Privacy Policy

Effective Date: March 23, 2026 · Version: 1.0

The Short Version

Syngine collects the data it needs to run the platform and nothing more. We don’t sell your data, we don’t use it for advertising, and we don’t share it with anyone who doesn’t need it to keep the platform working. You own your data, you can export it, and you can delete it.

The rest of this policy explains the details.

1. Who We Are

Syngine Inc. (“Syngine,” “we,” “us,” “our”) operates the Syngine platform, a collaboration and coaching tool for mission-driven communities. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform.

If you have questions about this policy, contact us at legal@syngine.com.

2. What We Collect

We collect information in a few categories. Here’s what falls into each one.

Information You Provide

  • Account information: Your name, email address, profile details, and avatar
  • Organization membership: Which organizations you belong to, your role within each one, and your relationship type (fellow, intern, advisor, staff, etc.)
  • Content you create: Feed posts, chat messages, comments, reactions, task descriptions, playbook documents, canvas content, and other materials you produce on the platform
  • Calendar and contact data: If you connect Google Workspace, we sync calendar events and contacts that you authorize

Information Generated by Your Activity

  • Task and project data: Tasks you create, complete, or are assigned to, including status changes, due dates, and time tracking entries
  • Communication records: Messages sent through the platform’s chat and feed features
  • Usage data: Which features you use, how often, session duration, pages viewed, and actions taken within the platform
  • Device and connection information: Browser type, operating system, IP address, and general location (city/region level, not precise)

Information From Third Parties

  • Authentication providers: When you sign in through Google OAuth, we receive your name, email, and profile photo from Google
  • Organization administrators: Admins may provide information about you when adding you to their organization (such as your role or start date)

3. How We Use Your Information

Everything we do with your data ties back to making the platform work and making it better. Specifically:

Running the Platform

  • Providing your account, displaying your content, and delivering notifications
  • Managing organization memberships and access permissions
  • Processing tasks, projects, and collaborative features
  • Syncing calendar and contact data from connected services

AI Features (Cecil)

Cecil, Syngine’s AI assistant, processes your platform data to provide coaching, task categorization, content suggestions, daily briefs, and other AI-powered features. When Cecil processes your data:

  • It draws on your tasks, posts, activity patterns, and organization context
  • It sends relevant data to our AI provider (currently Anthropic) for processing
  • Anthropic does not use your data to train its models
  • Cecil does not share your data across organizations without your knowledge

You can opt out of AI features through your account settings. Some platform functionality may be reduced without AI features enabled.

Communication

  • Sending email notifications (task reminders, daily briefs, organization updates)
  • Delivering in-platform messages and alerts

Improving the Platform

  • Understanding how features are used so we can make them better
  • Identifying bugs, performance issues, and areas for improvement
  • Developing new features based on usage patterns (in aggregate, not individual tracking)

What We Will Never Do

  • Sell your data. Not now, not ever.
  • Use your data for advertising. Syngine has no ads and no ad-targeting infrastructure.
  • Share your data with third parties for their marketing purposes.

4. Who Can See Your Information

Within Your Organizations

Your visibility on Syngine depends on your role and organization settings:

  • Organization administrators can see member profiles, activity within their organization’s workspace, and manage membership
  • Team members can see your profile, feed posts shared within the organization, and collaborative content in shared projects
  • Cross-organization visibility: If you belong to multiple organizations in the same ecosystem, some profile information (name, avatar, organization affiliations) may be visible across the ecosystem. Content you create within a specific organization stays within that organization unless you share it more broadly.

Syngine Staff

Syngine team members may access your data when:

  • Providing technical support at your request
  • Investigating reported violations of our Terms of Service
  • Maintaining and improving platform infrastructure
  • Required by law

We limit staff access to what’s necessary for the task at hand, and we log access for accountability.

Third-Party Service Providers

We use a small number of third-party services to operate the platform. These providers process your data on our behalf and under our instructions:

ProviderWhat They HandleWhy
SupabaseDatabase hosting, authenticationCore platform infrastructure
AnthropicAI processingPowers Cecil’s coaching and productivity features
ResendEmail deliverySends notifications and daily briefs
GoogleOAuth, Calendar, ContactsAuthentication and workspace integrations
VercelApplication hostingHosts the platform infrastructure

We do not share your data with any third parties beyond what’s listed here, unless required by law or with your explicit consent.

5. Data Storage and Security

Where Your Data Lives

Your data is stored on Supabase’s infrastructure, which runs on cloud servers in the United States. Data is encrypted both in transit (TLS) and at rest.

How We Protect It

  • All data transmitted between your browser and our servers is encrypted
  • Database access is restricted and monitored
  • Authentication uses industry-standard protocols (OAuth 2.0, secure session management)
  • We conduct regular reviews of our security practices

How Long We Keep It

  • Active accounts: We retain your data for as long as your account is active
  • Deleted accounts: When you delete your account, we remove your personal data within 30 days. Some data may be retained in anonymized form where it’s part of an organization’s records (for example, task completion history)
  • Backups: Backup copies may persist for up to 90 days after deletion before being fully purged

Breach Notification

If we discover a data breach that affects your personal information, we will notify you and any affected organizations promptly, and no later than required by applicable law. We will also notify relevant authorities where required.

