Privacy Policy

SynapticSpark ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you use the SynapticSpark platform, our website, mobile applications, integrations (including the SynapticSpark Shopify app), APIs, and related services (collectively, the "Service").

1. Information We Collect

1.1 Information you provide

• Account data: name, email address, password (hashed), company name, phone number.
• Billing data: payment details processed by our payment provider (we do not store full card numbers).
• Content you upload: posts, images, videos, prompts, brand assets, keywords, and configuration.
• Support communications: messages and metadata when you contact us.

1.2 Information from connected platforms

When you connect a third-party service (Shopify, Google Search Console, Meta, Instagram, Facebook, WhatsApp, Google Ads, TikTok Ads, Google Analytics, etc.) we receive the data you authorize, which may include:

• Shopify: store domain, blog and article data, store metadata, OAuth access token (encrypted at rest).
• Google Search Console: site properties, search queries, impressions, clicks, positions.
• Social platforms: page IDs, posts, comments, messages, public profile data of users interacting with your channels.
• Advertising platforms: campaigns, ad sets, performance metrics, audience data.

We do not collect end-customer data from your Shopify store beyond what is required to deliver the SEO publishing functionality (blogs, articles). We do not access customer personally identifiable information stored in your Shopify customer base.

1.3 Information collected automatically

• Usage data: pages visited, features used, timestamps.
• Device data: browser, OS, IP address, language.
• Cookies and similar technologies (see our Cookie Policy).

2. How We Use Information

• Provide, operate, and improve the Service.
• Generate AI content based on your prompts and connected data sources.
• Publish content to platforms you have authorized (e.g. Shopify blogs).
• Authenticate users and prevent fraud or abuse.
• Communicate transactional notices, security alerts, and product updates.
• Comply with legal obligations.

3. Legal Basis (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, our legal bases are: (i) performance of a contract; (ii) your consent (which you may withdraw); (iii) legitimate interests in operating and securing the Service; and (iv) compliance with legal obligations.

4. AI Processing

SynapticSpark uses third-party AI providers (such as OpenAI, Anthropic, Google, and others) to generate text, images, audio, and other content. Prompts and the data you choose to include are sent to these providers for inference. We use providers that contractually commit not to train their models on your data unless you opt in. We do not sell your data to AI providers or anyone else.

5. Sharing of Information

We share data only as needed and with appropriate safeguards:

• Service providers: hosting (cloud infrastructure), email delivery, analytics, payment processing, AI inference, customer support tooling.
• Connected platforms you authorize (Shopify, Google, Meta, etc.).
• Legal: when required by law, court order, or to protect rights and safety.
• Business transfers: if SynapticSpark is involved in a merger, acquisition, or asset sale.

We never sell your personal data.

6. Data Retention

We retain personal data while your account is active and for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion at any time (see Section 8).

7. Security

We use industry-standard measures: TLS encryption in transit, encryption of OAuth tokens at rest, role-based access controls, regular backups, and audit logging. No system is 100% secure, but we work to protect your data and notify you of significant incidents as required by law.

8. Your Rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA/CPRA, LGPD, and similar), you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict certain processing.
• Request a portable copy of your data.
• Withdraw consent at any time.
• Lodge a complaint with your local data protection authority.

To exercise these rights, contact us at [email protected] or visit our Data Deletion page.

9. International Transfers

Your data may be processed in countries other than your own. When we transfer data internationally, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

10. Children

The Service is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Changes

We may update this Privacy Policy from time to time. The "Last updated" date will reflect the latest revision. Material changes will be communicated by email or through the Service.

12. Contact

Questions or requests? Contact our Data Protection team at [email protected].