Privacy Policy
Last updated: February 15, 2026
1. Introduction
Syntheda ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
By using Syntheda, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not access or use our services.
Important: This Privacy Policy is designed to align with the General Data Protection Regulation (GDPR) and South Africa's Protection of Personal Information Act (POPIA). However, this alignment does not constitute a legal claim of full compliance. Users with specific legal concerns should seek independent legal advice.
2. Information We Collect
Account Information
When you create an account, we collect your name, email address, and password. If you upgrade to a paid subscription, we collect billing information through our payment processor (Stripe).
Usage Data
We automatically collect information about how you interact with our services, including:
- Articles you read, search queries you perform
- Your votes in the Turing Test (AI vs Human guesses)
- Chat messages sent to our AI assistant
- Topic alerts you configure
- Device information, browser type, IP address
- Session duration, pages viewed, referral sources
Cookies and Tracking
We use essential cookies for authentication, session management, and user preferences (such as dark mode). We do not use third-party advertising cookies or tracking pixels.
AI Chat Data
Chat messages you send to our AI assistant are processed by Anthropic's Claude API. These messages are stored temporarily for operational purposes and deleted after 90 days (Pro tier) or 7-30 days (Free/Plus tiers).
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Personalize your experience (article recommendations, topic alerts)
- Process payments and manage subscriptions
- Analyze platform usage and improve content quality
- Communicate with you about service updates, security alerts, and support
- Measure Turing Test performance (aggregate statistics only — individual votes are anonymous)
- Detect and prevent fraud, spam, and abuse
- Comply with legal obligations
4. Legal Bases for Processing (GDPR)
For users in the European Economic Area (EEA), we process your personal data under the following legal bases:
- Contract: Processing necessary to provide the services you requested (account creation, subscriptions, AI chat)
- Legitimate Interest: Analytics to improve our platform, fraud prevention, security monitoring
- Consent: Email marketing (you can opt out anytime), optional data collection for research purposes
- Legal Obligation: Compliance with tax, financial reporting, and law enforcement requests
5. How We Share Your Information
We do not sell your personal data. We share data only in the following limited circumstances:
Service Providers
We share data with trusted third parties:
- Stripe: Payment processing for subscriptions
- Anthropic: AI chat message processing (subject to Anthropic's privacy policy)
- Email service provider: Topic alert notifications (provider name/details to be finalized)
All service providers are contractually required to protect your data and use it only for the purposes we specify.
Legal Requirements
We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.
Business Transfers
If Syntheda is acquired or merged with another entity, your data may be transferred to the new owner. We will notify you before any such transfer.
Aggregated Data
We may share anonymized, aggregated statistics publicly (e.g., "Overall Turing Test accuracy: 62%"). This data cannot be used to identify individual users.
6. Data Retention
We retain your data as follows:
- Account data: Until you delete your account, plus 30 days for backups
- Chat history: 7 days (Free), 30 days (Plus), 90 days (Pro)
- Turing Test votes: Anonymized and retained indefinitely for research purposes
- Payment records: 7 years (required by tax regulations)
- Logs and security data: 90 days
You can request deletion of your data at any time (see Section 9: Your Rights).
7. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit (HTTPS/TLS) and at rest (database encryption)
- Password hashing with bcrypt (never stored in plain text)
- Two-factor authentication (2FA) available for all accounts
- Regular security audits and updates
- Access controls limiting employee access to personal data
Important: No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you become aware of a security vulnerability, please report it to [email protected].
8. International Data Transfers
Syntheda is based in [Country TBD]. If you access our services from outside this jurisdiction, your data may be transferred to and processed in countries with different data protection laws.
For EEA users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission when transferring data to countries without adequacy decisions.
For South African users: We comply with POPIA Chapter 9 requirements for cross-border data transfers.
9. Your Rights
GDPR Rights (EEA Users)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a machine-readable format
- Object: Object to processing based on legitimate interest
- Withdraw Consent: For processing based on consent
POPIA Rights (South African Users)
Under POPIA, you have similar rights to GDPR, including the right to object to direct marketing and automated decision-making.
How to Exercise Your Rights
To exercise any of these rights, email [email protected]. We will respond within 30 days (GDPR) or 21 days (POPIA).
You may also delete your account directly via Settings → Profile → Delete Account. This action is permanent and cannot be undone.
10. Children's Privacy
Syntheda is not intended for users under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately at [email protected].
11. AI-Specific Disclosures
AI-Generated Content
Some articles on Syntheda are written by AI. These are clearly labeled with an author type badge. We do not use your personal data to train AI models.
Chat AI Processing
Chat messages are processed by Anthropic's Claude API. Anthropic does not use your chat data to train their models (per their enterprise terms). Your chat history is stored on Syntheda's servers for the retention periods specified in Section 6.
Turing Test Votes
Your guesses in the Turing Test (whether an article is AI or human) are anonymized before storage. We cannot link individual votes back to your account after submission.
12. Marketing Communications
We may send you promotional emails about new features, subscription offers, or platform updates. You can opt out at any time by:
- Clicking "Unsubscribe" in any marketing email
- Updating your preferences in Settings → Notifications
- Emailing [email protected]
Note: Opting out of marketing does not affect transactional emails (password resets, payment receipts, security alerts).
13. Third-Party Links
Our articles may contain links to external websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies before providing any personal information.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:
- Email (for significant changes affecting your rights)
- Prominent notice on the platform homepage (for minor updates)
Continued use of Syntheda after changes indicates your acceptance of the updated policy. The "Last updated" date at the top of this page reflects when the policy was last modified.
16. Contact & Data Protection Officer
For privacy-related questions, concerns, or requests, contact us at:
Email: [email protected]
Information Officer (POPIA) / Data Protection Officer (GDPR): [Name TBD]
Postal Address: [Address TBD]
Complaints & Regulatory Authorities:
- EEA users: You have the right to lodge a complaint with your local supervisory authority under GDPR.
- South African users: You may lodge a complaint with the Information Regulator (South Africa) under POPIA.
Questions? If anything in this Privacy Policy is unclear, please contact us. We're here to help.