Privacy Policy

1. Scope and Applicability

This Privacy Policy applies to personal information collected when you:

• Visit our website
• Create an account
• Subscribe to or use our Services
• Receive alerts, notifications, or communications from us
• Interact with us through customer support or other channels

This Privacy Policy does not apply to third-party websites, services, or platforms that may be linked from our Services. We are not responsible for the privacy practices of those third parties.

2. Who We Are

Syntara AI is a software-as-a-service ("SaaS") platform that provides real-time market activity alerts and contextual information derived from publicly available data sources. We do not provide investment advice, brokerage services, portfolio management, or trade execution.

3. Information We Collect

A. Information You Provide Directly

We may collect personal information you voluntarily provide, including:

• Name
• Email address
• Account login credentials
• Billing and subscription information (processed via third-party payment processors)
• Communications with customer support
• Preferences and settings

Note: We do not store full payment card numbers. Payment data is handled by our payment processors (e.g., Stripe) under their own privacy policies.

B. Information Collected Automatically

When you use the Services, we may automatically collect:

• IP address
• Device type, browser type, and operating system
• Usage data (pages viewed, features used, timestamps)
• Log files and error reports
• Approximate location (derived from IP address)

This data helps us operate, secure, and improve the Services.

C. Cookies and Similar Technologies

We use cookies and similar technologies to:

• Authenticate users
• Maintain session integrity
• Understand usage patterns
• Improve performance and user experience

You may control cookies through your browser settings, but disabling cookies may limit certain features of the Services.

4. How We Use Information

We use personal information for the following purposes:

• To provide, operate, and maintain the Services
• To create and manage user accounts
• To deliver alerts, notifications, and service-related communications
• To process subscriptions and payments
• To improve and develop new features
• To monitor usage, performance, and security
• To comply with legal obligations
• To prevent fraud, abuse, or unauthorized access

We do not use personal information to provide personalized investment advice or trading recommendations.

5. Legal Bases for Processing (EEA / UK / Similar Jurisdictions)

Where applicable, we process personal information based on:

• Performance of a contract
• Legitimate business interests (e.g., service improvement, security)
• Legal compliance
• User consent, where required by law

6. Sharing and Disclosure of Information

We may share personal information only in the following circumstances:

A. Service Providers

We may share information with trusted third-party service providers that assist us with:

• Hosting and infrastructure
• Payment processing
• Analytics
• Customer support
• Communications

These providers are contractually obligated to protect your information and use it only for authorized purposes.

B. Legal and Compliance

We may disclose information if required to:

• Comply with applicable laws or regulations
• Respond to lawful requests by authorities
• Protect the rights, safety, or property of Syntara AI, users, or others

C. Business Transfers

If Syntara AI is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate safeguards.

7. Data Retention

We retain personal information only for as long as necessary to:

• Provide the Services
• Fulfill contractual and legal obligations
• Resolve disputes
• Enforce agreements

Retention periods vary depending on the type of data and legal requirements.

8. Data Security

We implement reasonable administrative, technical, and organizational measures designed to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security.

Data Classification and Handling

We classify data based on sensitivity. OAuth access tokens, authentication credentials, and financial account identifiers are treated as highly sensitive. We store only the minimum data required for functionality and do not store raw credentials such as passwords, social security numbers, or bank account numbers.

Access Control and Privileged Access Management

User access is authenticated via a third-party identity provider with session-based authentication. All backend API endpoints are protected by authentication middleware. Database access is restricted to the application service layer only, with no direct human access in production. Sensitive financial operations require additional verification through a separate trading PIN.

Encryption of Data at Rest and in Transit

All communications between clients and servers use TLS/HTTPS encryption. OAuth token exchanges with third-party services are conducted exclusively over HTTPS. Our database uses encryption at rest provided by our managed hosting infrastructure. All API calls between frontend applications and backend services are encrypted in transit.

Vulnerability Management and Patch Management

Application dependencies are regularly updated. Our infrastructure is managed via a platform-as-a-service (PaaS) provider that handles OS-level patching and security updates. Application containers are rebuilt on each deployment with current base images.

Incident Response and Disaster Recovery

Application logs are monitored for anomalies. Circuit breakers and rate limiting are implemented to prevent cascading failures. Database backups are automated. In the event of a security incident, affected tokens are immediately revoked, affected users are notified, and relevant third-party partners are informed.

Physical Security

All infrastructure is cloud-hosted with no on-premise servers. Physical security is managed by our hosting provider's data center facilities.

Vendor Risk Management

We use trusted third-party vendors for hosting, authentication, and brokerage services. All vendors are evaluated for security certifications and compliance standards before integration. Our hosting and authentication providers maintain SOC 2 compliance.

9. International Data Transfers

Your information may be processed and stored in the United States or other jurisdictions where we or our service providers operate. Where required, we implement appropriate safeguards for international data transfers.

10. Your Privacy Rights

Depending on your location, you may have rights to:

• Access personal information
• Correct inaccurate information
• Request deletion
• Restrict or object to processing
• Request data portability

Requests may be submitted via our contact page.

We may need to verify your identity before responding.

11. California and U.S. State Privacy Rights

If you are a resident of California or other U.S. states with privacy laws, you may have additional rights, including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of certain data sharing

Syntara AI does not sell personal information.

12. Children's Privacy

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have done so, we will delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Services constitutes acceptance of the updated policy.