> ## Documentation Index
> Fetch the complete documentation index at: https://docs.synapsai.cloud/llms.txt
> Use this file to discover all available pages before exploring further.

# Privacy Policy

> How SynapsAI Cloud processes, manages, and isolates personal information.

Last updated: July 17, 2026

SynapsAI Cloud ("we," "our," or "SynapsAI") provides infrastructure services engineered with data minimization principles. This Privacy Policy outlines how we manage personal data and account details for our cloud platform, and how we handle optional analytics on our public marketing website at **synapsai.cloud**.

## 1. Information We Collect

* **Account Information:** Basic identification details required to establish user accounts, including email address, full name, and workspace credentials.
* **Payment Credentials & Stripe Isolation:** Payment infrastructure is provided by **Stripe**. **During the beta period, SynapsAI Cloud does not conduct billing or collect payment instruments.** When commercial billing is enabled after beta, transaction processing and payment instrument capture will be handled exclusively by Stripe. SynapsAI Cloud does not collect, capture, transmit, or store any raw credit card numbers, CVVs, or bank verification keys.
* **Infrastructure Usage Metadata:** Automated recording of resource utilization stats, bandwidth consumption, GPU compute minutes, request timestamps, HTTP status codes, endpoint identifiers, and regional system logs necessary to operate the platform, detect abuse, and monitor stability. These operational records do **not** include the content of prompts, model inputs, or generated outputs.
* **Transient Input Payloads (API & platform):** Text, audio, and video submitted through our APIs and inference endpoints are handled strictly as transient data processed to complete your request. We **do not sell, share, or retain the content of** this data after processing finishes, except for the limited temporary handling described in our [Data Policy](/legal/data-policy) (for example, ephemeral audio/video preprocessing files or generated video outputs held briefly for download). Payload content is not captured for analytics, model training, advertising, or resale. Limited operational metadata (such as timestamps and status codes) may be retained separately as described in Section 4.

## 2. Website Analytics & Cookies

When you visit **synapsai.cloud** (our marketing website), we may use cookies and similar technologies to understand how the site is used and to improve it. This section does not apply to the SynapsAI Cloud platform, API, or authenticated dashboard unless you also visit the marketing site.

* **Analytics cookies (optional):** With your consent, we use **Google Analytics 4** (measurement ID `G-2MTV9WDCRQ`) and **Microsoft Clarity** (project ID `xcmetdaiuc`) to collect aggregated usage data and understand how visitors interact with our marketing site. This includes pages visited, approximate location (country/region), device and browser type, referral source, session duration, clicks, scrolls, and session recordings (Clarity). Google and Microsoft may process this data on our behalf. We do not use this data to identify you personally unless you are also logged into a Google or Microsoft account and that provider links that activity (which is outside our control).
* **Consent:** Non-essential analytics cookies and session recording are enabled only after you click **Accept** on our cookie banner. If you click **Decline**, we do not enable analytics storage cookies or Clarity recording. We implement [Google Consent Mode v2](https://developers.google.com/tag-platform/security/guides/consent): `analytics_storage` and `ad_storage` default to denied until consent is granted. The Clarity tag may load on page visit, but recording and analytics storage remain disabled until you accept.
* **Consent preference storage:** We store your choice (`accepted` or `declined`) in your browser's local storage under the key `synapsai-cookie-consent` so we do not ask again on every visit. This preference is not shared with third parties.
* **Changing your choice:** You can withdraw consent by clearing site data for synapsai.cloud in your browser, or by contacting us at **[legal@synapsai.cloud](mailto:legal@synapsai.cloud)**. See our [Cookie Policy](/legal/cookie-policy) for a full list of cookies and storage keys.

For visitors in the EU/EEA/UK, we rely on **consent** (GDPR Art. 6(1)(a)) for optional marketing-website analytics cookies. You may withdraw consent at any time.

The cookie banner and analytics described here apply to the main marketing site (`index.html`). They do not currently apply to standalone entry points such as `login.html`.

