This Privacy Policy explains what data Synapse Garden, Inc. collects, why, who we share it with, and how you can access or delete your data.
1. What we collect
- Account data: email, name, OAuth profile fields, organization details.
- API usage metadata: request counts, token counts, model used, latency, error codes, IP address. We do NOT retain prompts or completions by default.
- Billing data: handled by Dodo Payments; we store subscription IDs + invoice history, not card numbers.
- Operational telemetry: service logs, Sentry error reports (with PII redaction).
2. How we use it
- To deliver the Service.
- To bill you accurately.
- To detect abuse + spend anomalies.
- To respond to support requests.
- To send transactional email (verify, receipt, alerts).
3. Sub-processors
Full list at /legal/subprocessors. Includes Supabase, Vercel, Upstash, Resend, Sentry, Dodo Payments, and the upstream LLM providers you elect to call.
4. Retention
- Request logs: 90 days hot in Postgres; older cold-archived to private object storage for billing audit.
- Audit events: 90 days.
- Account data: until you delete the org; Supabase Auth records the closure timestamp.
- Invoices: retained for 7 years per tax/accounting requirements.
5. Your rights
You may request access to your data, correction, deletion, or export at any time. Email privacy@synapse.garden with the subject line “DSR” (Data Subject Request). We respond within 30 days.
6. International transfers
We currently host primary infrastructure in us-east-1. Data may transfer there from your home region under standard contractual clauses where applicable.
7. Cookies + tracking
We use first-party cookies for session management and a minimal analytics signal for our own product analytics. We do not run third-party advertising trackers.
8. Contact
Privacy + DSR: privacy@synapse.garden.