PRIVACY POLICY
MORSIS AI Interactive Kiosk
Last updated: 02/06/2026
1. Introduction
This Privacy Policy describes how Synergy Shock LLC (hereinafter, "Synergy Shock", "we" or "our") collects, uses, stores, protects, and shares information generated through the use of the artificial intelligence-based interactive assistance system known as MORSIS AI Interactive Kiosk (hereinafter, the "System" or the "Service").
This Policy is designed to comply with the main personal data protection regulations applicable in the jurisdictions where the System operates, including but not limited to:
Law No. 25,326 on Personal Data Protection (Argentina)
Federal Law on Protection of Personal Data Held by Private Parties (Mexico)
Law No. 19,628 on Protection of Private Life (Chile)
Law No. 29,733 on Personal Data Protection (Peru)
Statutory Law 1581 of 2012 (Colombia)
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Other U.S. state privacy laws
By using the System, the user accepts this Policy and authorizes the processing of information under the terms established herein.
2. Identification of the Data Controller and Data Protection Officer
Data Controller: Synergy Shock LLC Address: 1603 Capitol Ave Ste 415 PMB 134544 - Cheyenne, Wyoming
Data Protection Officer (DPO): Luciano Ganga Email: luciano@synergyshock.com
The establishment where the System is installed acts as a joint controller with respect to the information it provides to be communicated through the System.
3. Information We Do NOT Collect
The System is designed to NOT collect personal data from users. Specifically:
We do not perform facial recognition or any other type of biometric identification;
We do not record or permanently store images captured by the camera;
We do not record or permanently store the audio from interactions;
We do not collect name, email, phone, ID number, or any other data that could identify a person;
We do not create individual user profiles or track specific individuals;
We do not make age, gender, or other demographic estimates linked to identifiable persons.
4. Information We DO Process
The System processes the following information on a transitory and/or anonymous basis:
4.1 Real-Time Processing (no storage)
Audio: The System captures audio through the microphone to process user queries. This audio is transmitted in real time to natural language processing servers and is not permanently stored once the query is processed;
Video: The camera may capture images to detect user presence and improve interaction. These images are processed in real time and are not permanently stored.
4.2 Technical and Usage Data (anonymized)
Technical logs: System operation records for diagnostics and troubleshooting;
Aggregated usage metrics: Number of interactions, average duration, peak usage times, most frequent query types (in aggregated and anonymous form);
Performance data: Response times, system errors, quality metrics.
This information does not allow identification of individual users and is used exclusively to improve the System's operation.
5. Purpose of Processing
Processed information is used exclusively to:
Generate responses to user queries in real time;
Monitor and diagnose the technical operation of the System;
Improve the quality of the Service through performance analysis;
Optimize the user experience;
Comply with legal obligations when applicable.
The information is not commercialized, is not used for targeted advertising, and is not used to identify individual users.
6. International Data Transfer
For the operation of the System, technical data and interaction content (transcribed audio to text) may be processed by service providers located in different jurisdictions, primarily in the United States.
The complete list of sub-processors, including their location, the data they process, and links to their respective Data Processing Agreements (DPA), can be found in Annex A of this Policy.
These providers have: - Security certifications (SOC 2, ISO 27001, among others) - Data Processing Agreements (DPA) executed with Synergy Shock - International transfer mechanisms such as the Data Privacy Framework and Standard Contractual Clauses
7. Information Retention
Audio and images: Not permanently stored. Processed in real time and discarded.
Technical logs: Retained for the time necessary for diagnostics and troubleshooting, generally no more than ninety (90) days, and then deleted.
Aggregated metrics: May be retained indefinitely given their anonymous and non-personal nature.
8. Information Security
We implement reasonable technical and organizational measures to protect processed information, including:
Encrypted data transmission (TLS/SSL);
Restricted access to authorized personnel;
Confidentiality policies for staff;
System security monitoring;
Selection of providers with recognized security certifications.
However, the user understands that no technological system is completely invulnerable and that there may be inherent risks associated with the use of digital technologies.
