed Fergus Bell as our data protection manager (DMO). You can contact them using the details set out above.
We may issue you with other privacy notices from time to time, including when we collect personal information from you. This privacy notice is intended to supplement these and does not override them.
KEY DEFINITIONS
The key terms that we use throughout this privacy notice are defined below, for ease:
Data Controller: under UK data protection law, this is the organisation or person responsible for deciding how personal information is collected and stored and how it is used.
Data Processor: a Data Controller may appoint another organisation or person to carry out certain tasks in relation to the personal information on behalf of, and on the written instructions of, the Data Controller. (This might be the hosting of a site containing personal data, for example, or providing an email marketing service that facilitates mass distribution of marketing material to a Data Controller’s customer base.)
Personal Information: in this privacy notice, we refer to your personal data as ‘personal information’. ‘Personal information’ means any information from which a living individual can be identified. It does not apply to information that has been anonymised.
Special Information: certain very sensitive personal information requires extra protection under data protection law. Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic information and biometric information.
This notice applies to:
visitors to our website;
individuals who enquire about or subscribe to our services who are not acting on behalf of their employer or another organisation ("individual subscribers"); and
employees, contractors, and other personnel of organisations that have entered into an enterprise or client agreement with us ("enterprise users").
Our role differs depending on who you are:
Where you are an individual subscriber (you use our services in your own right and not as an employee or agent of an organisation that has a separate enterprise agreement with us) Syli acts as a Data Controller in respect of your personal information.
Where you are an enterprise user (your access to our services (including Maai) is provided through your employer's or client organisation's enterprise account) your employer or client organisation is the Data Controller in respect of the personal information you submit through the services, and Syli acts as a Data Processor, processing your personal information on the instructions of that organisation. You should refer to your employer's or client organisation's own privacy notice for information about how it processes your personal information.
In all cases, Syli acts as a Data Controller in respect of:
personal information collected through our website;
personal information used for our own marketing and communications purposes; and
data collected for the improvement of our services and for security, fraud prevention, and legal compliance.
DETAILS OF PERSONAL INFORMATION THAT WE COLLECT AND HOLD ABOUT YOU
Set out below are the general categories and details of retention periods in relation to those categories (see section 8 below for more details about retention)and in each case the types of personal information that we collect, use and hold about you:
| General Category | Types of Personal Data in that category | Retention Periods |
|---|---|---|
| Identity information / personal identifiers | This is information relating to your identity such as your name (including any previous names and any titles that you use), gender, marital status and date of birth | 6 months after we receive an initial inquiry from you unless you go on to become a Syli service user or beneficiary |
| Contact information | This is information relating to your contact details such as email address, addresses, telephone numbers | 6 months after we receive an initial inquiry from you unless you go on to become a Syli service user or beneficiary or consent to receiving updates from us. |
| Electronic identifiers | This includes information such as your email address, user name, IP address | 6 months after we receive an initial inquiry from you unless you go on to become a Syli service user or beneficiary or consent to receiving updates from us. |
| Survey information | This is information that we have collected from you or that you have provided to us in respect of surveys, polls, feedback, and similar. | 2 years from last use |
| Marketing information | This is information relating to your marketing and communications preferences. | 1 year after the date of last interaction |
| Account information | Business email address, job title, and company name. Login credentials (passwords are stored in hashed form only; we do not store plaintext passwords) | Retained for the duration of your subscription and deleted within 90 days of account termination upon written request |
| Product usage and analytics data | Feature usage patterns, session duration, and in-product interaction logs; browser type, device type, operating system, and IP address; crash reports, error logs, and performance telemetry; navigation paths and referral sources within the service | Retained for up to 24 months in identifiable form, then anonymised or deleted |
| Payment and transaction information | Information relating to billing, payment method, and transaction records, collected when payment functionality is activated. | 7 years for legal and accounting compliance |
If you are an individual subscriber using Maai or another of our AI platforms, we are also a Data Controller for the following additional categories of personal information collected through the service:
| General Category | Types of Personal Data in that category | Retention Periods |
|---|---|---|
| User-generated content and AI prompts | Text, files, and instructions you submit through the service, including prompts sent to AI models; AI-generated outputs produced in response to your inputs; conversation histories, saved sessions, and project data created within the service | Retained for the duration of the subscription, or as configured by your client administrator |
| Payment and billing information | Payment method details (such as card type and last four digits), billing address, and transaction records associated with your individual subscription. Note: full payment card details are processed directly by our third-party payment provider and are not stored by Syli. | 7 years for legal and accounting compliance, or until account deletion where no legal retention obligation applies |
If you are an enterprise user of Maai or any of our other AI platforms then your organisation will be the Data Controller of this information and we will act as a Data Processor. You should refer to your organization's privacy policy for further information on the processing of your personal information where they are the Data Controller. The Terms and Conditions for access to our platforms include more information regarding how payments will be processed.
