SynthosSynthosBack to home

Privacy Policy

Last updated: January 15, 2026

1. Introduction

Synthos, operated by Genovo Technologies ("we", "our", or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI Validation Platform ("Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with the practices described here, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name and email address
  • Company name and job role
  • Password (stored using bcrypt hashing; we never store plaintext passwords)
  • Email verification status

2.2 Uploaded Datasets

When you upload datasets for validation, we process:

  • Dataset files and their content (for validation processing only)
  • File metadata including name, size, format, and row count
  • Validation results, risk scores, and quality metrics
  • Generated validation reports

2.3 Usage Data

We automatically collect:

  • API call logs including endpoints accessed, timestamps, and response codes
  • Feature usage patterns and interaction metrics
  • Browser type, operating system, and device information
  • IP address and approximate geographic location
  • Referral URLs and pages visited within the Service

2.4 Billing Information

When you purchase credits, our payment processor (Paddle) collects:

  • Payment card or payment method details (processed and stored by Paddle; we do not store card numbers)
  • Billing address and tax information
  • Transaction history and invoice records

3. How We Use Information

We use the information we collect to:

  • Provide the Service: Process validation requests, generate reports, and deliver results
  • Account Management: Authenticate users, manage sessions, and process billing
  • Communications: Send transactional emails (verification, validation completion, warranty alerts) and optional marketing communications
  • Improvement: Analyze usage patterns to improve our validation algorithms, user interface, and service reliability
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance: Fulfill legal obligations and respond to lawful requests
  • Support: Respond to support tickets and provide technical assistance

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Encryption: AES-256 encryption for data at rest; TLS 1.3 for data in transit
  • Infrastructure: Hosted on Google Cloud Platform (GCP) with SOC 2 Type II compliance
  • Access Control: Role-based access controls with least-privilege principles for all internal systems
  • Monitoring: 24/7 security monitoring, intrusion detection, and automated alerting
  • Auditing: Regular security audits and penetration testing by independent third parties
  • Backups: Encrypted, geographically redundant backups with tested recovery procedures

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to implementing and maintaining reasonable safeguards.

5. Data Retention

We retain your data according to the following schedule:

  • Account Data: Retained for as long as your account is active, plus 30 days after account closure
  • Dataset Content: Automatically deleted within 30 days of validation completion. You may request immediate deletion at any time.
  • Validation Results: Retained for 2 years from completion date for your reference and warranty purposes
  • Transaction History: Retained for 7 years as required by financial regulations
  • Usage Logs: Retained for 90 days for security and debugging purposes
  • Support Tickets: Retained for 3 years from resolution date

6. Third-Party Services

We use the following third-party services to operate the platform. Each has their own privacy policy:

  • Google Cloud Platform (GCP): Infrastructure hosting, data storage, and compute services. Data may be processed in GCP regions as configured for your account.
  • Paddle.com (Merchant of Record): Processes payments, manages subscriptions, handles tax compliance and invoicing. Paddle acts as the Merchant of Record for all transactions. Paddle's privacy policy applies to payment data.
  • Resend: Transactional email delivery (verification codes, validation notifications, password resets). Receives your email address and name.

7. Cookies and Tracking

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Functional Cookies: Remember your preferences such as theme settings and notification choices.
  • Analytics Cookies: Help us understand how you use the Service to improve user experience. These can be disabled.

We do not use third-party advertising cookies or tracking pixels. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect your ability to use the Service.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a machine-readable format (JSON) for transfer to another service
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Marketing Opt-Out: Unsubscribe from marketing communications at any time via email preferences or account settings

To exercise any of these rights, contact us at privacy@synthos.dev. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States. We ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR, to protect your data in accordance with this Privacy Policy and applicable data protection laws.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

11. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "last updated" date and, for significant changes, by sending you an email notification. We encourage you to review this page periodically to stay informed about how we protect your data.

12. Contact Us

For privacy-related inquiries, data access requests, or to report a concern, please contact our Data Protection Officer: