Comprehensive checklist and resources to ensure your use of Synthesis AI meets all GDPR requirements for BYOK (Bring Your Own Key) services.
Synthesis AI is fully GDPR compliant. Complete the checklist below to ensure your implementation meets all requirements.
Your privacy policy mentions API key processing and data flows
View our Privacy Policy →Clear legal basis for processing (contract, legitimate interest, consent)
Users explicitly consent before connecting API keys
Users can revoke consent with one click
Timestamp and details of consent are logged
API keys stored only in user's browser
Automatic logout and key deletion after inactivity
Audit trail of all API key access
One-click deletion of all data
Export all data in machine-readable format
Respond to data requests within 30 days
Users understand they maintain direct relationships with AI providers
Clear list of all sub-processors used
Clear statement that we're not liable for AI provider practices
Granular consent options for different cookie types
Clear notice about browser storage use
Detailed cookie policy available
72-hour notification process in place
Documented plan for security incidents
Maintain register of any data breaches
Regular security assessments scheduled
Regular review and updates of privacy documentation
Regular GDPR training for all staff
Ensure your BYOK implementation is fully GDPR compliant