Legal

Privacy Policy

Last updated: May 27, 2026 · Effective immediately

    Synapse is built local-first. Your notes and books live on your device by default - nothing leaves without your action. This policy explains what we collect when you create an account or use optional cloud features.
  

What we collect

We collect the minimum necessary to provide the service:

Account information - your email address and display name when you sign up. Stored by Firebase Authentication.
Your library and notes - books, notes, note links, and graph layout positions you create. Stored locally on your device (Hive). Copied to our cloud database only when you use cloud sync.
Note content for AI features - when you use Suggested Connections, your note titles and content are sent to Google's Gemini API to find semantic connections. When you use Discover, the title and creator of a selected source are sent. Neither is stored permanently by us beyond your cloud sync data.
Usage metadata - Firebase Auth may log sign-in events and device identifiers as part of its standard operation. We do not add additional analytics or tracking.

We do not collect payment information, precise location, contacts, camera data, or any other sensitive categories.

How we use your data

To authenticate you and keep your account secure
To back up and sync your knowledge graph across devices (when cloud sync is enabled)
To generate AI-powered link suggestions and source recommendations via Gemini
To restore your graph layout positions on a new or reinstalled device

We do not use your data for advertising, profiling, or sale to third parties - ever.

Third-party services

Synapse uses the following third-party services. Each has its own privacy policy:

Authentication

Firebase Authentication - Google LLC

Handles email/password login and Google Sign-In. Stores your email address and a unique user ID on Google's servers. Firebase Privacy Policy ↗

Cloud sync & storage

Railway - Railway Corp.

Hosts our Fastify API server and PostgreSQL database. Your synced books, notes, note links, and graph layout are stored in Railway's infrastructure in the United States. Railway Privacy Policy ↗

AI features

Gemini API - Google LLC

Powers Suggested Connections and Discover. Note content and source titles are sent to Gemini to generate results. Requests are made server-side through our API; your data is subject to Google's API terms. Gemini API Terms ↗

Data storage and retention

Local data (Hive database on your device) is fully under your control - it persists until you delete the app or clear its data.

Cloud-synced data is retained on our servers until you delete your account. Account deletion permanently removes your data from our database within 30 days. See our Account Deletion page for exact steps.

Firebase Auth data is governed by Google's retention policies upon account deletion request.

Your rights

Depending on where you live, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and associated data
Export your knowledge graph (available in-app via JSON export)
Withdraw consent for cloud sync (disable in Settings - your local data is unaffected)

To exercise any of these rights, email us at imismaelhdz@gmail.com. We will respond within 30 days.

Children's privacy

Synapse is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from minors. If you believe a child has provided us personal information, contact us and we will delete it promptly.

Changes to this policy

We may update this policy as the app evolves. Material changes will be communicated via email or an in-app notice. The "Last updated" date at the top of this page always reflects the current version.

Contact

Questions about this policy? Reach us at imismaelhdz@gmail.com. We're a small team and aim to reply within a few business days.