Synup
PortalSign in

Synup legal

Updated 2026-05-14

Cookie Policy

This Cookie Policy explains how Synup, operated by Cardinalis Advisory, an Ontario sole proprietorship, uses cookies and similar technologies on the Synup website, mobile application, and related business tools. This Policy should be read in conjunction with our Privacy Policy, which provides further detail on how we process personal information generally.

As of the date above, Synup relies exclusively on cookies and similar technologies that are strictly necessary to provide the Service. We do not currently operate non-essential analytics, performance, or advertising cookies.

1. What Cookies Are

Cookies are small text files placed on your device by a web server when you visit a website or use a web application. They enable the service to recognize your device and maintain state between requests. Similar technologies include browser local storage and security-challenge scripts that perform analogous functions in connection with authentication, session management, and security.

2. Legal Basis for Cookie Use

Under the EU ePrivacy Directive, the UK Privacy and Electronic Communications Regulations ("PECR"), and equivalent applicable legislation, cookies and similar technologies that are strictly necessary to provide the Service do not require prior consent. All cookies and similar technologies we currently operate fall within this strictly necessary category and are deployed solely to enable core Service functionality. Should we introduce non-essential cookies or similar technologies in the future, we will obtain your prior consent before deploying them, in compliance with applicable law.

3. Cookie Categories We Currently Use

Synup currently uses the following categories of strictly necessary technologies:

  • Authentication cookies: These cookies identify and authenticate signed-in consumer, business, and administrative users and maintain a secure, continuous session across requests. They are created upon successful sign-in and expire upon sign-out, session timeout, expiry of the configured lifetime, or revocation.
  • Sign-in flow state cookies: Short-lived cookies set during OAuth authentication flows (such as Google sign-in) to preserve temporary state information necessary to complete sign-in securely. These cookies are designed to expire within minutes of the authentication flow completing or being abandoned.
  • Security and anti-abuse technologies: Technologies deployed on public-facing surfaces to detect and prevent automated abuse. These may read or store device and browser signals as part of their operation to distinguish human users from automated or bot traffic.

4. Cookie Characteristics and Security Attributes

  • Session cookies do not persist beyond the current browser session and are removed from your device when you close the browser or the session terminates.
  • Persistent authentication cookies remain on your device for a configured period so you remain signed in between sessions. They expire upon the configured expiry date, are revoked by the server, you sign out, or you clear your browser cookies.
  • OAuth state and redirect cookies are strictly short-lived and are set to expire within minutes of the sign-in flow completing or being abandoned.

5. Third-Party Technologies

Certain third-party providers we use may set their own cookies or employ similar technologies as part of the services they deliver on the Service:

  • Google (authentication): Google may set cookies or use browser storage as part of the Google OAuth sign-in flow, including cookies necessary to manage the authorization session. These are governed by Google's Privacy Policy.
  • Cloudflare Turnstile (anti-abuse):Cloudflare Turnstile is a privacy-preserving bot detection service used on public-facing surfaces of the Service. It may use device and browser signals, including storage mechanisms, to distinguish human users from automated traffic without requiring users to complete visual challenges. Cloudflare's data practices are governed by Cloudflare's Privacy Policy.

6. Technologies We Do Not Currently Use

As of the date above, the Service does not use:

  • non-essential analytics or performance cookies;
  • cross-site behavioral advertising or retargeting cookies;
  • third-party advertising pixels or tracking beacons; or
  • personalized advertising or interest-based targeting technologies.

7. Managing Cookies

You can manage, restrict, or delete cookies through your browser settings. Most modern browsers allow you to: view the cookies stored on your device; block all cookies or cookies from specific sites; and delete cookies on demand or automatically when you close the browser. Please note that blocking or deleting strictly necessary cookies will prevent sign-in and will likely impair the core functionality of the Service.

For cookies and technologies operated by third-party providers (such as Google and Cloudflare) in connection with their services, you may also refer to those providers' own privacy controls and opt-out mechanisms, as described in their respective privacy policies linked in Section 5 above.

8. Updates to This Policy

If Synup introduces non-essential analytics, advertising, personalization, or other optional technologies in the future, we will update this Cookie Policy and our Privacy Policy and implement any required consent or preference controls before those technologies are deployed. Material changes to this Cookie Policy will be notified in accordance with the notification procedure described in our Privacy Policy.