SYNMAX, INC.
PRIVACY POLICY
Last Updated: February 2026
1. INTRODUCTION
SynMax, Inc. (“SynMax,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit our websites, including https://www.synmax.com, https://www.basin-iq.com, and https://www.synmaxresearch.com (the “Websites”), access or use our platforms (including Theia, Hyperion, Vulcan, Agents, and BasinIQ), use our mobile applications, use our application programming interfaces (“APIs”), or otherwise engage with our products and services (collectively, the “Services”).
SynMax provides satellite data intelligence and analytics services to business, government, and individual customers in the defense, energy, infrastructure, and land management sectors. Our Services include enterprise and institutional platforms as well as consumer-facing applications.
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you are accessing our Services on behalf of an organization, you represent that you have the authority to bind that organization to this Privacy Policy.
If you do not agree with the practices described in this Privacy Policy, please do not access or use our Services.
2. SCOPE
This Privacy Policy applies to personal information collected through:
• Our Websites (synmax.com, basin-iq.com, and synmaxresearch.com)
• Our platforms, including Theia (maritime domain awareness), Hyperion (energy production intelligence), Vulcan (power infrastructure monitoring), Agents (AI-powered analytics), and BasinIQ (land and energy intelligence)
• Our mobile applications, including apps available through the Apple App Store and Google Play Store
• Our APIs, data feeds, and embedded integrations
• Communications with us, including email, phone, and in-person interactions
• Trade shows, conferences, and industry events
• Business development and sales interactions
Where SynMax has entered into a separate written agreement with a customer that governs the handling of data (such as a master license agreement, data processing agreement, master services agreement, or similar contractual arrangement), that agreement controls with respect to the data covered by it. This Privacy Policy applies to personal information that is not otherwise governed by such an agreement. To the extent of any conflict between this Privacy Policy and a separate written customer agreement, the customer agreement prevails.
3. INFORMATION WE COLLECT
3.1. Information You Provide Directly
We collect personal information that you voluntarily provide to us, including when you request a demonstration of our Services, create an account or register to use our platforms or mobile applications, subscribe to our research publications or newsletters, contact us through our Websites or other channels, apply for employment or contracting opportunities, enter into a business relationship or negotiate agreements with us, submit feedback or suggestions regarding our Services, or attend events where SynMax is present.
The types of personal information we may collect include:
• Name, title, and professional affiliation
• Business or personal email address and phone number
• Company or organization name
• Mailing address
• Account credentials (username and password)
• Payment and billing information (processed through secure third-party payment processors such as Stripe)
• Professional background and qualifications
• Communications and correspondence with SynMax
• Feedback, suggestions, or recommendations you provide regarding our platforms or Services
• Content you submit or upload through our platforms, including data uploaded to the Agents platform for AI-assisted analysis
• Geolocation data you provide when using location-based features (such as area-of-interest selection in BasinIQ)
• Any other information you choose to provide
3.2. Information Collected Automatically
When you access our Websites, use our platforms, or interact with our mobile applications, we may automatically collect certain information, including:
· Device and Access Information: IP address, browser type and version, operating system, device identifiers (including mobile advertising identifiers), device model, screen resolution, and language preferences.
· Usage Data: Pages visited, time spent on pages, links clicked, referral URLs, and navigation patterns on our Websites.
· Platform Usage Data: Search queries, data accessed, reports generated, API calls, export activity, feature usage, session logs, AI agent interactions, and analytics workflows executed within our platforms. SynMax collects this data to operate its platforms, improve its Services, maintain security, enforce licensing restrictions, and support audit and compliance obligations.
· Mobile Application Data: App version, install and update history, crash reports, performance data, in-app purchase history, push notification preferences, and mobile-specific analytics collected through Firebase Analytics and similar tools.
· Log Data: Server logs, error reports, access timestamps, and authentication events.
· Location Data: Approximate geographic location derived from IP address. For mobile applications, precise geolocation data if you grant location permissions through your device settings.
· Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, mobile SDKs, and similar technologies (see Section 10).
