Privacy Policy
Last updated: April 19, 2026
1. Data Controller
Synapse is responsible for processing the personal data it collects through its web application. If you have questions about privacy, you can reach us through our contact page.
2. Data We Collect
We collect only the data necessary to operate the service:
- Account data: email address, authentication provider (email/password or Google), and registration date.
- Usage data: study habits, habit completion records, daily tasks, and Pomodoro timer settings.
- Activity events: completed focus sessions, created habits, and active days — used for your stats and aggregated internal analytics.
- Subscription data: plan status (Free or Pro) and Stripe customer identifier. We do not store card data; Stripe handles that directly.
3. Purpose and Legal Basis
We use your data to:
- Provide the service — authenticate your account, save your habits and tasks, and display your stats. (basis: contract performance)
- Manage payments — process and maintain your Pro subscription via Stripe. (basis: contract performance)
- Improve the app — aggregated, anonymous internal analytics on general feature usage. (basis: legitimate interest)
- Service communications — important notices about your account or changes to the terms. (basis: legitimate interest)
4. Third Parties with Access to Your Data
We do not sell or share your data with third parties for commercial purposes. We share it only with the infrastructure providers required to operate the service:
- Supabase— authentication and database. Your data is stored on Supabase's secure servers.
- Stripe — payment processing. Stripe receives only your email and customer identifier to manage the subscription. See the Stripe Privacy Policy.
- Vercel — application hosting. Access logs may include your IP address transiently.
5. Data Retention
We retain your data for as long as your account is active. If you delete your account, your personal and usage data is removed within 30 days, unless the law requires us to retain it longer (for example, billing records).
6. Your Rights
You have the right to:
- Access: request a copy of the data we hold about you.
- Rectification: correct inaccurate data.
- Erasure: request deletion of your account and data.
- Portability: receive your data in a machine-readable format.
- Objection: object to processing based on legitimate interest.
To exercise any of these rights, write to us from our contact page. We will respond within 30 days.
7. Security
We implement technical and organizational measures to protect your data: TLS- encrypted communications, authentication managed by Supabase with passwords stored using secure hashing, and row-level security (RLS) policies in the database so each user can only access their own data.
If we detect a security breach affecting your data, we will notify you within the legally required timeframe.
8. Cookies and Local Storage
Synapse uses strictly necessary session cookies to keep you signed in. We do not use third-party tracking cookies or behavioral advertising. Some interface preferences may be stored temporarily in your browser's local storage.
9. Minors
Synapse is aimed at students. If you are under 13, you need the consent of a parent or legal guardian to create an account. If you believe your child has created an account without your permission, contact us to have it removed.
10. Changes to This Policy
We may update this Policy occasionally. When changes are significant, we will notify you by email or via an in-app notice before they take effect.
11. Contact
For any privacy questions or to exercise your rights, use our contact page.