6. Your Rights

You have control over your data. Here’s what you can do:

Access Your Data

You can request a copy of the personal data we hold about you. Contact us at legal@syngine.com and we’ll provide it in a portable format within 30 days.

Correct Your Data

If your information is inaccurate, you can update most of it directly through your profile settings. For anything you can’t update yourself, reach out to us and we’ll fix it.

Delete Your Data

You can delete your account through your account settings. This removes your personal data within 30 days, subject to the retention policies described above.

Export Your Data

You can request a machine-readable export of your data. We’ll provide it in a standard format (such as JSON or CSV) within 30 days of your request.

Opt Out of AI Processing

You can disable Cecil and other AI features through your account settings. This stops your data from being sent to our AI provider for processing.

7. Special Categories

AI and Machine Learning

Syngine uses AI to power Cecil’s features. To be transparent about how this works:

  • Cecil processes your platform data (tasks, posts, activity) to generate suggestions and insights
  • Data is sent to Anthropic’s API for processing on a per-request basis
  • Anthropic does not retain your data after processing or use it to train models
  • AI-generated content is clearly distinguished from human-authored content on the platform
  • You can opt out of all AI features at any time

Children’s Privacy

Syngine is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected data from a child under 13, we will delete it promptly.

For users between 13 and 18 (such as interns participating through an organization program), we require parental or guardian consent and collect only the information necessary for participation. Organization administrators are responsible for confirming that appropriate consent has been obtained before adding minor users to the platform.

Parents or guardians of minor users may contact us at legal@syngine.com to review, correct, or delete their child’s information.

State-Specific Privacy Rights

California Residents (CCPA/CPRA): You have the right to know what personal information we collect, request its deletion, and opt out of the sale of your personal information. For the record, we do not sell personal information. To exercise your rights, contact us at legal@syngine.com.

Other U.S. State Privacy Laws: Several states have enacted their own privacy laws. If you’re a resident of Virginia, Colorado, Connecticut, Utah, or another state with privacy legislation, you may have additional rights. Contact us and we’ll work with you to honor applicable requirements.

8. The Person-Centric Model

This is worth explaining clearly because it’s different from how most platforms work.

On Syngine, your data follows you, not the organization. Your account, profile, and personal content belong to you regardless of which organizations you join or leave. This means:

  • If you leave an organization, your personal data comes with you. Organization-specific content (like project tasks) stays with the organization.
  • If you join a new organization, your existing profile and account history carry over. The new organization does not gain access to content from your previous organizations.
  • If an organization stops using Syngine, individual members keep their accounts and personal data.

This model gives you more control and continuity than a traditional “your employer owns your account” approach. It also means we take your individual privacy seriously, independent of any organization’s policies.

9. Cookies and Tracking

Syngine uses a small number of cookies to keep the platform running. We don’t use cookies for advertising, tracking across other websites, or building marketing profiles.

Essential Cookies

These are required for Syngine to function. You can’t opt out of them and still use the platform.

CookiePurposeDuration
Session tokenKeeps you logged in and authenticates your requestsUntil you log out or session expires
Authentication stateManages OAuth flow with Google and Supabase AuthDuration of login session
CSRF tokenProtects against cross-site request forgery attacksDuration of session
Cookie preferencesRemembers your cookie choices (if applicable)1 year

Analytics Cookies

These help us understand how people use the platform so we can make it better. They collect aggregate data, not individual tracking profiles.

CookiePurposeDuration
Usage analyticsTracks which features are used, page views, and session duration in aggregate1 year

You can opt out of analytics cookies through your account settings without affecting platform functionality.

What We Don’t Use

  • No advertising cookies. Syngine has no ads.
  • No third-party marketing trackers. We don’t share browsing data with advertisers or data brokers.
  • No social media tracking pixels. No Facebook pixel, no LinkedIn insight tag, nothing like that.
  • No cross-site tracking. We don’t follow you around the internet.
  • No fingerprinting. We don’t use device fingerprinting techniques to identify you.

Third-Party Cookies

The third-party services Syngine integrates with may set their own cookies when you interact with their features:

  • Google: When you use Google OAuth to sign in or connect Google Calendar/Contacts, Google may set cookies according to their own cookie policy.
  • Supabase: Our infrastructure provider may set cookies related to authentication and session management.

These third-party cookies are governed by those companies’ respective privacy and cookie policies, not this policy.

Managing Cookies

You can manage analytics cookie preferences through your account settings. Most browsers also let you control cookies through their settings — you can see, delete, or block cookies. Keep in mind that blocking essential cookies will prevent Syngine from working properly.

10. International Users

Syngine currently operates in the United States. If you access the platform from outside the U.S., your data will be transferred to and processed in the United States.

If we expand to serve users in the European Union or other regions with specific data protection requirements (such as GDPR), we will update this policy to address applicable regulations before doing so.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we’ll:

  • Update the effective date at the top of this document
  • Notify you through the platform or by email at least 30 days before changes take effect
  • Give you the opportunity to review the changes before they apply

Your continued use of Syngine after the updated policy takes effect means you accept the changes.

12. Contact Us

Questions, concerns, or requests about your privacy? Reach out:

Email: legal@syngine.com
Mail: 2501 Grand Concourse, 3rd Fl BBTI, Bronx, NY 10468

We aim to respond to all privacy-related requests within 30 days.

This Privacy Policy was last updated on March 23, 2026.