SYNPHORIA

Legal

Privacy Policy

This policy explains how SYNPHORIAAI sp. z o.o. collects, uses, and protects personal data when you use Synphoria websites, applications, and related services.

Last updated: 18 February 2026

1. Who we are

SYNPHORIAAI sp. z o.o. (ul. Migowska 54D/4, 80-287 Gdansk, Poland; KRS 0001167839; NIP 9571187114; REGON 541473225) is the data controller for most processing described in this policy.

2. Contact

Privacy contact: contact@synphoria.app. Security and safeguarding contact: security@synphoria.app. Postal address: SYNPHORIAAI sp. z o.o., ul. Migowska 54D/4, 80-287 Gdansk, Poland.

3. What this policy covers

This policy applies to Synphoria websites, applications, and related services. It should be read together with the Terms of Service, Cookie Policy, Safeguarding Policy, and Data Safety & Security Statement.

4. Personal data we collect

  • Account data: email, hashed password, and optional profile details.
  • User content: prompts, messages, and support submissions.
  • Optional safeguarding contact information and optional location signals (if enabled).
  • Usage, device, and log data needed for reliability and abuse prevention.
  • Inferred emotional-state indicators for support continuity and safeguarding.

5. Legal bases

Depending on context, we rely on contract performance, consent (including explicit consent where required), legitimate interests, legal obligations, and vital interests.

6. Emotional monitoring and safeguarding

Synphoria may analyse emotional tone and short context windows to personalize support and detect potential safeguarding risks. Exceptional human review is limited to high-risk cases.

7. Data sharing

We do not sell personal data. We share data only with vetted processors, model providers, payment services, professional advisors, and authorities when legally required or necessary to protect vital interests.

8. International transfers

Where data is processed outside the EEA, we apply safeguards such as Standard Contractual Clauses and supplementary controls where required.

9. Retention

Data is retained only as long as necessary for service delivery, security, legal compliance, and safeguarding accountability. Users can request deletion where applicable.

10. Security measures

  • Encryption in transit and at rest.
  • Role-based least-privilege access controls.
  • Audit logging for sensitive operations.
  • Secure development lifecycle and vulnerability management.

11. Your rights

You may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent, subject to applicable law.

12. Children

Synphoria is not intended for children under 16 and we do not knowingly collect personal data from children under this age.

13. Automated processing

Automated analysis supports response personalization and safeguarding indicators and is not intended to produce legal effects.

14. Policy updates

We may update this policy to reflect legal, operational, or technical changes. Material updates will be published with a revised date.

Contact: contact@synphoria.app | security@synphoria.app