Privacy Policy

Synapnode is an AI-powered learning platform for UK students. We are operated by Synapnode Ltd. If you have any questions about this policy, contact us at privacy@synaptiqai.co.uk.

• Account data — name, email address, hashed password, subscription plan
• Learning data — questions answered, scores, flashcards, notes, essays, topics studied
• Usage data — pages visited, features used, session length, device and browser type
• Payment data — processed via Stripe; we never store your card details
• Communications — support emails and messages you send us

• Provide and improve the platform
• Personalise your learning experience
• Send progress reports and notifications (with your consent)
• Process payments and manage your subscription
• Prevent fraud and ensure platform security
• Comply with legal obligations

Synapnode is primarily designed for students aged 16 and over. If you are under 13, you must have verifiable parental consent before creating an account. We do not serve advertisements to users under 18 and we do not share under-18 data with third parties except for the service providers listed below. Parents may request deletion of their child's data by emailing privacy@synaptiqai.co.uk. We comply with the UK Children's Code.

• Contract performance — to deliver the service you signed up for
• Legitimate interests — platform security, fraud prevention, product improvement
• Consent — marketing emails and optional analytics (you can withdraw at any time)
• Legal obligation — financial records, responding to lawful requests

We share data only with the following service providers, each bound by strict data-processing agreements:

• Supabase — database and authentication (EU/UK servers)
• Anthropic — AI responses (data used only to fulfil your request, not for training)
• Stripe — payment processing (PCI DSS compliant)
• Vercel — hosting and CDN
• Resend — transactional emails

We never sell your data.

• Active accounts — retained while your account is active
• Learning data — 3 years after your last login
• Payment records — 7 years (legal requirement)
• Deleted accounts — all data purged within 30 days

You have the right to:

• Access — request a copy of your data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Restriction — request we limit how we process your data

We respond within 30 days. You may also lodge a complaint with the ICO at ico.org.uk.

We use the following cookies:

• Essential — login session and security (cannot be disabled)
• Analytics — optional, anonymised page-visit tracking
• Preferences — your theme and accessibility settings

You can manage your cookie preferences at any time in Settings → Privacy.

We use HTTPS/TLS encryption, bcrypt password hashing, row-level database security, and conduct regular security audits. No system is 100% secure, but we take industry-standard steps to protect your data.

Your data is primarily processed in the UK and EU. Where data is transferred to the US (e.g., Anthropic), we use Standard Contractual Clauses approved by the UK ICO.

We will notify you by email and with a platform notice at least 30 days before any material changes to this policy.

For any privacy-related queries: privacy@synaptiqai.co.uk