3.3. Information from Third Parties
We may receive personal information about you from third-party sources, including:
· Business partners, resellers, and channel partners
· Publicly available sources (such as company websites, professional networking sites, and public records)
· Government and regulatory databases (for compliance verification purposes, including export control and sanctions screening)
· Data enrichment providers that help us maintain accurate business contact records
· Event organizers and conference hosts
· Third-party authentication providers (such as Google and Apple sign-in services)
3.4. Aggregated and Technical Data
SynMax collects and generates aggregated, de-identified, and anonymized data (“Aggregated Data”) derived from usage patterns, platform interactions, and technical telemetry across its Services. Aggregated Data does not identify any individual user. SynMax owns all right, title, and interest in Aggregated Data and may use it without restriction for any lawful purpose, including product improvement, research, analytics, benchmarking, training of machine learning models, and development of new features and services. The collection and generation of Aggregated Data is a core component of how SynMax operates and improves its platforms.
3.5. Customer Content
Enterprise and government customers who access our platforms under a written agreement may submit, upload, or transmit data through the platform (“Customer Content”). The handling of Customer Content is governed by the applicable customer agreement. SynMax does not retain Customer Content beyond the period necessary for transient processing. Content uploaded to the Agents platform for AI-assisted analysis is processed during the active session and is not retained by SynMax after session completion. To the extent any Customer Content contains personal information of third parties, the customer is responsible for providing all required notices and obtaining all necessary consents under applicable data protection laws. For clarity, SynMax’s collection and generation of Aggregated Data as described in Section 3.4 does not constitute the collection, retention, or processing of Customer Content.
4. HOW WE USE YOUR INFORMATION
We use the personal information we collect for the following purposes:
4.1. Service Delivery and Operations
· Providing, operating, maintaining, and improving our Services, including our enterprise platforms and consumer-facing applications
· Processing account registrations and managing user accounts across all platforms
· Authenticating users and managing access permissions, including credential verification and role-based access controls
· Responding to inquiries, support requests, and demo requests
· Processing transactions, subscriptions, and in-app purchases and sending related notices
· Processing data submitted to the Agents platform through AI-assisted analytics workflows
4.2. Security and Compliance
· Monitoring and logging platform access and usage for security purposes
· Maintaining audit trails as required by government contracts, data licensing agreements, and regulatory obligations
· Detecting, preventing, and investigating unauthorized access, data breaches, fraud, and other prohibited activities
· Enforcing platform terms of use, data licensing restrictions, and acceptable use policies
· Complying with export control regulations, including the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR), which may require verification and retention of information about who is accessing certain data and from where
· Complying with applicable sanctions laws and regulations
· Conducting security assessments and vulnerability testing
· Verifying user eligibility for access to controlled or restricted data and services
· Supporting licensor audit and compliance requirements, including providing usage verification data to satellite imagery and data providers as required under applicable licensing agreements
4.3. Platform Improvement and Analytics
· Generating and analyzing Aggregated Data to evaluate platform performance, usage trends, and service quality
· Training, improving, and developing machine learning models, algorithms, and AI capabilities using Aggregated Data
· Conducting research and development for new products, features, and services
· Incorporating feedback, suggestions, and recommendations into our platforms and Services, which SynMax may use on a perpetual, irrevocable, royalty-free basis as described in the applicable terms of service or customer agreement
4.4. Communications and Marketing
· Sending newsletters, research updates, and market analysis (with your consent where required)
· Providing product announcements and service updates
· Communicating about changes to our policies, terms, or Services
· Sending push notifications if you have opted in through your mobile device settings
4.5. Business Operations
· Conducting analytics and research to improve our Services and develop new products
· Managing business relationships and partnerships
· Administering contracts and fulfilling contractual obligations
· Facilitating corporate transactions (mergers, acquisitions, financings, or restructurings)
4.6. Legal Obligations
· Complying with applicable laws, regulations, legal processes, and governmental requests
· Establishing, exercising, or defending legal claims
· Responding to lawful requests from public authorities, including to meet national security or law enforcement requirements
5. LEGAL BASES FOR PROCESSING
If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or another jurisdiction that requires a legal basis for processing personal data, we rely on the following legal bases:
· Contract Performance: Processing necessary to perform our contractual obligations to you or to take steps at your request before entering into a contract.
· Legitimate Interests: Processing necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights. Our legitimate interests include operating and improving our Services, maintaining security, generating Aggregated Data for analytics and product development, conducting research, and marketing our products to business customers.
