Skip to main content
Back to Home

Privacy Policy

Last updated: December 2024

At SynthCaaS, we believe your data should remain yours. This policy explains how we handle information in plain language, without legal jargon.

Our Core Principles

  • You control what you connect. Every data source requires your explicit authorization. We never access data without your consent.
  • You can revoke access anytime. Disconnect a source and we stop processing. Request deletion and your data is purged.
  • We separate identity from embeddings. Where technically feasible, we design systems to prevent personal identifiers from being encoded into vector representations.
  • We log provenance for memory artifacts. Every piece of memory can be traced back to its origin, so you know why your AI knows what it knows.
  • We support export and deletion. Your data in standard formats, whenever you want. Full deletion within 30 days of request.

What Data We Collect

Data You Actively Provide

  • Account information (email, name) when you sign up
  • Preferences and settings you configure
  • Feedback and communications you send us

Data From Connected Sources

When you connect a data source (calendar, notes, social accounts, etc.), we access only the scopes you authorize. We process this data to create:

  • Memory artifacts — Structured representations of facts, preferences, and patterns
  • Embeddings — Vector representations for semantic search and retrieval
  • Knowledge graph edges — Connections between concepts and entities

We do not permanently store raw content from connected sources after processing. OAuth tokens are stored in encrypted vaults and are revocable at any time.

Automatically Collected Data

  • Device and browser information for security and optimization
  • Usage patterns (anonymized and aggregated) for product improvement
  • Consent and permission audit logs

How We Use Your Data

  • To provide the service — Creating and serving your personalized memory layer
  • To improve the platform — Understanding usage patterns to build better features
  • To communicate with you — Service updates, security notices, and optional marketing (with consent)
  • To ensure security — Detecting and preventing abuse, fraud, and unauthorized access

Data Sharing

We do not sell your personal data. We share data only in these limited circumstances:

  • Service providers — Third parties that help us operate (hosting, analytics), bound by confidentiality agreements
  • Legal requirements — When required by law, court order, or to protect rights and safety
  • With your consent — When you explicitly authorize sharing with a specific party

Your Rights

  • Access — Request a copy of your data
  • Correction — Update inaccurate information
  • Deletion — Request erasure of your data
  • Portability — Export your data in standard formats
  • Objection — Opt out of certain processing activities

To exercise these rights, contact us at privacy@synthcaas.com.

Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account deletion:

  • Active data is purged within 30 days
  • Backups are purged within 90 days
  • Audit logs may be retained longer for security and compliance

Security

We implement industry-standard security measures including:

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (in progress)

Children's Privacy

SynthCaaS is not intended for users under 16. We do not knowingly collect data from children. If you believe we have collected such data, contact us immediately.

Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via email and/or prominent notice on our website. Continued use after changes constitutes acceptance.

Contact Us

For privacy-related questions or concerns: