Privacy Policy

We collect the following categories of personal data:

• Account data — your email address, password (stored only as a secure hash by our authentication provider), and any display name you set.
• Content & media — the posts, captions, schedules, and images or videos you create, upload, or publish through Synapse.
• Connected-account data — when you connect a social-media account, the access credentials or tokens needed to post on your behalf, plus basic profile details (such as username and avatar) and post analytics returned by that platform.
• Billing data — your subscription status and the customer and subscription identifiers from our payment processor. We do not store your full card number; card details are collected and held by Stripe.
• Usage & technical data — limited information such as log data and request metadata used to operate, secure, and debug the service.

We use personal data to:

• provide, operate, and maintain Synapse;
• publish and schedule your posts to the platforms you select, and show you their status and analytics;
• authenticate you and keep your account secure;
• process your subscription, trial, and payments;
• send you transactional emails (e.g. sign-up confirmation, password resets);
• respond to your enquiries and provide support;
• detect, prevent, and address abuse, fraud, or technical issues;
• comply with our legal obligations.

Under the PDPA, we collect, use, and disclose your personal data with your consent (including deemed consent when you voluntarily provide data to use a feature) or as otherwise permitted or required by law.

We do not sell your personal data. We share it only with service providers (“data intermediaries”) that process data on our behalf to run Synapse, and with the platforms you choose to post to:

• Supabase — database, authentication, and file storage.
• Stripe — payment processing and subscription management.
• Our posting/integration provider — to transmit your posts and media to connected platforms and retrieve analytics.
• Our email provider — to deliver transactional emails.
• The social-media platforms you connect — we send the content and media you instruct us to publish; their handling of it is governed by their own privacy policies.

We may also disclose data where required by law, to enforce our Terms, or to protect the rights, safety, and property of Synapse, our users, or others.

Some of our service providers store and process data outside Singapore. Where personal data is transferred abroad, we take reasonable steps to ensure it receives a standard of protection comparable to the PDPA, including by relying on providers that offer such protections contractually.

We retain personal data for as long as your account is active and as needed to provide Synapse. When you cancel your subscription and your access period ends, or when you delete your account, we disconnect your connected accounts and delete your posts, media, and related data, except where we must retain certain information to comply with legal obligations or resolve disputes. Note that content already published to a third-party platform remains subject to that platform’s own retention.

We use reasonable technical and organisational measures to protect personal data, including encrypted connections, hashed passwords, per-user access controls enforced at the database level, and private, per-user file storage. No method of transmission or storage is perfectly secure, but we work to protect your data and to address any incident appropriately.

You may, subject to the PDPA:

• request access to the personal data we hold about you;
• request correction of inaccurate or incomplete data;
• withdraw your consent to our collection, use, or disclosure of your data;
• ask questions about how your data is handled.

To exercise these rights, email support@withsynapse.app. Withdrawing consent or deleting your account may mean we can no longer provide Synapse to you.

Synapse uses strictly necessary cookies to keep you logged in and to keep your session secure. These are required for the service to function; we do not use them for third-party advertising. Your browser’s local storage may also hold preferences such as your theme choice.

Synapse is not intended for anyone under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

We may update this Privacy Policy from time to time. We will update the “Last updated” date above and, for material changes, take reasonable steps to notify you. Your continued use of Synapse after changes take effect constitutes acceptance of the updated policy.

For any privacy questions, requests, or complaints, contact us at support@withsynapse.app. If you are not satisfied with our response, you may contact Singapore’s Personal Data Protection Commission (PDPC).