## 3. How We Use Collected Information

We use account and metadata details exclusively to:

* Provision, maintain, scale, and optimize SynapsAI Cloud infrastructure.
* Detect, prevent, and mitigate infrastructure abuse, unauthorized activities, or service degradation.
* Calculate operational metrics and, when billing is enabled after beta, execute automated billing pipelines via Stripe.
* Deliver platform updates, critical infrastructure notices, or marketing communications. Users may opt out of promotional or marketing distributions instantly using the unsubscription mechanics included in every communication.

## 4. Data Deletion & Commercial Non-Disclosure

### Platform & API data

SynapsAI Cloud **does not sell, rent, license, monetize, or share** customer inference data — prompts, inputs, outputs, embeddings, audio, images, or video — with third-party advertising networks, analytics brokers, data resellers, or model-training aggregators.

We **do not keep the content of processed API payloads** after your request completes, except for strictly temporary handling (such as ephemeral audio/video preprocessing files or generated video assets held for up to 10 minutes so you can download them). See our [Data Policy](/legal/data-policy) for full detail.

**What we may retain separately from payload content:** For security, platform reliability, and debugging, we may retain limited **operational metadata** that does not include prompt text, model inputs, or generated outputs — for example, request timestamps, HTTP status codes, endpoint paths, resource utilization metrics, reverse-proxy access logs, aggregated error diagnostics, and monitoring alerts. These records are used to operate and protect the platform, not to reconstruct or monetize your inference content.

This commitment applies to the **SynapsAI Cloud platform and API**. It does not prohibit aggregated, consent-based website analytics on our public marketing pages (Section 2), which is a separate data flow and never receives your inference payloads.

* **Zero Monetization of Data:** SynapsAI Cloud does not sell, rent, monetize, barter, or distribute customer data, account records, or input/output payload sets to any third-party advertising networks, analytics brokers, or model-training aggregators.
* **Payload Purging:** As detailed in our Data Policy, operational text payloads are maintained exclusively in-memory, while audio/video processing files are isolated in ephemeral directories and destroyed programmatically post-execution. Operational metadata such as request logs and monitoring metrics may be retained without payload content.

## 5. Data Retention Schedule

The table below summarizes how long we retain categories of personal and operational data. Inference payload **content** is not retained beyond transient processing except as noted.

| Data category                                                   | Retention period                                                           | Notes                                                                   |
| --------------------------------------------------------------- | -------------------------------------------------------------------------- | ----------------------------------------------------------------------- |
| Account profile (name, email, credentials)                      | Active account lifetime, then **30 days** after confirmed deletion         | Allows account recovery requests and deletion processing                |
| Terms/Privacy acceptance records                                | **7 years** from acceptance, or account lifetime if longer                 | Legal and dispute-resolution purposes                                   |
| Authentication sessions                                         | Until logout, session expiry, or **revoke all sessions**                   | Configurable session TTL                                                |
| API & routing operational metadata                              | Up to **90 days**                                                          | Timestamps, status codes, endpoints, usage metrics — no payload content |
| Security & abuse logs (IP patterns, auth failures, rate limits) | Up to **12 months**                                                        | Incident investigation and abuse prevention                             |
| Infrastructure monitoring & incident data (Better Stack)        | Up to **90 days** for logs; incident records per provider retention        | Redacted diagnostics only; no inference payloads                        |
| Model weights & deployment artifacts                            | Until Client deletes the deployment, or **30 days** after account deletion | Tenant-scoped cached weights per [Data Policy](/legal/data-policy)      |
| Inference payload content (text, audio, video inputs)           | **Transient** — duration of the request only                               | RAM/VRAM; not persisted                                                 |
| Generated video outputs                                         | Up to **10 minutes**, or until delete API call                             | Temporary download window                                               |
| Marketing cookie consent preference                             | Until you clear site data                                                  | Browser local storage (`synapsai-cookie-consent`)                       |
| Marketing analytics (GA4, Clarity)                              | Per provider policies (up to **26 months** for GA4 cookies when consented) | Consent required; see [Cookie Policy](/legal/cookie-policy)             |
| Stripe billing records                                          | Not collected during beta                                                  | When billing is enabled: per Stripe retention and applicable tax law    |

You may request earlier deletion of account data subject to legal retention obligations. See Section 6 and Section 8.

