Last updated: 2026-04-14
This Privacy Policy explains how Cooperativa Integral Sulitânia, CRL, registered in Portugal (NIF 518771571), as data controller, processes personal data when you use the SYFERS web application (app.syfers.eu). It is designed to meet transparency obligations under Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) and applicable Portuguese law. If you use SYFERS in your capacity as a member or collaborator of the cooperative, this notice applies alongside any internal rules adopted by the cooperative.
We process account data you provide or that is assigned to you: email address, name, optional phone number, role (such as member, volunteer, or guest), preferred interface language, and related fields stored in our user registry when configured. For authentication we use email magic links; we do not store a password for standard magic-link login. Information you enter in SYFERS forms (for example meetings, tasks, ecology and energy records, reflections, events, and similar) may be stored as structured data and/or generated documents in Git repositories or local data stores, depending on deployment. Such records may identify you when you are named as author, participant, or subject. Limited technical logs may be created for security and troubleshooting (e.g. errors, IP-related data in server logs as technically required).
We process personal data for: (1) providing and securing access to SYFERS (performance of the cooperative relationship / contract and legitimate interests in IT security and access control); (2) sending transactional emails such as sign-in links and invitations (legitimate interests / performance of contract as applicable); (3) optional AI-assisted drafting, where enabled—short excerpts of your draft may be sent to our configured AI provider only to return a suggestion (typically on the basis of your consent implied by using that feature in context); (4) maintaining cooperative documentation in line with the cooperative’s legitimate interests. We do not sell personal data and we do not use it for third-party advertising in the default configuration of this application.
Depending on configuration, categories of recipients who process data on our behalf include: hosting and serverless infrastructure (e.g. Vercel); email delivery (e.g. Resend); versioned storage and collaboration (e.g. GitHub / Microsoft) when repositories are used; optional AI processing (e.g. Anthropic) when the writing assist is used; optional file storage (e.g. Vercel Blob) for uploads; and, if you enable integrations, the relevant third-party service (e.g. energy platform APIs) as described in that feature. We use providers that offer appropriate contractual safeguards, including Standard Contractual Clauses and supplementary measures where personal data is transferred outside the European Economic Area.
Transfers to countries outside the EEA rely on GDPR Chapter V mechanisms, in particular Standard Contractual Clauses where applicable. Magic-link tokens are short-lived; session cookies are limited in duration (typically up to seven days). Registry entries and cooperative records may be kept for the duration of your relationship with the cooperative and thereafter according to legal obligations and legitimate archival needs. Version history in Git may retain previous content even after edits.
Under the GDPR you may request access, rectification, erasure, restriction of processing, data portability, and may object to processing where grounds apply. You may lodge a complaint with a supervisory authority—in Portugal, the Comissão Nacional de Proteção de Dados (CNPD), www.cnpd.pt. While logged in, you can download a structured JSON export of account-related data we hold for your profile from your profile page (right of access and portability for that dataset). Requests that affect registry entries or content in shared repositories may require verification of identity and coordination with cooperative governance; erasure may be limited where processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims. We will respond to requests without undue delay and in principle within one month.
We use a strictly necessary HTTP-only session cookie (syfers_session) to maintain your login session. It is required for the service to function and is not used for advertising. We do not deploy non-essential analytics or marketing cookies in the default build of this application.
We implement appropriate technical and organisational measures to protect personal data, including access controls aligned with roles. We may update this policy from time to time; the “Last updated” date above will change. Material changes may be communicated through the application or other appropriate channels where required by law.
Contact for privacy requests
For privacy-related requests (including access, rectification, erasure, restriction, objection, or data portability), please contact:
Your cooperative representative or the contact published for Sulitânia / SYFERS on the main cooperative website.
This policy is provided for transparency and operational information. It does not constitute legal advice. Internal cooperative rules may also apply to cooperative records.