Legal
Privacy Policy
How we handle your data, authentication, payments, and cookies.
Last updated: 3 July 2026
1. Overview
Synapse OS (“we”, “us”, or “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and share personal data when you use our website, applications, and AI infrastructure services (collectively, the “Services”).
This policy is maintained by the Synapse OS team to answer common privacy questions about our platform. It is not an independent certification or legal opinion; it reflects our current practices and the controls we have enabled.
2. Data Controller
For the purposes of the General Data Protection Regulation (EU) 2016/679 and any applicable national data protection legislation, the data controller is Synapse OS.
If you have questions about this policy or your personal data, please contact us via our Contact page or at the address listed in our Terms of Service.
3. What We Collect
We collect only the data necessary to provide and improve the Services:
- Account and authentication data: email address, authentication provider identifiers, and securely hashed credentials managed through our authentication partner. We do not store plaintext passwords.
- Usage data: requests sent through the API proxy firewall, token usage estimates, feature interactions, and diagnostic logs. Where possible, we process this data in ephemeral or aggregated form.
- Payment data: billing information, subscription tier, and transaction history are processed by Stripe. We do not store full payment card details on our servers.
- Communications: messages you send through contact or support forms, including your email address and any information you choose to provide.
- Cookies and similar technologies: data collected through cookies and analytics tools to operate, secure, and improve the Services (see Section 6).
4. How We Use Your Data
We use your personal data to:
- Provide, operate, and maintain the Services;
- Authenticate users and protect accounts from unauthorised access;
- Process subscriptions, invoices, and payments through Stripe;
- Enforce subscription tiers, rate limits, and feature entitlements;
- Improve performance, security, and reliability of the AI proxy and context optimisation features;
- Respond to support requests and send service-related notices;
- Comply with legal obligations and protect our rights.
5. Sharing and Subprocessors
We do not sell personal data. We share data only with trusted service providers (“subprocessors”) necessary to operate the Services, including:
- Supabase for authentication, database, and secure storage;
- Stripe for payment processing, billing, and customer portal services;
- Google Analytics for website analytics and usage insights;
- Cloudflare / Lovable Cloud for hosting, edge delivery, and security.
All subprocessors are bound by confidentiality and security obligations consistent with this policy and applicable data protection law.
6. Cookies and Analytics
We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the Services are used.
- Essential cookies: required for authentication, security, and core functionality. These cannot be disabled without breaking the Services.
- Analytics cookies: used by Google Analytics to collect anonymised or pseudonymised usage statistics. You can manage these through your browser settings or via the Google Analytics opt-out mechanism.
By continuing to use the Services, you consent to our use of cookies as described in this section. You may disable non-essential cookies through your browser settings at any time.
7. Security and Retention
We implement industry-standard technical and organisational measures to protect your data, including encryption in transit, row-level security policies, access controls, and regular dependency monitoring.
We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law. Authentication data is retained for the lifetime of your account plus a reasonable grace period. Analytics data is retained according to the retention policies of our analytics providers.
8. Your Rights
Depending on your location, you may have the right to:
- Access, correct, or delete your personal data;
- Object to or restrict certain processing activities;
- Withdraw consent where processing is based on consent;
- Lodge a complaint with a supervisory authority.
To exercise these rights, contact us through the Contact page or by email. We will respond within the timeframes required by applicable law.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. The “Last updated” date at the top of this page indicates when the policy was last revised.
Continued use of the Services after any changes constitutes acceptance of the revised policy.
Questions about this policy? Contact us or review our Terms of Service.