Privacy Policy

Last updated: May 9, 2026 · Effective: May 9, 2026

This Privacy Policy describes how Syntra ("we", "us", or "our") collects, uses, and shares information about you when you use our mobile application Syntra (the "Service"). By using the Service, you agree to this policy.

Who we are: Syntra is operated by an independent developer based in the United States. For privacy questions, contact hello@syntra.app.

1. Information we collect

We collect the following categories of information when you use Syntra:

• Voice recordings. When you tap the microphone, Syntra captures audio on your device and sends it to our voice-parsing service for transcription. Audio is processed and discarded; we do not retain raw recordings beyond the parse round-trip.
• Task, event, and habit data. Items you create — titles, dates, recurrence rules, completion timestamps, soft-delete status — are stored on your device and, if you sign in, synced to our database so they survive a reinstall and roam between devices.
• Account information. If you sign in, we collect your email address (or Apple Sign-In identifier) and a hashed authentication token. We do not see or store your password if you sign in via Apple.
• Technical identifiers. When the app talks to our servers, our hosting provider records the device IP address and a coarse device identifier (Apple's IDFV — vendor-specific, not advertising-related) for security, abuse prevention, and rate limiting. These logs are kept for up to 30 days and then purged.
• Subscription / receipt data. If you purchase Syntra Pro, the App Store or Google Play sends us a receipt token confirming your subscription status. We do not see your credit card number, billing address, or any other payment details — those stay with Apple or Google.
• Diagnostic data. Anonymized crash reports and basic usage events (which screens were viewed, error rates) so we can fix bugs and improve the product. No personally identifying content is included.

We do not use the App Tracking Transparency framework, do not track you across other apps or websites, and show no third-party advertising in Syntra.

2. Third parties we share with

Syntra relies on a small set of vendors to deliver the Service:

• Google (Gemini API). Voice recordings and the immediate parse context (your existing item titles and IDs, so the AI can reference them) are sent to Google's Gemini API to convert speech to structured commands. Google's data handling is governed by their Privacy Policy.
• Apple (Speech framework). While the microphone is open, Syntra uses Apple's on-device speech recognition framework to render a live transcript on screen. On supported devices and languages this happens entirely on-device; for unsupported locales iOS may briefly send audio to Apple's servers. Syntra never receives or stores this transcript independently — it is purely a UI element.
• Supabase. If you sign in, your tasks, events, and habits are stored in our Supabase database for sync. Supabase processes this data on our behalf as a sub-processor under a Data Processing Agreement.
• Apple / Google. Subscription billing, push notifications, and crash analytics are handled by Apple (App Store / iOS) and Google (Google Play / Android) per their published privacy practices.

We do not sell or rent your personal information, and we do not share it for cross-context behavioral advertising.

3. How we use your information

• To run the voice-to-task pipeline that is the core feature of Syntra.
• To sync your data across devices when you're signed in.
• To deliver notifications you've configured (reminders, habit nudges).
• To prevent abuse (rate limiting, fraud detection).
• To diagnose crashes and improve the app over time.
• To process subscription billing and entitlement validation.

4. Legal basis for processing (EU / UK users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases under Article 6 of the GDPR (and the UK GDPR):

• Performance of a contract (Art. 6(1)(b)) — to deliver the Service you've signed up for: voice parsing, sync, notifications, subscription entitlement.
• Legitimate interests (Art. 6(1)(f)) — for diagnostic data, security and abuse prevention, and for improving the product. We have weighed these interests against your rights and consider them not overridden.
• Consent (Art. 6(1)(a)) — when you explicitly grant microphone permission, speech-recognition permission, notification permission, or sign-in. You can withdraw consent at any time from device Settings or by deleting the app.
• Legal obligation (Art. 6(1)(c)) — to comply with applicable law, including responses to lawful requests from authorities.

5. International data transfers

Syntra operates globally. Information we collect may be transferred to, stored, and processed in the United States or other countries where our service providers (Google, Supabase, Apple, etc.) operate. These countries may have data-protection laws that differ from those in your country.

For transfers from the EEA, UK, or Switzerland to countries the European Commission has not deemed to provide adequate protection, we rely on the European Commission's Standard Contractual Clauses (2021/914) and any additional safeguards required by applicable law. Where a sub-processor participates in the EU-U.S. Data Privacy Framework, we may also rely on that framework. Copies of the relevant SCCs are available on request.

6. Data retention

If you sign in, your task and habit data is retained until you delete it (deleted items are soft-deleted for 30 days, then permanently purged) or until you delete your account. Voice recordings are not retained — they are processed by Google and discarded as part of the parse request. Server access logs (IP, IDFV) are retained for up to 30 days and then deleted on a rolling basis.

If you use Syntra without signing in, all data lives only on your device. Uninstalling the app deletes everything we ever held about you.

7. Your rights

You have the following rights, regardless of where you live:

• Access. Get a copy of the personal data we hold about you.
• Correction. Correct inaccurate data.
• Deletion. Delete individual items from inside the app, or delete your entire account from Settings → Account → Delete Account. You can also email hello@syntra.app to request deletion; we will action the request within 30 days.
• Data portability. Export your data in a machine-readable format (JSON) from Settings → Privacy & Data → Export.
• Restriction. Ask us to restrict how we process your data.
• Objection. Object to processing based on legitimate interests.

EU / UK / Swiss residents (GDPR): you also have the right to lodge a complaint with your local data-protection authority.

California residents (CCPA / CPRA): you have the right to know what categories and specific pieces of personal information we collect, the right to delete personal information we have collected (subject to lawful exceptions), the right to correct inaccurate information, the right to opt out of the "sale" or "sharing" of personal information (we don't sell or share for advertising), and the right not to be discriminated against for exercising these rights.

To exercise any right, email hello@syntra.app from the address associated with your account, or use the in-app controls referenced above.

8. Children

Syntra is not directed to children under 13 (or 16 in the EU/UK), and we do not knowingly collect personal information from anyone under those ages. If you believe a child has provided us with personal information, contact us and we will delete it.

9. Security

We use TLS for all network traffic, encrypted storage at rest with our database provider, principle-of-least-privilege access controls on engineering tooling, and minimize the data we hold so that any incident remains contained. No system is perfectly secure; we'll notify affected users and the relevant authorities of any breach involving personal data within 72 hours of discovery, as required by law.

10. Do Not Track signals

Syntra does not respond to web "Do Not Track" signals because Syntra is a mobile app, not a website. We do not engage in the kind of cross-site tracking these signals were designed to prevent.

11. Changes to this policy

We will update this policy as the Service evolves. Material changes will be announced in-app and via email if you have an account. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

Privacy questions, requests, or complaints? Email hello@syntra.app. We aim to respond within 7 business days; GDPR / CCPA requests within 30 days as required by law.