· Legal Obligation: Processing necessary to comply with legal obligations to which SynMax is subject, including export control laws, sanctions regulations, and government contracting requirements.
· Consent: Where we rely on your consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
6. HOW WE SHARE YOUR INFORMATION
SynMax does not sell your personal information. We do not sell personal data as defined under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), or any other applicable law.
We may disclose your personal information in the following circumstances:
6.1. Service Providers
We engage trusted third-party vendors and service providers to assist in operating our Websites, platforms, and mobile applications and delivering our Services. These providers are contractually obligated to use personal information only for the purposes for which it was disclosed and in accordance with this Privacy Policy. Examples include cloud hosting and infrastructure providers, email and communications service providers, analytics and business intelligence tools (including Google Analytics, Firebase Analytics, and HubSpot), payment processors (including Stripe), customer relationship management platforms, and authentication service providers (including Google and Apple sign-in).
6.2. Government and Regulatory Bodies
We may disclose personal information to government agencies, regulators, or law enforcement authorities when required by law, regulation, legal process, or governmental request; when necessary to comply with government contract obligations; when required for export control or sanctions compliance; or when necessary to respond to national security or law enforcement requirements.
6.3. Licensors and Data Partners
To the extent required by our data licensing agreements, we may share limited information with our satellite imagery and data providers (including usage verification data, access logs, and audit records) for the purpose of usage verification, audit compliance, and license administration. This sharing is limited to the information reasonably necessary to satisfy applicable licensing obligations.
6.4. Professional Advisors
We may share personal information with our attorneys, auditors, accountants, insurers, and other professional advisors in connection with the services they provide to us.
6.5. Business Transfers
In the event of a merger, acquisition, reorganization, restructuring, financing, sale of assets, or similar corporate transaction, your personal information may be transferred or disclosed as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
6.6. Aggregated and De-Identified Data
We may share Aggregated Data that cannot reasonably be used to identify you. Aggregated Data is not subject to the restrictions in this Privacy Policy. We maintain reasonable measures to prevent re-identification of de-identified data. For clarity, SynMax’s collection, generation, and use of Aggregated Data does not constitute the collection, use, or disclosure of personal information or Customer Content.
6.7. With Your Consent
We may share your personal information for any other purpose with your affirmative consent.
7. INTERNATIONAL DATA TRANSFERS
SynMax is headquartered in the United States. Your personal information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.
If you are located in the EEA or the UK, we will ensure that transfers of personal data to countries outside the EEA or UK are protected by appropriate safeguards, including:
· European Commission adequacy decisions or UK adequacy regulations
· Standard Contractual Clauses (SCCs) approved by the European Commission
· The UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs
· Other lawful transfer mechanisms as applicable
You may request a copy of the applicable transfer safeguards by contacting us at the address provided in Section 17.
8. DATA RETENTION
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.
In determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process the data; whether we can achieve those purposes through other means; and applicable legal, regulatory, and contractual requirements.
Specific retention considerations include:
· Account Information: Retained for the duration of the account relationship and for a reasonable period thereafter.
· Platform Usage and Access Logs: Retained as required for security monitoring, audit compliance, export control verification, licensor audit obligations, and government contract obligations, which may require extended retention periods.
· Agents Platform Session Data: Content submitted to the Agents platform for AI-assisted analysis is processed during the active session. SynMax does not retain Customer Content after session completion. Aggregated Data and technical performance data derived from sessions may be retained indefinitely.
· Mobile Application Data: App usage data, crash reports, and analytics data are retained for the period necessary to maintain and improve app performance and user experience.
· Marketing and Communications Data: Retained until you opt out or withdraw consent, after which we will retain only the information necessary to honor your opt-out preference.
· Contractual and Transaction Records: Retained in accordance with applicable statute of limitations periods and government recordkeeping requirements.
· Aggregated Data: Retained indefinitely. Because Aggregated Data does not identify any individual, its retention is not subject to the personal data retention limitations described in this section.
When personal information is no longer required, we will securely delete or anonymize it in accordance with our data retention policies.
9. YOUR RIGHTS AND CHOICES
9.1. General Rights
Depending on your location and applicable law, you may have certain rights regarding your personal information, including:
· Access: The right to request access to the personal information we hold about you.
· Correction: The right to request correction of inaccurate or incomplete personal information.
