Privacy Policy

Last updated: 2026-05-06. Operated by Synthetic Smarts LLC d/b/a Synsmarts.

This is the public-facing summary of how Synsmarts handles personal data. The full GDPR-compliant policy with Article 6 lawful-basis analysis is maintained internally and available on request to privacy@synsmarts.io.

who we are

Synthetic Smarts LLC, doing business as Synsmarts. A Wyoming limited liability company. Privacy contact: privacy@synsmarts.io.

what we collect and why

Website visitors (synsmarts.ai)

Standard server logs (IP address, request path, timestamp, user agent) collected by Cloudflare for security and operational monitoring. No tracking cookies. No analytics that identify you. Logs are retained on Cloudflare's standard retention schedule.

Email correspondence

If you email us at humans@synsmarts.ai, privacy@synsmarts.io, or any other Synsmarts address, we receive your email address and message content. We use it only to respond. Email is processed by Google Workspace.

SMS messaging program (internal staff only)

Synsmarts operates a US A2P 10DLC SMS program for internal operational alerts. We collect:

• Phone number — provided during employee onboarding for the explicit purpose of receiving on-call alerts
• Name and employee identifier — to route alerts to the correct on-call recipient
• Message delivery metadata — Twilio delivery receipts, error codes, ack/escalation events

Used only for: dispatching operational alerts and tracking which staff acknowledged which incidents. Not used for marketing. Not shared with anyone outside Synsmarts and Twilio (the carrier). Retained while you are an active recipient on the on-call roster; deleted within 30 days of removal from the roster. See /tos for opt-in, opt-out (reply STOP), and help (reply HELP) details.

Platform tenants (when the platform launches)

When the Synsmarts platform launches and you create an account or become a customer, we will collect account, billing, usage, and security-log data as described in our internal GDPR-compliant privacy policy. Categories include:

• Account data: name, email, hashed password, MFA tokens, login history, API keys
• Billing data: name, email, payment-method tokens (we never store card numbers — handled by Authorize.net), invoice history, usage records
• Platform security logs: IP addresses, request metadata, error traces (PII redacted before long-term storage)
• SSH session audit logs (commands, timestamps, IPs) for tenant environments you access

Lawful basis (GDPR Art 6): contract performance for account and billing; legitimate interest for security logging; legal obligation for tax-record retention. Full per-activity detail available on request.

how long we keep it

• Active accounts and active SMS recipients: while the relationship is active
• Closed accounts: deleted within 30 days (live data within 7 days; backups expire on the standard 30-day cycle)
• Login history and security audit logs: 12 months
• Operational metrics: 90 days
• Invoice and payment records: 7 years (US tax law; WORM-protected)
• Email correspondence: while operationally needed; reviewed annually

who we share it with

We share personal data only with vendors who help us operate the service. Current sub-processors:

• Amazon Web Services — infrastructure hosting (us-east-1)
• Cloudflare — DNS, CDN, edge security, Pages hosting
• Google Workspace — email, calendar, document storage
• Twilio — SMS messaging delivery (A2P 10DLC)
• Authorize.net — payment processing (when platform launches)
• Slack — internal workspace

Sub-processor list is maintained internally; material changes to platform tenants will be notified per the Data Processing Agreement once the platform launches. We do not sell personal data. We do not share for cross-context advertising.

your rights

Depending on where you live, you have rights under GDPR (EU/UK), CCPA (California), and other privacy laws. These include the right to:

• Know what data we hold about you
• Receive a copy (data portability)
• Correct inaccurate data
• Delete your data (subject to legal retention requirements like tax records)
• Object to processing based on legitimate interest
• Withdraw consent at any time (where consent is the lawful basis)
• Lodge a complaint with your supervisory authority

To exercise any of these rights, email privacy@synsmarts.io. We will respond within 30 days.

international transfers

Synsmarts operates from the United States. If you are outside the US (in the EU/UK, for example), your data is transferred to the US under Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework where applicable. Full transfer impact assessments are available on request.

cookies

This website does not set tracking or analytics cookies. Cloudflare may set strictly-necessary cookies for security and bot mitigation. The platform dashboard (when launched) will use a session cookie for authentication and document its cookie usage at that time.

children

This service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us data, contact privacy@synsmarts.io and we will delete it.

changes to this policy

We may update this policy. The "last updated" date above reflects the most recent change. Material changes will be highlighted at the top of the page.

contact

Privacy questions: privacy@synsmarts.io
General contact: humans@synsmarts.ai

← back to synsmarts.ai