9. User Rights
Depending on the applicable jurisdiction, users may have the right to:
Access: Request information about personal data in our records;
Rectification: Request correction of inaccurate data;
Deletion: Request deletion of personal data;
Objection: Object to the processing of their data in certain circumstances;
Portability: Receive their data in a structured format (where applicable);
Non-discrimination: Not be discriminated against for exercising their privacy rights (California residents).
Important: Since the System does not collect or store identifiable personal data, these rights may be of limited application. Nevertheless, we will address any inquiry or request the user wishes to submit.
To exercise these rights or make inquiries, contact the Data Protection Officer:
Luciano Ganga Email: luciano@synergyshock.com
We will respond to requests within the deadlines established by applicable legislation in each jurisdiction.
10. Future Collection of Personal Data
If functionalities involving the collection of personal data (such as name, email, phone, or others) are incorporated in the future, the following will be implemented:
A mechanism for prior, express, and informed consent within the System's interaction flow;
Clear information about the purpose of collection and user rights;
Update of this Privacy Policy.
No personal data will be collected without the user's prior consent.
11. Future Processing of Biometric or Demographic Data
In the future, the System may incorporate functionalities that allow the processing of biometric data or obtaining demographic estimates of users (such as age range or perceived gender).
If these functionalities are implemented:
This Privacy Policy will be updated to describe the new processing;
The informational sign located next to the device will be updated;
Where required by applicable legislation in each jurisdiction, a mechanism for informed consent will be implemented prior to processing;
Data will be processed in accordance with applicable personal data protection regulations.
12. Minors
The System is not designed to collect data from minors. If functionalities requiring personal data are implemented, parental or guardian consent will be required for underage users, in accordance with applicable legislation in each jurisdiction.
13. Changes to this Policy
We may modify this Privacy Policy at any time to reflect technological, regulatory, or operational changes in the System. The updated version will be available for review, indicating the date of last update.
Continued use of the System after any modification implies acceptance of the updated Policy.
14. Establishment Information
Any data related to products, prices, promotions, schedules, or commercial operations corresponds exclusively to the establishment where the System is installed. Synergy Shock LLC is not responsible for such information.
15. Applicable Law
The processing of information is governed by the laws in force in the jurisdiction where the System is installed and where the user resides, as applicable.
16. Contact
For privacy and data protection inquiries:
Data Protection Officer (DPO): Luciano Ganga Email: luciano@synergyshock.com
Synergy Shock LLC Address: 1603 Capitol Ave Ste 415 PMB 134544 - Cheyenne, Wyoming
By using the System, you declare that you have read, understood, and accepted this Privacy Policy.
ANNEX A - List of Data Sub-processors
A.1 Introduction
This Annex identifies the data sub-processors that Synergy Shock LLC uses for the provision of the MORSIS AI Interactive Kiosk service. These sub-processors may have access to technical, operational, or, where applicable, personal data, within the framework of the Service provision.
Synergy Shock LLC has entered into Data Processing Agreements (DPA) with each of these providers to ensure compliance with applicable data protection regulations.
A.2 Sub-processors Summary Table
| No. | Sub-processor | Service | Location | DPA |
|---|---|---|---|---|
| 1 | Google Cloud Platform | Cloud infrastructure, metrics | United States | View DPA |
| 2 | OpenAI | Generative AI (Realtime API) | United States | View DPA |
| 3 | Cloudflare | CDN, storage, domain | Global network | View DPA |
| 4 | Vercel | Hosting, serverless | Global infrastructure | View DPA |
| 5 | Sentry | Error monitoring | United States | View DPA |
| 6 | Resend | Email delivery | United States | View DPA |
A.3 Sub-processor Details
A.3.1 Google Cloud Platform (GCP)
| Field | Detail |
|---|---|
| Legal name | Google LLC |
| Location | United States |
| Service | Cloud infrastructure for storage and processing of usage metrics |
| Data processed | Aggregated usage metrics (session counts, statistical data for dashboard) |
| Data region | ... |