## 6. Third-Party Subprocessors

We partner with infrastructure and operational providers to deliver SynapsAI Cloud. A current list — including **Nebius** (AI cloud compute), **Cloudflare** (network edge), **Better Stack** (incident management and monitoring), and **Stripe** (payment infrastructure, not active during beta) — is published on our [Subprocessors](/legal/subprocessors) page.

All platform subprocessors are contractually bound to process data only as instructed and to prevent unauthorized observation, copying, or retention of tenant payload content. **Your API inference payloads are not shared with subprocessors for marketing, analytics, or model-training purposes** — only for executing the compute workload you requested.

Website analytics subprocessors below apply **only** to the public marketing site when you consent. They do **not** receive API inference data, prompts, or model outputs.

* **Google Analytics (Google LLC)** — Website usage measurement on synapsai.cloud when you consent to analytics cookies (measurement ID `G-2MTV9WDCRQ`). Privacy information: [Google Privacy Policy](https://policies.google.com/privacy). Google may act as an independent controller for certain processing. For business use of Google Analytics, we accept Google's applicable analytics terms and data processing terms in our Google Analytics administration settings.
* **Microsoft Clarity (Microsoft Corporation)** — Session recordings, heatmaps, and behavioral analytics on synapsai.cloud when you consent (project ID `xcmetdaiuc`). Privacy information: [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft processes session data on our behalf.

## 7. Your Jurisdictional Rights

Depending on your geographic location or corporate domicile, you may possess legal rights to inspect, amend, export, restrict, or purge the personal account records we maintain, and to manage optional marketing-website cookie preferences as described in Section 2. Inquiries regarding data privacy execution can be transmitted directly to our privacy contact at **[legal@synapsai.cloud](mailto:legal@synapsai.cloud)**.

**California residents (CCPA/CPRA):** We do not sell or share personal information for cross-context behavioral advertising. Optional Google Analytics and Microsoft Clarity on our marketing website run only with your consent. You may request information about our data practices or exercise applicable rights by contacting **[legal@synapsai.cloud](mailto:legal@synapsai.cloud)**.

## 8. Quebec Residents (Law 25)

SynapsAI Technologies Inc. is established in Quebec. This section applies to Quebec residents and supplements our disclosures under **An Act respecting the protection of personal information in the private sector** (commonly **Law 25**) and the federal **Personal Information Protection and Electronic Documents Act (PIPEDA)**.

### A. Privacy governance

We designate a **privacy contact** reachable at **[legal@synapsai.cloud](mailto:legal@synapsai.cloud)** for questions about personal information handling, access requests, and privacy incidents. Where Law 25 requires a person in charge of the protection of personal information, this contact fulfills that role.

### B. Legal bases and consent

We collect and use personal information only for identified purposes: operating your account, securing the platform, communicating service notices, and (with consent) optional marketing communications and website analytics. We do not collect payment information during beta.

Sensitive uses — such as optional marketing emails or non-essential analytics cookies — rely on **opt-in consent** where required. You may withdraw consent at any time without affecting lawful processing before withdrawal.

### C. Cross-border transfers

Personal information may be processed in Canada, the United States, and other countries where our [subprocessors](/legal/subprocessors) operate (for example, Nebius infrastructure regions, Cloudflare's global network, and Better Stack monitoring). Before transferring personal information outside Quebec, we assess risks and implement contractual and technical safeguards appropriate to the sensitivity of the data.

### D. Privacy incidents

If we determine that a confidentiality incident presents a **risk of serious injury** to Quebec residents, we will notify affected individuals and the **Commission d'accès à l'information du Québec (CAI)** as required by Law 25, without undue delay. We will also notify enterprise clients acting as data controllers when personal data in their workloads is affected, consistent with our [Data Processing Agreement](/legal/data-processing-agreement).

### E. Your rights under Law 25 and PIPEDA

Subject to legal exceptions, Quebec residents may:

* Request access to personal information we hold about you
* Request correction of inaccurate information
* Request deletion or de-indexing where applicable
* Request information about our privacy practices and subprocessors
* Withdraw consent for optional processing (marketing, analytics cookies)

Submit requests to **[legal@synapsai.cloud](mailto:legal@synapsai.cloud)**. We will respond within timeframes required by applicable law (generally **30 days** under PIPEDA, unless an extension is permitted).

