SynovAI
Home

Privacy Policy

Last updated: 2026-05-04

1. Scope

This Privacy Policy describes how SynovAI, Inc. ("SynovAI," "we") collects, uses, shares, and retains information when you use the SynovAI platform and related services (the "Platform"). It applies to information we collect through the Platform's web app, API, marketing site, and email.

2. Information We Collect

We collect the following categories of information:

  • Account information. Name, email address, organization, and role you provide when creating an account; team membership; tier and subscription status. For enterprise SSO logins via Microsoft Entra ID, we receive a stable user identifier and the email address asserted by your identity provider.
  • Customer content. Molecular structures, pipeline parameters, route favorites, reagent flags, catalog uploads, project organization, and feedback you submit. Customer content is treated as your confidential information.
  • Usage data. Logs of feature use, request metadata (timestamp, route, response status, latency), and error events. We use this to operate, debug, and improve the Platform. Usage logs do not include the bodies of customer content beyond what is needed to triage errors, and we do not associate usage logs with marketing profiles.
  • Billing information. Billing contact and payment-method tokens are processed by our payment provider (Stripe). We do not see or store full card numbers.
  • Communications. Email you send us, support tickets, and meeting notes you provide.

3. How We Use Information

  • To operate the Platform — running predictions, storing results, enforcing access controls.
  • To communicate with you about service updates, security notices, billing, and customer support. Marketing email is opt-in and you can unsubscribe at any time.
  • To debug, monitor, and improve Platform reliability and performance.
  • To detect and prevent fraud, abuse, or violations of our Terms of Use.
  • To comply with legal obligations.

We do not use customer content (your molecular structures, results, or task data) to train or fine-tune our AI/ML models without your explicit written consent.

4. Sharing and Sub-processors

We share information only with vetted sub-processors that need it to deliver the Platform, and only to the extent necessary. Current sub-processors are listed at /security.

We do not sell personal information. We do not share customer content with third parties for advertising.

We may disclose information when required by law, valid legal process, or to protect the rights, property, or safety of users or the public. When permitted, we will notify the affected customer before disclosure.

5. Retention

We retain account information and customer content for as long as your account is active. When you delete your account, we delete production data immediately and purge corresponding backup data within the standard 30-day backup retention window unless a longer retention is required by law (e.g., tax records). Anonymized aggregate metrics derived from usage data may be retained indefinitely; these cannot be used to re-identify a specific customer.

6. Security

We protect information using the technical and organizational measures described at /security, including encryption in transit and at rest, role-based access, and dependency monitoring. No system can be guaranteed perfectly secure; we work continuously to reduce risk.

7. Your Rights and Choices

You have the following rights regarding information we hold about you:

  • Access. Most of your data is visible in your account. For anything additional, contact us.
  • Correction. You can edit your account profile. Contact us for fields not editable in the UI.
  • Deletion. You can delete your account from account settings or by emailing us.
  • Portability. You can export your tasks, routes, and lab bundles in standard formats from the Platform UI. Additional export requests can be sent to support.
  • Marketing opt-out. Use the unsubscribe link in marketing emails or contact us.

We will respond to verifiable requests within 30 days, or sooner where required by law. Where applicable law (e.g., GDPR, CCPA) provides additional rights, we will honor them.

8. International Users

The Platform is operated from the United States. By using the Platform, you understand that information may be processed in the United States and other countries where our sub-processors operate. We are happy to discuss data-residency arrangements for enterprise customers with specific requirements.

9. Children's Privacy

The Platform is not directed to children under 16. We do not knowingly collect personal information from children. Educational accounts for university students are managed through the institution and require institutional consent.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or in-app notice at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent change.

11. Contact

Questions, concerns, or requests regarding this Privacy Policy or our data practices should be sent to jessica.freeze@synovai.net.