To request deletion of data generated through the service, contact us using the details set out at the beginning of this notice. Requests will be fulfilled within 30 days, subject to any legal retention requirements.
The types of personal data we collect about you may differ from person to person, depending on who you are and the relationship between us.
DETAILS OF SPECIAL INFORMATION THAT WE COLLECT AND HOLD ABOUT YOU
Special information is explained in the Key Definitions section 1 above. We do not collect or hold any special information about you.
We do not collect information from you relating to criminal convictions or offences.
DETAILS OF HOW AND WHY WE USE PERSONAL INFORMATION
We are only able to use your personal information for certain legal reasons set out in data protection law. There are legal reasons under data protection law other than those listed below; but, in most cases, we will use your personal information for the following legal reasons:
Contract Reason: this is in order to perform our obligations to you under a contract we have entered into with you;
Legitimate Interests Reason: this is where the use of your personal information is necessary for our (or a third party’s) legitimate interests, so long as that legitimate interest does not override your fundamental rights, freedoms or interests;
Legal Obligation Reason: this is where we have to use your personal information in order to perform a legal obligation by which we are bound; and
Consent Reason: this is where you have given us your consent to use your personal information for a specific reason or specific reasons.
So that we are able to provide you with services, we will need your personal information. If you do not provide us with the required personal information, we may be prevented from supplying the services to you.
It is important that you keep your personal information up to date. If any of your personal information changes, please contact us as soon as possible to let us know. If you do not do this, then we may be prevented from supplying the goods and services to you.
Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time. If you do wish to withdraw your consent, please contact us using the details set out at the beginning of this notice. If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information – in which case, we will confirm that reason to you.
We have explained below the different purposes for which we use your personal information and, in each case, the legal reason(s) allowing us to use your personal information. Please also note the following:
Where we rely on the Legitimate Interests Reason, we explain what that legitimate interest is below. For some purposes, we may have listed more than one legal reason, because the applicable reason may differ depending on the circumstances. If you need confirmation of the specific legal reason that we are relying on to use your personal data for that purpose, please contact us using the contact details set out at the start of this privacy notice.
| Purpose | Legal Reason(s) for using the personal information |
|---|---|
| To enrol you as a customer | Contract Reason Legitimate Interests Reason (in order to offer you other services and/or digital content which helps us to develop our business) |
| To improve the services, and/or digital content that we supply | Legitimate Interests Reason (in order to improve the services, and/or digital content for future customers and to grow our business) |
| To recommend and send communications to you about services, and/or digital content that you may be interested in. More details about marketing are set out in the Marketing section below | Legitimate Interests Reason (in order to grow our business) Consent Reason |
| To monitor platform usage, diagnose technical issues, and ensure performance | Legitimate Interests Reason (to maintain service quality and security) |
| To manage billing, payments, and subscriptions, where payment functionality is activated | Contract Reason; Legal Obligation Reason (for financial record-keeping and tax compliance) |
| To ensure the security, integrity, and proper functioning of our services | Legitimate Interests Reason (to maintain service security and protect against fraud and misuse) |
Sometimes we may anonymise personal information so that you can no longer be identified from it and use this for additional purposes. In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for purposes. Where you can no longer be identified from the grouped or anonymised data it is no longer your personal data and there is no risk to you from our continued use of this data.
Under data protection laws, we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) we told you about. If we want to use your personal information for a different purpose that we do not think is compatible with the purpose(s) we told you about, then we will contact you to explain this and what legal reason is in place to allow us to do this.
DETAILS OF HOW WE COLLECT PERSONAL INFORMATION
We usually collect Identity Information, Contact Information, Payment Information, Transaction Information, Survey Information, and Marketing Information, directly from you when you fill out a form, survey or questionnaire or if you contact us by email, telephone, in writing or otherwise. This includes the personal information that you provide to us when you subscribe to our mailing list, enter a competition, or complete a survey.
We may receive some of your personal information from third parties or publicly available sources. This includes:
Information you make available through publicly shared elements of accounts / profiles on sites such as Google, LinkedIn, Twitter, and others.
If you use Maai or another of our AI platforms as an individual subscriber, we also collect personal information through your use of the platform itself, including:
text, files, and instructions you submit through the service, including prompts sent to AI models;
conversation histories, saved sessions, and project data created within the service; and
feature usage patterns, session duration, in-product interaction logs, browser and device information, crash reports, error logs, and navigation data.
If you are an enterprise user then we will process this information as a Data Processor on behalf of your organisation.
DETAILS ABOUT WHO PERSONAL INFORMATION MAY BE SHARED WITH
We may need to share your personal information with other organisations or people. These organisations include:
Our own contractors, subcontractors, associates, trainers, and others that are directly involved in the delivery of our services
Third parties who are not part of our group. These may include:
Suppliers and partners: such as IT support services, administration providers, marketing agencies;
Government bodies and regulatory bodies: such as HMRC, fraud prevention agencies;
Our advisors: such as lawyers, accountants, auditors, insurance companies;
Our bankers;
Email platforms;
Our funders;
any organisations that propose to purchase our business and assets, in which case we may disclose your personal information to the potential purchaser.
Depending on the circumstances, the organisations or people who we share your personal information with will be acting as either Data Processors or Data Controllers. Where we share your personal information with a Data Processor, we will ensure that we have in place contracts that set out the responsibilities and obligations of us and them, including in respect of security of personal information.
We do not sell or trade any of the personal information that you have provided to us.
If you or your employer uses the Maai service then the following third parties will process your personal data in addition to the above:
Anthropic, PBC — AI language model processing via API.
Cloud infrastructure providers (Civo) — hosting and storage of service data.
Payment processors (e.g. Stripe) — billing and subscription management, where payment functionality is activated.
Analytics providers (e.g. Mixpanel, Datadog) — product usage and performance monitoring.
DETAILS ABOUT TRANSFERS TO COUNTRIES OUTSIDE OF THE UK AND EEA
If any transfer of personal information by us will mean that your personal information is transferred outside of the UK and EEA, then we will ensure that safeguards are in place to ensure that a similar degree of protection is given to your personal information as is given to it within the UK or EEA and that the transfer is made in compliance with data protection laws (including, where relevant, any exceptions to the general rules on transferring personal information outside of the UK and EEA that are available to us – these are known as ‘derogations’ under the data protection legislation). We may need to transfer personal information outside of the UK and EEA to other organisations within our group or to the third parties listed above who may be located outside of the UK and EEA.
The safeguards set out in data protection laws for transferring personal information outside of the UK and EEA include:
where the transfer is to a country or territory that the UK or EU Commission has approved as ensuring an adequate level of protection;
where personal information is transferred to another organisation within our group, under an agreement covering this situation which is known as ‘binding corporate rules’;
having in place a standard set of clauses that have been approved by the EU Commission;
compliance with an approved code of conduct by a relevant data protection supervisory authority (in the UK, this is the Information Commissioner’s Office (ICO));
certification with an approved certification mechanism;
where the UK or EU Commission has approved specific arrangements in respect of certain countries.
DETAILS ABOUT HOW LONG WE WILL HOLD YOUR PERSONAL INFORMATION
We will only hold your personal data for as long as is necessary. How long is necessary will depend upon the purposes for which we collected the personal information (see the Details of How and Why We Use Personal Information section above) and whether we are under any legal obligation to keep the personal information (such as in relation to accounting or auditing records or for tax reasons). We may also need to keep personal information in case of any legal claims, including in relation to any guarantees or warranties that we have provided with the services.
We have set out above the details of our retention periods for different types of data. You can find them in the Details of the Personal Information that we Collect and Hold about you section above.
AUTOMATED DECISION MAKING
‘Automated decision making’ is where a decision is automatically made without any human involvement. Under data protection legislation, this includes profiling. ‘Profiling’ is the automated processing of personal data to evaluate or analyse certain personal aspects of a person (such as their behaviour, characteristics, interests and preferences).
Data protection laws place restrictions upon us if we carry out any automated decision making (including profiling) that produces a legal effect or similarly significant effect on you.
We do not carry out any automated decision making (including profiling) that produces a legal effect or similarly significant effect on you. If we decide to do this, we will notify you and inform you of the legal reason we are able to do so.
DATA SECURITY
We take the security of your personal information seriously and are committed to protecting it through a combination of technical and organisational measures. We implement industry-standard safeguards, including encryption, secure socket layer (SSL) technology, and access controls, to protect your data from unauthorised access, disclosure, alteration, or destruction. Access to your personal information is restricted to those employees, contractors, and third-party service providers who have a legitimate business need to process it, and who are bound by confidentiality obligations.
