General Data Protection Regulation (GDPR) Compliance Statement
At Sryptos, privacy is not an afterthought — it’s our foundation. We are fully committed to protecting your personal data in compliance with the GDPR (EU Regulation 2016/679).
1. Introduction
This GDPR Statement explains how Sryptos Labs (“Sryptos”, “we”, “our”, or “us”) upholds the principles and obligations of the General Data Protection Regulation (GDPR) when processing personal data of users in the European Union (EU), European Economic Area (EEA), and United Kingdom (UK).
Our mission is to deliver private, secure, and anonymous communication services that respect user autonomy and minimize data exposure by design.
2. Our GDPR Commitment
We adhere to the following key principles of GDPR:
- Lawfulness, Fairness, and Transparency – We process data only for legitimate purposes and always inform users of how and why.
- Purpose Limitation – Data is used solely to deliver and secure the chat service.
- Data Minimization – We collect only what’s essential to operate Sryptos.
- Accuracy – We ensure that any user-provided data (e.g., linked email) is accurate and updatable.
- Storage Limitation – Temporary data is auto-deleted per our retention policy.
- Integrity and Confidentiality – All data is encrypted and handled securely.
3. Legal Basis for Processing
Under Article 6 of the GDPR, we process limited personal data under one or more of the following bases:
- Consent (Article 6(1)(a)): e.g., when users link a Google account or subscribe to updates.
- Performance of a Contract (Article 6(1)(b)): to provide chat services and deliver messages.
- Legitimate Interests (Article 6(1)(f)): to maintain service stability and prevent abuse.
- Legal Obligations (Article 6(1)(c)): to comply with lawful requests from authorities.
4. Data Protection by Design and Default
Sryptos was built to minimize personal data exposure from day one.
- No forced registration
- Guest mode with 24-hour expiry
- End-to-end encryption for all messages
- Automatic deletion of temporary data
- Local storage for user content, not centralized servers
These measures fulfill Article 25 GDPR (“Data protection by design and by default”).
5. Rights of EU/EEA Users
Under GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data. |
| Rectification | Correct inaccurate or incomplete information. |
| Erasure | Request deletion (“Right to be Forgotten”). |
| Restriction | Limit processing of your data under certain conditions. |
| Portability | Export your data in a structured, machine-readable format. |
| Objection | Object to processing based on legitimate interests. |
| Withdraw Consent | Revoke consent at any time without affecting prior processing. |
To exercise these rights, contact us at privacy@sryptos.com. We respond within 30 days per Article 12 GDPR.
6. Data Transfers
If personal data is transferred outside the EEA, we use:
- Standard Contractual Clauses (SCCs), approved by the European Commission, and
- End-to-end encryption to ensure that no readable data leaves the EU.
7. Data Protection Officer (DPO)
Sryptos Labs has appointed a Data Protection Officer responsible for overseeing GDPR compliance.
Contact: privacy@sryptos.com
The DPO monitors internal processes, reviews privacy impact assessments, and ensures continuous compliance.
8. Supervisory Authority
EU users may lodge a complaint with their local Data Protection Authority (DPA) if they believe their rights under GDPR have been violated.
9. Updates to This Statement
This GDPR Statement may be updated periodically. We will always post the latest version here with the “Last Updated” date.
Last Updated: November 2025
Your privacy is your right — not a feature.
Sryptos is proud to be built around the strictest privacy principles and legal standards in the world.