synapse logosynapse

Privacy Policy

Last updated: 24 June 2026

This Privacy Policy explains how Synapse Social (“we”, “us”, “our”) — a sole proprietorship registered in Singapore (UEN 53526189J), the operator of Synapse (https://withsynapse.app) — collects, uses, discloses, and protects your personal data. We handle personal data in accordance with Singapore’s Personal Data Protection Act 2012 (the “PDPA”). For the personal data we process about you, we generally act as the data controller; where you connect a third-party account and instruct us to publish your content, we act on your behalf in transmitting that content to the platforms you choose.

1. Data we collect

We collect the following categories of personal data:

  • Account data — your email address, password (stored only as a secure hash by our authentication provider), and any display name or profile picture you set. If you sign in with Google, we receive your basic Google profile information (name, email address, and profile picture) so we can create and authenticate your account.
  • Content & media — the posts, captions, schedules, drafts, and images or videos you create, upload, or publish through Synapse, and any content you create with our Studio or AI tools.
  • Connected-account data — when you connect a social-media account, the access credentials or access/refresh tokens (and, for Bluesky, the app password) needed to post on your behalf, plus basic profile details (such as username, account ID, and avatar) and the post analytics returned by that platform. To publish to certain platforms, we may also make your selected media temporarily retrievable through a short-lived, signed link so the platform can fetch it.
  • Team & workspace data — if you create or join a workspace, we store workspace membership, invitations (including invitee email addresses), roles, and per-member permissions. Content and connected accounts within a workspace are accessible to its members according to the permissions the owner sets.
  • Billing data — your subscription status and the customer and subscription identifiers from our payment processor. We do not store your full card number; card details are collected and held by Stripe.
  • Usage & technical data — information such as log data, your IP address, device/browser metadata, and request information, used to operate, secure, rate-limit, and debug the service and to prevent abuse and fraud.

2. How we use your data

We use personal data to:

  • provide, operate, and maintain Synapse;
  • publish and schedule your posts to the platforms you select, and show you their status and analytics;
  • enable team collaboration, including sharing workspace content and connected accounts among members according to the owner’s permission settings;
  • generate content you request through our AI and Studio tools (see Section 11);
  • authenticate you and keep your account secure;
  • process your subscription, trial, and payments;
  • send you transactional emails (e.g. sign-up confirmation, password resets);
  • respond to your enquiries and provide support;
  • detect, prevent, and address abuse, fraud, security incidents, or technical issues (including rate-limiting using your IP address);
  • comply with our legal obligations.

Under the PDPA, we collect, use, and disclose your personal data with your consent (including deemed consent when you voluntarily provide data to use a feature) or as otherwise permitted or required by law.

3. Who we share data with

We do not sell your personal data, and we do not share it for cross-context behavioural advertising or serve you third-party ads. We share data only with service providers (“data intermediaries”) that process data on our behalf to run Synapse, and with the platforms you choose to post to:

  • Supabase — database, authentication, and file storage.
  • Vercel — application hosting and content delivery.
  • Stripe — payment processing and subscription management.
  • Our posting/integration provider (Zernio) — to transmit your posts and media to certain connected platforms and retrieve analytics, for platforms we do not integrate with directly.
  • Resend — to deliver transactional emails.
  • AI service providers — when you use our AI features, to generate the output you request (see Section 11).
  • The social-media platforms you connect — we send the content and media you instruct us to publish, and read the basic account and analytics data needed to power the service. Each platform’s handling of that data is governed by its own privacy policy.

We may also disclose data where required by law, to enforce our Terms, or to protect the rights, safety, and property of Synapse, our users, or others. If we are involved in a merger, acquisition, or sale of assets, we will take reasonable steps to ensure your data remains subject to protections consistent with this policy.

4. International transfers

Several of our service providers (including Supabase, Vercel, Stripe, and our AI providers) store and process data outside Singapore, including in the United States, and the social-media platforms you connect operate globally. Where personal data is transferred abroad, we take reasonable steps to ensure it receives a standard of protection comparable to the PDPA, including by relying on providers that offer such protections contractually.

5. Retention & deletion

We retain personal data for as long as your account is active and as needed to provide Synapse. When you cancel your subscription and your access period ends, or when you delete your account, we disconnect your connected accounts and delete your posts, media, and related data, except where we must retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements. You can also remove individual connected accounts at any time from the Connections page, which deletes the stored tokens for that account.

You may request deletion of your data at any time — see our Data Deletion page or email us at support@withsynapse.app. Note that content already published to a third-party platform remains on that platform and is subject to its own retention; you may need to remove it there as well.

6. Security

We use reasonable technical and organisational measures to protect personal data, including encrypted connections, hashed passwords, per-user access controls enforced at the database level, private per-user file storage, and storage of third-party access tokens that is not exposed to other users. No method of transmission or storage is perfectly secure, but we work to protect your data and to address any incident appropriately. If a data breach occurs that is likely to result in significant harm to affected individuals, or is of a significant scale, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as required by the PDPA’s data breach notification obligation.

7. Your rights under the PDPA

You may, subject to the PDPA:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • withdraw your consent to our collection, use, or disclosure of your data;
  • delete your account and request deletion of your data;
  • ask questions about how your data is handled.

To exercise these rights, email support@withsynapse.app from the address on your account, or use the Data Deletion page. We will respond within 30 days where reasonably practicable, or let you know when to expect a response. Withdrawing consent or deleting your account may mean we can no longer provide Synapse to you.

8. Cookies & similar technologies

Synapse uses strictly necessary cookies to keep you logged in and to keep your session secure. These are required for the service to function; we do not use them for third-party advertising. Your browser’s local storage may also hold preferences such as your theme choice, “remember” selections, saved templates or favourites, and sidebar/layout state — this stays in your browser and is not used to track you across other sites.

9. Children

Synapse is not intended for anyone under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

10. Third-party platform APIs (including YouTube)

To publish your content and retrieve analytics, Synapse integrates with third-party platform APIs, including YouTube API Services.

  • By connecting a YouTube channel and using these features, you agree to be bound by the YouTube Terms of Service.
  • Information accessed through the YouTube API Services is handled in accordance with the Google Privacy Policy.
  • Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use this data only to provide the features you request — uploading your videos to your own channel and showing you analytics on your own videos — and we do not use it for advertising or to train generalized AI/ML models, nor transfer it except as needed to provide the service or as required by law.
  • You can revoke Synapse’s access at any time by disconnecting the account in Synapse → Connections, or via your Google Account’s security settings at myaccount.google.com/permissions.
  • Other platforms you connect are likewise accessed via their official APIs and governed by their own terms and privacy policies — including Meta (Facebook, Instagram, and Threads), TikTok, Pinterest, LinkedIn, and Bluesky. For each, we access only the data needed to publish the content you choose and to show you analytics on your own posts, and you can disconnect at any time from the Connections page (which deletes the stored tokens). You can also revoke Meta access and request deletion via our Data Deletion page.

11. Automated features and AI

Synapse offers (or plans to offer) features that use artificial intelligence — for example, AI caption writing, thumbnail assistance, and image generation. When you use one of these features, the content you submit (such as your prompt, caption text, or a selected image) is sent to our AI service providers solely to generate the output you requested.

  • Our AI providers are bound by their terms not to use your content to train their general-purpose models, and we do not use your content to train our own models.
  • AI output may be inaccurate or unexpected; you are responsible for reviewing it before you publish or rely on it.
  • Some of our Studio tools (such as background removal) run entirely in your browser — the image is processed on your device and is not uploaded to us for that purpose.

We will update this section as our AI features change, and will name the relevant providers as they go live.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date above and, for material changes, take reasonable steps to notify you. Your continued use of Synapse after changes take effect constitutes acceptance of the updated policy.

13. Contact

For any privacy questions, requests, or complaints, contact us at support@withsynapse.app. If you are not satisfied with our response, you may contact Singapore’s Personal Data Protection Commission (PDPC).

Questions? Email support@withsynapse.app.

Terms of ServicePrivacy Policy

© 2026 Synapse. All rights reserved.