Syrena Privacy Policy

Last Modified: 25/09/2025

1. WELCOME

1.1 Syrena Ltd ("Syrena", "we", "us", "our") operates a platform available at www.syrena.co and via invitation-only communities (including WhatsApp), plus physical and online events (together, the "Syrena Services"). We connect startup founders, investors and service providers through curated introductions, qualification calls and community engagement.

1.2 This policy explains what personal data we collect, how we use it, who we share it with, and your rights.

1.3 Questions? Contact privacy@syrena.co.uk (see section 3).

2. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA

2.1 Syrena Ltd is the controller of personal data processed through the Syrena Services.

2.2 When we introduce you to a third party (e.g., an investor or a service provider) and you choose to engage, that third party becomes an independent controller of any data you share with them. Their use of your data is governed by their own privacy notices.

3. HOW TO CONTACT US

  • Email: privacy@syrena.co.uk
  • Postal: Syrena Ltd, [Insert Registered Office Address], United Kingdom

(Please replace with your current registered office address before publishing.)

4. WHAT WE COLLECT AND HOW WE USE IT

4.1 When you contact us

Data
Use
Legal basis
name, email, role, LinkedIn, company, message content
respond, support, improve service
Legitimate interests

4.2 When you register for events

Data
Use
Legal basis
name, email, job title, LinkedIn, founder/investor type, stage, location
manage registration and capacity
Contract (to run the event)
attendance/check-in
personalise experience
Legitimate interests (engagement reporting, media)
survey/feedback
report anonymised insights to partners
Legitimate interests (engagement reporting, media)
photos/video where recorded
publish event media.
Consent where required for specific media uses.

4.3 When you join our WhatsApp/community groups

Data
Use
Legal basis
name, phone number, LinkedIn, role, startup/fund
assign relevant groups
Contract
messages/polls you post
moderate and improve community quality
Legitimate interests
weekly check-ins
accountability check-ins
Legitimate interests

4.4 When you use the Syrena platform (accounts & activity)

Data
Use
Legal basis
  • account details, profile data, preferences, activity logs (page views, clicks, ratings, votes, intros sent/accepted, outcomes), device/IP, cookie IDs (see section 6)
  • run the platform, prevent abuse, measure and improve performance, personalise content
  • Contract
  • Legitimate interests
  • Consent for non-essential cookies/analytics

4.5 Founder qualification calls & need collection

Data collected during and after calls and forms
Use
Legal basis
  • Fundraising: round, target, raised-to-date, timing/deadlines (e.g., “term sheet soon”)
  • Business needs & sub-categories across Legal, Accounting/Finance/Insurance, Marketing & Design, Advisory & Coaching, Tech & Product, US/Global Expansion, Recruitment (examples include: commercial contracts, IP, audit, bookkeeping, cross-border payments, marketing strategy, brand identity, sales coaching, cyber security, SOC2/ISO27001, Delaware flip, EoR, immigration, hiring for specific roles, etc.)
  • Signals: Importance, Urgency, Deadline, “need maturity,” call notes, call outcomes
  • Traction & product: revenue/traction notes, product status
  • Team & hiring: team composition, open roles
  • Prioritise and curate intros to investors and service providers
  • Recommend timing and fit; track maturity (e.g., urgency rising)
  • Generate aggregated, anonymised insights on founder needs
  • Contract (to deliver the Syrena Services)
  • Legitimate interests (improving matchmaking and prioritisation)
  • Consent where we share identifiable founder information with service providers for commercial introductions (see section 7.1) unless the founder has directly requested that introduction

4.6 Investor profile data

Data
Use
Legal basis
  • investor type, focus, ticket size, sectors, geo, portfolio links, availability, interaction data (views, votes)
  • curate deal flow, improve matching, event curation
  • Contract
  • Legitimate interests.

4.7 Service provider profile data

Data
Use
Legal basis
  • firm details, practice areas/sub-categories, ICP, coverage, fees/discounts, calendar/availability, campaign performance, intro outcomes
  • founder matching, reporting, billing/referrals
  • Contract
  • Legitimate interests

4.8 Payments & subscriptions

Data
Use
Legal basis
  • name, email, plan, billing details (processed by our payment processor), invoices, refunds
  • take payments, manage billing, prevent fraud
  • Contract
  • compliance with legal obligations (tax/accounting)

4.9 Marketing communications

Data
Use
Legal basis
  • name, email, role, preferences, engagement metrics
  • send updates about events, platform features, communities and offers similar to what you already use; or broader newsletters where you opt in
  • Consent (non-customers)
  • Legitimate interests/soft opt-in (existing customers). Opt out anytime

4.10 Website/analytics & cookies

Data
Use
Legal basis
  • IP, device/browser, pages, referrers, session duration, cookie IDs and similar.
  • operate the site, security, analytics, product improvement, advertising (if used).
  • Contract (essential cookies)
  • Consent (non-essential/analytics/advertising). See section 6.

