Privacy Policy

Last updated: 2026-03-15

This document is a draft and is subject to legal review before launch.

This Privacy Policy explains how syncrea GmbH, 8050 Zurich, Switzerland ("we," "us," "our") collects, uses, and protects your personal data when you use syndicAI. We are committed to protecting your privacy and handling your data transparently.

1. Data We Collect

Account Information

When you create a syndicAI account, we collect:

  • Email address
  • Name (as provided during registration)
  • Authentication credentials (managed by our authentication provider)

Payment Information

When you subscribe to a plan, our payment processor collects:

  • Credit/debit card details (we do not store card numbers directly)
  • Billing address
  • Transaction history

Usage Metrics

We collect aggregate usage data from your Squad Server:

  • Token counts (total tokens processed per session)
  • Request counts and timestamps
  • Server uptime and status events
  • Error rates and types (not error content)

These metrics are aggregate numbers only — they tell us how much your squad uses the service, not what you use it for.

2. Data We Explicitly Do Not Collect

This is the most important section of our privacy policy.

syndicAI does not collect, store, process, or have access to:

  • Your code — source code you send to or receive from your Squad Server
  • Your prompts — the instructions and questions you send to the AI model
  • Your model outputs — the code, text, and responses generated by the AI model
  • Your conversation history — the sequence of messages in your coding sessions

This is not a policy choice — it's an architectural guarantee. syndicAI uses a satellite-first architecture where the inference engine and proxy run on the GPU node itself. Token data (prompts, completions, code context) is processed entirely on the GPU instance and never transmitted to syndicAI's central systems.

Our control plane handles management operations only: account CRUD, billing, server lifecycle, and aggregate usage metrics. Zero token data flows through our central infrastructure.

3. How We Use Your Data

We use the data we collect for:

  • Account management: Creating and maintaining your account, authenticating your identity
  • Billing: Processing payments, managing subscriptions, splitting costs among squad members
  • Service operation: Provisioning GPU instances, monitoring server health, managing lifecycle events
  • Service improvement: Understanding usage patterns (at an aggregate level) to improve performance, reliability, and features
  • Communication: Sending transactional emails (billing receipts, service alerts), and occasional product updates (which you can opt out of)

We do not sell your personal data to third parties. We do not use your data for advertising.

4. Third-Party Services

syndicAI relies on the following third-party services:

Authentication Provider (Clerk)

We use Clerk for user authentication and session management. Clerk processes your email address and authentication credentials. See Clerk's Privacy Policy for details.

Payment Processor (Stripe)

We use Stripe for payment processing. Stripe handles your payment card details directly — we never see or store your full card number. See Stripe's Privacy Policy for details.

Hosting (Cloudflare)

Our marketing website and API are hosted on Cloudflare's infrastructure. Cloudflare may process request metadata (IP addresses, request headers) as part of its CDN and security services. See Cloudflare's Privacy Policy for details.

GPU Infrastructure Providers

We provision GPU instances from infrastructure providers to run your Squad Servers. These providers host the physical hardware but do not have access to the application layer (your model, prompts, or outputs). The satellite architecture ensures token data stays within the application container on the GPU node.

5. Data Retention

  • Account data: Retained for the lifetime of your account, plus any period required by law after deletion
  • Billing records: Retained for 10 years as required by Swiss accounting law
  • Usage metrics: Retained for 12 months for operational purposes, then aggregated and anonymized
  • Token data: Not retained by syndicAI (processed and stored only on the GPU node during active sessions; deleted when the server is deprovisioned)

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • TLS encryption for all data in transit
  • API key authentication for Squad Server access
  • Encrypted storage for sensitive account data
  • Access controls limiting employee access to personal data
  • Regular security reviews of our infrastructure

7. Your Rights

Under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your personal data for certain purposes
  • Withdrawal of consent: Withdraw consent for data processing where consent is the legal basis

To exercise any of these rights, contact us at privacy@syndicai.dev or through the dashboard.

We will respond to your request within 30 days. We may ask for verification of your identity before processing your request.

8. International Data Transfers

Your account data may be processed by our third-party providers (Clerk, Stripe, Cloudflare) in jurisdictions outside Switzerland and the EU. These providers maintain appropriate data protection safeguards (Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms).

GPU instances hosting your Squad Server may be located in various regions depending on hardware availability. The satellite architecture ensures that token data stays on the GPU node regardless of its physical location.

9. Children's Privacy

syndicAI is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or dashboard notification at least 30 days before taking effect.

11. Contact

syncrea GmbH 8050 Zurich, Switzerland

For privacy-related questions or to exercise your data rights, contact us at privacy@syndicai.dev.

For general inquiries, contact us through the dashboard or at hello@syndicai.dev.