Whilst we take all reasonable steps to protect your personal information, no method of transmission over the internet or method of electronic storage is entirely secure. We therefore cannot guarantee absolute security, and any transmission of personal data to us is at your own risk. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and any relevant supervisory authorities in accordance with applicable data protection legislation.
YOUR RIGHTS UNDER DATA PROTECTION LAW
This section applies where Syli acts as a Data Controller in respect of your personal information. If you are an enterprise user of Maai and your organisation is the Data Controller, you should direct rights requests to your organisation in the first instance.
Under data protection laws, you have certain rights in relation to your personal information, as follows:
Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the personal information that we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used.
Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.
Right to erasure: (this is often called the ‘right to be forgotten’). This right only applies in certain circumstances. Where it does apply, you have the right to request us to erase all of your personal information.
Right to restrict processing: this right only applies in certain circumstances. Where it does apply, you have the right to request us to restrict the processing of your personal information.
Right to data portability: this right allows you to request us to transfer your personal information to someone else.
Right to object: you have the right to object to us processing your personal information for direct marketing purposes. You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason section above and there is something about your particular situation that means that you want to object to us processing your personal information. In certain circumstances, you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing).
Where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent. Further details about this are set out in the Details of How and Why We Use Personal Information section above.
If you want to exercise any of the above rights in relation to your personal information, please contact us using the details set out at the beginning of this notice. If you do make a request, then please note:
we may need certain information from you so that we can verify your identity;
we do not charge a fee for exercising your rights unless your request is unfounded or excessive; and
if your request is unfounded or excessive, then we may refuse to deal with your request.
MARKETING
Syli acts as a Data Controller for all marketing activities, including marketing directed at enterprise users and individual subscribers. You may receive marketing from us about similar services, where either you have consented to this, or we have another legal reason by which we can contact you for marketing purposes.
However, we will give you the opportunity to manage how or if we market to you. In any direct marketing email that we send to you, we provide a link to either unsubscribe or opt out, or to change your marketing preferences. To change your marketing preferences, and/or to request that we stop processing your personal information for marketing purposes, you can always contact us using the details set out at the beginning of this notice.
If you do request that we stop marketing to you, this will not prevent us from sending communications to you that are not to do with marketing.
We do not pass your personal information on to any third parties for marketing purposes.
COMPLAINTS
If you are unhappy about the way that we have handled or used your personal information, you have the right to complain to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO). Please do contact us in the first instance if you wish to raise any queries or make a complaint in respect of our handling or use of your personal information, so that we have the opportunity to discuss this with you and to take steps to resolve the position. You can contact us using the details set out at the beginning of this privacy notice.
COOKIES
We do not use any cookies on our website. If you visit our website whilst logged in as a SquareSpace user, cookies may be used in keeping with the Terms and Conditions of your relationship with SquareSpace, which is separate to your relationship with Syli.
MAAI AI TECHNOLOGY STACK
This section applies to you if you or your employer uses Maai.
Maai uses multiple components powered by AI models. This section explains precisely what each component does with your data.
Anthropic Claude (Large Language Model)
Maai uses Claude, a large language model developed by Anthropic, PBC, as the primary AI processing engine within the service. Claude processes user-submitted prompts and content to generate responses, summaries, or other AI-powered outputs.
Key data practices:
Syli accesses Claude via Anthropic's commercial API. Syli has entered into the Anthropic Commercial Terms of Service which includes a data processing addendum that restricts Anthropic from using your personal data for any purpose other than to provide the services to you/your organisation.
Anthropic does not use prompts or outputs to train or improve its models.
Syli does not intentionally send personally identifiable information to Claude's API. You are advised to avoid embedding unnecessary personal information in prompts.
Anthropic may temporarily retain API request data for safety monitoring purposes, as described in their API terms. See anthropic.com/legal/privacy for full details.
BERT (Natural Language Processing)
Syli uses BERT-based models (Bidirectional Encoder Representations from Transformers) for internal natural language processing tasks such as intent classification, semantic search, entity recognition, and content routing.
Key data practices:
BERT models run within Syli's own infrastructure or secured cloud environment. Data processed by BERT does not leave our controlled environment and is not shared with any third-party BERT model provider.
BERT processing is transient: data is processed in real-time and not retained beyond our general retention practices.
AI Model Training
Syli does not use any submitted data to train, fine-tune, or improve the AI models, including Claude or any BERT-based model it operates.