Privacy Policy

Last updated: March 29, 2026

What Synapse Is

Synapse is a context management tool that stores knowledge as files in a cloud workspace. It has a web application, a backend API, and an MCP server for AI tool integration.

Data We Collect

Account Information

When you sign up, we collect your email address and authentication credentials. If you sign in with Google or GitHub, we receive your email and basic profile information from those providers.

Workspace Content

Files, notes, decisions, and other content you store in your Synapse workspace. This includes file paths, tags, and content you create or import.

Conversation Data (Plus plan)

If you use conversation sync, we store conversation transcripts and associated media that you choose to sync.

Activity Logs

We log actions within your workspace (file creation, edits, deletions, sharing) for the activity feed feature. Logs include the action type, timestamp, and source (web or MCP).

Usage Data

We use Plausible Analytics for anonymous, cookie-free page view tracking. No personal data is sent to Plausible.

Encryption & Data Access

Synapse supports optional end-to-end encryption using AES-256-GCM. When enabled with a passphrase, your content is encrypted client-side before reaching our servers. We cannot read encrypted content — this is zero-knowledge encryption. Your passphrase is never transmitted or stored.

We do not read, access, or inspect your workspace content — encrypted or not. Your data is stored solely to provide the service back to you. We have no internal tools, dashboards, or processes that display user content. Our backend uses a service key for API operations, but no human at Synapse views your files, conversations, or insights.

How We Use Your Data

• To provide and maintain the Synapse service
• To authenticate you and manage your account
• To process payments and manage subscriptions
• To display activity feeds within your projects
• To improve the service based on anonymous usage patterns

We do not sell your data. We do not use your workspace content to train AI models.

Third-Party Services

• Supabase — Database and authentication. Your data is stored in Supabase-managed PostgreSQL. Supabase Privacy Policy
• Cloudflare — Backend hosting and CDN. Cloudflare Privacy Policy
• Creem — Payment processing. We do not store your payment card details. Creem Privacy Policy
• Plausible — Privacy-focused, cookie-free web analytics. Plausible Data Policy

Data Retention

Your workspace content is retained as long as your account is active. Activity logs are retained indefinitely for the activity feed feature. If you delete your account, all associated data (workspace content, activity logs, API keys, subscriptions) is permanently deleted.

Your Rights

• Export — You can export your entire workspace as a ZIP file at any time.
• Delete — You can delete individual files, or delete your entire account from the account settings page. Account deletion is permanent and irreversible.
• Access — All your data is visible to you in the application.

Security

We use HTTPS for all connections, enforce rate limiting on API endpoints, hash API keys with SHA-256, and support optional end-to-end encryption. Access to your workspace requires authentication via JWT or API key.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

Contact

Questions about this policy? Email [email protected] or reach out on LinkedIn.