4.11 Sourcing from third parties

We may receive personal data from event partners, referrers, public sources (e.g., LinkedIn), sponsors and processors (e.g., email, CRM, analytics).

Legal basis: Legitimate interests; Contract (where applicable).

5. PROFILING AND AUTOMATED DECISION-MAKING

We use profiling signals (e.g., importance, urgency, interaction history, investor votes) to rank and recommend matches and to decide when to notify service providers. Human review is involved in key introduction decisions. We do not make decisions with legal or similarly significant effects based solely on automated processing. You can object to profiling at any time (see section 10).

6. COOKIES AND SIMILAR TECHNOLOGIES

We use:

  • Essential cookies (security, login, load balancing).
  • Analytics (to understand usage and improve).
  • Preference cookies.
  • Advertising/retargeting cookies only if enabled (disclosed in the cookie banner).

Manage or withdraw consent via our cookie banner or browser settings. See our Cookie Policy for details.

7. HOW WE SHARE YOUR INFORMATION

7.1 Introductions and commercial access to founder data

  • With your consent (captured during onboarding, calls or the platform), we share identifiable founder data (e.g., name, company, role, LinkedIn, fundraising stage, identified needs and sub-categories, importance/urgency, high-level traction and timelines) with service providers for the purpose of exploring a commercial fit and booking a meeting.
  • We may receive fees or commissions from service providers for access to qualified leads/meetings or for successful referrals. This does not change your rights and does not increase the price you pay to us.

You can opt out of sharing with service providers at any time (see section 10). If you opt out, we will not share your identifiable data for provider introductions, though we may keep aggregated, anonymised insights.

7.2 Other recipients

We also share data with:

  • Investors and event partners where relevant to your application or an introduction (usually with your request/consent).
  • Vetted processors who provide email, CRM, hosting, cloud, analytics, billing, document, comms and support tools (acting under our instructions).
  • Legal/Regulatory bodies if required by law.
  • Business transferees in a merger, acquisition or asset sale (your data will remain protected and you’ll be notified of material changes).

We do not sell personal data to data brokers. Where we say “sell,” we refer to monetised access to introductions under the terms above, not the sale of raw databases.

8. INTERNATIONAL DATA TRANSFERS

Some processors and partners are outside the UK/EEA (e.g., in the US). We use appropriate safeguards such as the UK IDTA, EU Standard Contractual Clauses with UK Addendum, and other approved mechanisms. Copies of relevant safeguards can be requested via privacy@syrena.co.uk.

9. HOW LONG WE KEEP YOUR INFORMATION (RETENTION)

Category
Typical retention
Accounts & platform activity
24 months from last activity, then delete or anonymise
Founder qualification call notes & needs (incl. importance/urgency)
24 months from last activity or until you withdraw sharing consent (we’ll stop sharing but may retain for service history)
Intros & outcomes
36 months from last activity (operational history), key records up to 6 years where needed for claims
Event registration/attendance
24 months after event
Community (WhatsApp) records
While you are a member, then 3 months for audit logs
Marketing lists
Until you opt out; suppression list entries kept to honour the opt-out
Payments, invoices, refunds
7 years (tax/accounting)
Analytics/cookies
Up to 14 months (where consented)
Photos/video
Until content is retired or you object (where feasible)

10. YOUR RIGHTS

Under UK GDPR you can:

  • Access your data.
  • Correct inaccurate data.
  • Delete data (in certain cases).
  • Object to processing based on legitimate interests, including profiling for matchmaking.
  • Withdraw consent at any time (e.g., to stop sharing your data with service providers).
  • Restrict processing (in certain cases).
  • Portability (receive your data in a machine-readable format, where applicable).

Contact privacy@syrena.co.uk to exercise your rights. We may ask for verification. You also have the right to complain to the ICO: https://ico.org.uk/make-a-complaint/.

11. SECURITY

We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, least-privilege, logging, staff training, and vendor due-diligence. If a breach creates a risk to your rights, we will notify you and regulators as required.

12. CHILDREN’S PRIVACY

Our services are for 18+ only. We do not knowingly collect data from minors.

13. CHANGES TO THIS POLICY

We will update this policy when our services or laws change (for example, deeper founder-provider matching features). We will post the new version at www.syrena.co/privacy-page with the updated date, and we may notify you by email or in-app for material changes.