## 9. Additional Disclosures for European Union and United Kingdom Residents (GDPR Compliance)

This section applies exclusively to individuals residing within the European Union (EU), the European Economic Area (EEA), and the United Kingdom (UK). It supplements the privacy disclosures outlined above in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

### A. Legal Basis for Processing Personal Data

Under the GDPR, SynapsAI Cloud operates as a **Data Controller** for your account setup information and standard telemetry. We rely on the following distinct legal bases to process this personal data:

* **Performance of a Contract:** Processing account information (email, name) is strictly necessary to fulfill our contractual obligations to provision your compute workspace and manage your infrastructure instances.
* **Legitimate Interests:** Processing infrastructure usage analytics and system-level telemetry is necessary for our legitimate business interests in maintaining, monitoring, securing, and optimizing the stability and performance of our raw compute infrastructure.
* **Consent:** We rely on your explicit consent to transmit promotional materials and marketing updates. You retain the absolute right to withdraw consent at any time via the automated unsubscription link provided in each email. We also rely on consent for optional marketing-website analytics (Google Analytics and Microsoft Clarity), which you may withdraw by clearing stored site preferences or contacting us.

*Note: For all input inference payloads (text, audio, video files) submitted via our APIs, SynapsAI Cloud acts strictly as a **Data Processor** on behalf of the client, as governed by our [Data Processing Agreement (DPA)](/legal/data-processing-agreement). The DPA is automatically incorporated when you process GDPR personal data through the platform — see [Terms of Use, Section 13](/legal/terms-of-use#13-electronic-acceptance-contract-records--related-agreements).*

### B. Cross-Border Data Transfers & Standard Contractual Clauses (SCCs)

SynapsAI Cloud processes data primarily on secure high-performance infrastructure located in United States datacenters operated by our subprocessor **Nebius**. Because personal account metrics and infrastructure analytics may originate in the EU/UK and be transferred out of those jurisdictions, we protect these cross-border data flows by executing Module 1 (Controller-to-Controller) or Module 2 (Controller-to-Processor) of the European Commission’s approved **Standard Contractual Clauses (SCCs)**, incorporated directly into our corporate compliance framework and [DPA](/legal/data-processing-agreement).

Where you consent to marketing-website analytics, usage data collected by Google Analytics and Microsoft Clarity may also be processed in the United States and other countries where those providers operate. Google and Microsoft participate in applicable transfer mechanisms, including the EU-U.S. Data Privacy Framework (where certified) and Standard Contractual Clauses, as described in [Google's privacy documentation](https://policies.google.com/privacy) and [Microsoft's privacy documentation](https://privacy.microsoft.com/privacystatement).

### C. Your Explicit Data Rights Under GDPR

If you are located in the EU, EEA, or UK, you possess the following statutory rights regarding the personal account records we maintain:

1. **Right of Access:** The right to obtain a structured confirmation as to whether your personal data is being processed, alongside a copy of that data.
2. **Right to Rectification:** The right to demand the immediate correction of inaccurate or incomplete personal data records.
3. **Right to Erasure ("Right to Be Forgotten"):** The right to request the permanent, un-recoverable deletion of your account metadata and cached deployment workspace configuration files, provided it does not conflict with statutory financial or taxation retention laws.
4. **Right to Restriction of Processing:** The right to temporarily halt the processing of your data during dispute validations or operational audits.
5. **Right to Data Portability:** The right to receive your personal data in a structured, commonly used, machine-readable format (JSON/CSV) for transmission to another service.
6. **Right to Object:** The right to object to processing activities carried out under our legitimate interest parameters or for direct marketing.

### D. Privacy Contact & Regulatory Recourse

For inquiries regarding data protection mechanisms, cross-border transmission protocols, or to formally exercise your GDPR data rights, contact our privacy contact at **[legal@synapsai.cloud](mailto:legal@synapsai.cloud)**.

If you believe our data processing operations infringe upon your rights under the GDPR, you maintain the legal right to lodge a formal complaint with a competent Supervisory Authority within your country of residence, workplace, or the place of the alleged infringement.
