Privacy Policy

Last updated: June 2026 — Version 1.1

Our Core Principle: Sundy is designed with privacy as its foundation. We cannot access your encrypted data, we don't collect your files, and we don't track your usage. Your secrets remain yours.

1. Introduction

Sundy Data Labs ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use the Sundy encrypted storage application ("Service").

We are a company registered in Indonesia, operating globally. By using Sundy, you agree to the collection and use of information in accordance with this policy.

2. Information We Cannot Access

Sundy is designed so that we have zero knowledge of your encrypted data:

3. Information We Collect

3.1 License Activation Data

When you purchase and activate a license, we collect:

GDPR lawful basis: Article 6(1)(b) — performance of a contract (processing is necessary to activate your license and provide the Software you purchased). We do not rely on consent for this processing.

Retention: License records are retained for the lifetime of your license plus 7 years for accounting and tax compliance purposes, then deleted or anonymised.

3.2 Website Analytics

Our website (sundy.io) uses Google Tag Manager (GTM-WXXJRMXX) for optional, privacy-respecting analytics only if you consent via the cookie banner. GTM is not loaded until you accept. We do not use cookies for advertising or cross-site tracking. You can withdraw consent at any time using Cookie settings.

GDPR lawful basis: Article 6(1)(a) — your freely given, specific, and informed consent. Refusing or withdrawing analytics consent has no effect on your use of the Software or website.

Retention: Aggregated analytics data is retained for up to 24 months, then deleted.

3.3 Support Communications

If you contact us for support, we retain your communication (email address and message content) to provide assistance, track issue resolution, and improve our service.

GDPR lawful basis: Article 6(1)(b) — performance of a contract (where you are a licensed user) or Article 6(1)(f) — our legitimate interest in improving our product and resolving technical issues.

Retention: Support emails are retained for 3 years after the last correspondence, then deleted.

4. Cookies and Similar Technologies

This section explains how we use cookies, local storage, and similar technologies on our website. The Sundy desktop application itself does not set marketing or advertising cookies.

4.1 What we use

4.2 What we do not use

4.3 Managing cookies

On your first visit, a banner lets you choose Accept all, Essential only, or open Cookie settings. You can change your choice anytime via the footer link or by clearing site data in your browser.

Browser controls: most browsers let you block or delete cookies under privacy/security settings.

4.4 Retention

Consent records are stored locally in your browser until you clear site data or we increment the consent version (which may prompt you again).

5. How We Use Information

The limited information we collect is used exclusively to:

6. Data Storage and Security

7. Third-Party Services

We use the following third-party services:

We do not sell, trade, or transfer your information to other parties.

8. Your Rights (GDPR & similar laws)

If you are in the European Economic Area, United Kingdom, or another jurisdiction with comparable privacy laws, you have the following rights regarding personal data we process as data controller (e.g. license purchases, support email, website consent):

To exercise these rights, contact us at privacy@sundy.io. We respond within one calendar month (extendable by two further months for complex requests, with notice). There is no fee for exercising these rights.

9. International Data Transfers

We are based in Indonesia. Some of the third-party service providers we use (such as payment processors and email platforms) may process data in countries outside your country of residence, including the United States.

Where we transfer personal data of EEA or UK residents to countries that have not received an EU/UK adequacy decision, we rely on one or more of the following safeguards:

To obtain a copy of the relevant transfer mechanism or for further information, contact us at privacy@sundy.io.

10. Children's Privacy

Sundy is not intended for users under 16 years of age. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes (such as new categories of data collected, new purposes, or new third-party processors), we will provide at least 30 days' notice by posting a notice on our website and, where we hold your email address, by email. Minor clarifications or corrections may take effect immediately. Where processing is based on consent and we materially change how we process that data, we will request fresh consent before the change takes effect.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Remember: The most sensitive data — your encrypted files and passwords — never leaves your device and is technically impossible for us to access. This is privacy by design.