Privacy Policy

We use the information we collect to:

• Authenticate your identity and provide access to the Service
• Manage your account and maintain platform security
• Process payments and manage subscriptions
• Communicate with you about your account, updates, or support requests
• Improve and develop our products and services
• Measure advertising effectiveness and attribute conversions
• Comply with legal obligations

We support authentication via Google OAuth 2.0 and GitHub OAuth. When you sign in with either provider, we do not receive or store your password for that service. The information we receive is limited to what you authorize during sign-in (typically your name, email address, and profile photo). We do not access your Google Drive, Gmail, GitHub repositories, or any other services beyond authentication.

Symage does not sell your personal information to third parties. The synthetic and tabular datasets provided through our Service are generated data products and do not contain or derive from your personal information.

We do not sell your personal information. We share data with third parties only in the following circumstances:

• AWS (Amazon Web Services): Cloud hosting and infrastructure for the Service
• Stripe: Payment processing and subscription management
• Mailchimp: Email marketing and drip campaigns for registered users
• Google Analytics: Website usage analytics and conversion tracking
• Meta (Facebook): Advertising attribution via the Meta Pixel and Conversions API
• When required by law, regulation, or valid legal process
• To protect the rights, property, or safety of Symage, our users, or the public

We may share data with Meta and Google for advertising attribution purposes, including hashed email addresses and conversion events, to measure the effectiveness of our advertising campaigns.

We retain your information according to the following schedule:

• Account data: Retained while your account is active
• Billing records: 7 years after the transaction (required for tax and legal compliance)
• Email logs: 90 days
• Analytics data: 26 months

You may delete your account at any time through your Account Settings page. Account deletion will remove your personal data, cancel active subscriptions, and anonymize your record. Certain billing records may be retained as required by law.

We implement industry-standard security measures to protect your information, including encrypted connections (HTTPS) and access controls. However, no system is completely secure, and we cannot guarantee absolute security.

Depending on your jurisdiction, you may have specific rights regarding your personal data. Please see the GDPR and CCPA sections below for details. You can exercise your right to deletion directly via self-service account deletion in your Account Settings. For other requests, please contact us at support@symagedocs.ai.

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to access (Art. 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You may request correction of inaccurate personal data.
• Right to erasure (Art. 17): You may request deletion of your personal data. This is now available via self-service account deletion in your Account Settings.
• Right to data portability (Art. 20): You may request your personal data in a structured, machine-readable format.
• Right to object (Art. 21): You may object to processing of your personal data for certain purposes.

Our lawful basis for processing your data includes consent (Art. 6(1)(a)) for optional features such as marketing emails, and legitimate interest (Art. 6(1)(f)) for core service operation, security, and fraud prevention.

We will respond to data subject access requests (DSARs) within 30 days of receipt. To exercise any of these rights, contact us at support@symagedocs.ai.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: You may request information about the categories and specific pieces of personal information we have collected about you.
• Right to delete: You may request deletion of your personal information. You can do this directly via the self-service account deletion feature in your Account Settings.
• Right to opt-out of sale: We do not sell your personal information to third parties.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

We use cookies and similar tracking technologies for the following purposes:

• Essential cookies: NextAuth session cookies required for authentication and security. These cannot be disabled.
• Analytics: Google Analytics (GA4) to understand how visitors use the Service and improve the user experience.
• Advertising: Meta Pixel to measure the effectiveness of our advertising campaigns on Facebook and Instagram.
• Payment: Stripe cookies for secure payment processing and fraud prevention.

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the revised policy.

This Privacy Policy is governed by the laws of the Commonwealth of Massachusetts, without regard to conflict of law principles.

If you have any questions about this Privacy Policy, please contact us at: