This Privacy Policy describes how Syntriq, Inc. ("Syntriq", "we", "us") collects, uses, stores, and shares your personal data when you use our website and services. We try to write this in plain English. If anything is unclear, email privacy@syntriq.app.
1. Information we collect
You give us
- Account info — your name, email, and password (hashed) when you sign up.
- Billing info — handled entirely by Stripe. We never see or store your full card number.
- Content — the posts, captions, and media you upload to schedule and publish.
- Social account credentials — OAuth access tokens for the platforms you connect (X, Meta, TikTok, Google). These are encrypted at rest using AES-256-GCM and only used to publish on your behalf.
- Support communications — when you email or chat with us.
We collect automatically
- Usage data — pages visited, features used, error events. Used to improve the product.
- Device data — IP address, browser type, OS, referring URL.
- Cookies — see our Cookie Policy.
2. How we use it
- To provide and operate the service (publishing your posts, showing your analytics).
- To process payments and manage your subscription.
- To send service emails (receipts, security alerts, important changes). You can't opt out of these.
- To send marketing emails — only if you opt in. One-click unsubscribe in every email.
- To improve the product (anonymous, aggregated usage stats).
- To detect fraud, abuse, and security incidents.
- To comply with legal obligations.
3. How we handle your data
Syntriq is built on enterprise-grade infrastructure with end-to-end encryption — TLS 1.3 in transit, AES-256-GCM at rest for sensitive credentials. We work with a small set of vetted infrastructure providers (database, payments, hosting, email) who operate under strict data processing agreements and the principle of least privilege: each provider only ever sees the minimum data required to do its job.
When you connect a social account, we publish your content to that platform via its official API — nothing more.
We do not sell, rent, license, or share your personal data with advertisers, data brokers, marketing networks, or AI training companies. Ever. Your content and your audience are yours.
A complete, current list of our subprocessors is available on request — email privacy@syntriq.app.
4. How long we keep your data
- Account data — kept while your account is active. Deleted within 30 days of account deletion.
- Posts and media — kept while your account is active. You can bulk-delete at any time.
- Billing records — kept for 7 years per US tax requirements.
- Backups — encrypted backups retained for 30 days, then permanently deleted.
5. Your rights (GDPR, CCPA)
Regardless of where you live, you have the right to:
- Access — request a copy of all data we hold about you.
- Correct — fix any inaccurate data.
- Delete — ask us to delete your account and data.
- Export — get your data in a machine-readable format (JSON).
- Object — opt out of marketing communications and certain processing.
Email privacy@syntriq.app to exercise any of these. We respond within 30 days.
6. International transfers
If you're in the EU/UK and your data is processed in the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Our DPA is available on request.
7. Security
OAuth tokens are encrypted at rest with AES-256-GCM. Passwords are hashed via Supabase Auth (argon2). All traffic is HTTPS/TLS 1.3. We follow industry best practices and are pursuing SOC 2 Type II certification. Report security issues to security@syntriq.app.
8. Children
Syntriq is not directed to children under 16. We don't knowingly collect data from anyone under 16.
9. Changes to this policy
We'll email you about material changes. Continuing to use Syntriq after changes take effect constitutes acceptance.
10. Contact
Syntriq, Inc.
Email: privacy@syntriq.app
Data Protection Officer: dpo@syntriq.app
Note: This template is a starting point and should be reviewed by qualified legal counsel before public launch — especially for GDPR, CCPA, and sector-specific compliance.