· Deletion: The right to request deletion of your personal information, subject to certain exceptions (including where retention is required for legal compliance, government contract obligations, or export control verification).
· Opt-Out of Marketing: The right to opt out of receiving marketing communications at any time by using the “unsubscribe” link in our emails, adjusting push notification settings on your mobile device, or by contacting us directly.
· Data Portability: Where applicable, the right to receive your personal information in a structured, commonly used, and machine-readable format.
9.2. Rights for California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
· The right to know what personal information we collect, use, disclose, and sell or share
· The right to delete personal information we have collected from you
· The right to opt out of the sale or sharing of your personal information (SynMax does not sell or share personal information as defined under the CCPA/CPRA)
· The right to correct inaccurate personal information
· The right to limit the use and disclosure of sensitive personal information
· The right to non-discrimination for exercising your privacy rights
SynMax does not use or disclose sensitive personal information for purposes other than those permitted under the CPRA.
9.3. Rights for Texas Residents
If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act (TDPSA), including the right to opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. To submit an opt-out request, contact us at privacy@synmax.com. If we decline a request, you have the right to appeal that decision, and we will provide instructions for doing so.
9.4. Rights for Residents of Other U.S. States
Residents of other U.S. states with comprehensive privacy legislation (including Virginia, Colorado, Connecticut, Oregon, Montana, and any state that enacts comparable privacy protections after the effective date of this Privacy Policy) may have rights similar to those described in Sections 9.1 through 9.3. SynMax will honor valid requests from residents of any state with applicable privacy laws and will process such requests in accordance with the requirements of the applicable statute.
9.5. Rights for EEA and UK Residents
If you are located in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or the UK GDPR, including:
· The right to restrict processing of your personal data
· The right to object to processing based on legitimate interests, including direct marketing
· The right to withdraw consent at any time (where processing is based on consent)
· The right to data portability
· The right to lodge a complaint with a supervisory authority (in the EEA, your local data protection authority; in the UK, the Information Commissioner’s Office)
9.6. Exercising Your Rights
To exercise any of the rights described above, please submit a request to privacy@synmax.com. We will verify your identity before processing your request and will respond within the timeframes required by applicable law:
· CCPA/CPRA: Within 45 calendar days (may be extended by an additional 45 days with notice)
· GDPR/UK GDPR: Within 30 calendar days (may be extended by an additional 60 days for complex requests)
· TDPSA: Within 45 calendar days (may be extended by an additional 45 days with notice)
· Other U.S. state laws: Within the timeframe specified by the applicable statute.
If we decline a request, we will provide you with information about how to appeal that decision, where required by law.
Authorized Agents: You may designate an authorized agent to submit a request on your behalf. Authorized agents must provide proof of authorization, and we may still require verification of the requesting individual’s identity.
10. COOKIES AND TRACKING TECHNOLOGIES
10.1. Types of Cookies and Technologies We Use
We use cookies, mobile SDKs, and similar tracking technologies to enhance your experience, analyze usage, and support our business operations. This Cookies Policy applies to all SynMax-operated websites, including synmax.com, basin-iq.com, and synmaxresearch.com. Cookie practices may vary by website based on the functionality offered. The categories of technologies we use include:
· Strictly Necessary Cookies: Essential for the operation of our Websites and Services, including authentication, session management, and security. These cookies cannot be disabled.
· Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.
· Analytics Cookies and SDKs: Help us understand how visitors use our Websites, platforms, and mobile applications so we can improve performance and user experience. We use tools such as Google Analytics, Firebase Analytics, and similar services.
· Marketing Cookies: Used to deliver relevant content and measure the effectiveness of our marketing campaigns. These may be set by third-party advertising partners.
10.2. Mobile Application Tracking
Our mobile applications may use mobile SDKs and analytics frameworks (including Firebase Analytics) to collect usage data, crash reports, and performance metrics. You can manage tracking permissions through your mobile device settings, including resetting your advertising identifier or opting out of interest-based advertising.
10.3. Managing Cookies
You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling certain cookies may affect the functionality of our Websites and Services.
10.4. Do Not Track Signals
Our Websites do not currently respond to “Do Not Track” (DNT) browser signals. If a uniform standard for responding to DNT signals is adopted, we will update this policy accordingly.
10.5. Third-Party Analytics
We use third-party analytics services (such as Google Analytics, Firebase Analytics, and HubSpot) to help analyze how users interact with our Websites, platforms, and mobile applications. These services may use cookies, mobile SDKs, and similar technologies to collect information about your use of the Services and other websites or applications. For more information on how Google uses data, visit https://policies.google.com/privacy.
11. DATA SECURITY
SynMax implements administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, alteration, and destruction. These measures include:
· Encryption of personal data in transit (using TLS/SSL) and at rest
· Access controls and multi-factor authentication for platform access
· Role-based access restrictions limiting data access to authorized personnel
· Regular security assessments, penetration testing, and vulnerability scanning
· Employee security training and awareness programs
· Incident response procedures for identifying and responding to data breaches
· Physical security controls at our facilities
· Security practices consistent with industry standards and applicable government requirements
While we implement commercially reasonable security measures, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your personal information.
11.1. Data Breach Notification
In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by law. We will provide notification within the timeframes required by applicable law, including 72 hours where required under the GDPR, and without unreasonable delay as required under U.S. state data breach notification laws.
12. THIRD-PARTY LINKS AND SERVICES
Our Websites, platforms, and mobile applications may contain links to, or integrations with, third-party websites, applications, or services that are not operated or controlled by SynMax, including Google Maps, Apple Maps, and third-party authentication providers. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices or content. We encourage you to review the privacy policies of any third-party services before providing personal information to them.
13. CHILDREN’S PRIVACY
Our Services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under the age of 18. Our mobile applications require users to be at least 18 years of age. If we become aware that we have collected personal information from an individual under 18, we will take prompt steps to delete that information. If you believe we have inadvertently collected personal information from an individual under 18, please contact us at privacy@synmax.com.
14. AUTOMATED DECISION-MAKING AND AI PROCESSING
SynMax uses automated processes and artificial intelligence technologies in connection with its Services, including:
· Automated verification of user eligibility under export control regulations and sanctions screening
· Security monitoring, anomaly detection, and fraud prevention
· AI-powered analytics, data processing, and report generation through the Agents platform and other Services
· Machine learning models trained on Aggregated Data to improve platform capabilities and accuracy
To the extent that any automated processing produces legal effects or similarly significant effects on you, and where required by applicable law, you have the right to request human review of the decision, express your point of view, and contest the decision. To exercise this right, please contact us at privacy@synmax.com.
AI-assisted analytics performed on Customer Content within the Agents platform or other SynMax Services constitutes transient processing performed at the direction of the customer. Such processing is governed by the applicable customer agreement.
15. CALIFORNIA “SHINE THE LIGHT” LAW
Under California Civil Code Section 1798.83, California residents who have an established business relationship with SynMax may request information about the categories of personal information we have shared with third parties for direct marketing purposes during the preceding calendar year. SynMax does not share personal information with third parties for their direct marketing purposes. If you are a California resident and wish to make such a request, please contact us at privacy@synmax.com.
16. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will:
· Post the updated Privacy Policy on our Websites with a revised effective date
· Provide notice of material changes via email or prominent notification on our Websites or within our mobile applications at least thirty (30) days before the changes take effect
· Where required by law, obtain your consent to the changes
We encourage you to review this Privacy Policy periodically. Your continued use of our Services after the effective date of a revised Privacy Policy constitutes your acceptance of the changes.
17. CONTACT US
If you have questions, comments, or concerns about this Privacy Policy or our data practices, please contact us at:
SynMax, Inc.
Attn: Privacy
777 N. Eldridge Parkway, Suite 890
Houston, Texas 77079, USA
Privacy Inquiries: privacy@synmax.com
General Inquiries: admin@synmax.com
17.1. United Kingdom Contact.
SynMax maintains an office in the United Kingdom. Inquiries regarding personal data from UK-based individuals may be directed to privacy@synmax.com or to the SynMax UK office at 22 Grosvenor Gardens, SW1W ODH, London, United Kingdom.
17.2. Data Protection Officer.
SynMax has determined, based on the nature, scope, and purposes of its processing activities, that appointment of a Data Protection Officer under UK GDPR Article 37 is not required. SynMax does not engage in large-scale systematic monitoring of individuals or large-scale processing of special category data as its core activities. If you have questions or concerns about how SynMax processes your personal data, please contact us at privacy@synmax.com.
