privacy policy
Last updated: 2026-05-06. Operated by Synthetic Smarts LLC d/b/a Synsmarts.
This is the public-facing summary of how Synsmarts handles personal data. The full GDPR-compliant policy with Article 6 lawful-basis analysis is maintained internally and available on request to privacy@synsmarts.ai.
who we are
Synthetic Smarts LLC, doing business as Synsmarts. A Wyoming limited liability company. Privacy contact: privacy@synsmarts.ai.
A Data Protection Officer and an EU Representative will be designated upon onboarding our first European customer (per GDPR Articles 27 and 37 where applicable), and their contact details will be published here at that time.
what we collect and why
website visitors (synsmarts.ai)
Standard server logs (IP address, request path, timestamp, user agent) collected by Cloudflare for security and operational monitoring. No tracking cookies. No analytics that identify you. Logs are retained on Cloudflare's standard retention schedule.
email correspondence
If you email us at humans@synsmarts.ai, privacy@synsmarts.ai, or any other Synsmarts address, we receive your email address and message content. We use it only to respond. Email is processed by Google Workspace.
sms messaging program (internal staff only)
Synsmarts operates a US A2P 10DLC SMS program for internal operational alerts. We collect:
- Phone number — provided during employee onboarding for the explicit purpose of receiving on-call alerts
- Name and employee identifier — to route alerts to the correct on-call recipient
- Message delivery metadata — Twilio delivery receipts, error codes, ack/escalation events
Used only for: dispatching operational alerts and tracking which staff acknowledged which incidents. Not used for marketing. Not shared with anyone outside Synsmarts and Twilio (the carrier). Retained while you are an active recipient on the on-call roster; deleted within 30 days of removal from the roster. See /tos for opt-in, opt-out (reply STOP), and help (reply HELP) details.
platform tenants (when the platform launches)
When the Synsmarts platform launches and you create an account or become a customer, we will collect account, billing, usage, and security-log data as described in our internal GDPR-compliant privacy policy. Categories include:
- Account data: name, email, hashed password, MFA tokens, login history, API keys
- Billing data: name, email, payment-method tokens (we never store card numbers — handled by Authorize.net), invoice history, usage records
- Platform security logs: IP addresses, request metadata, error traces (PII redacted before long-term storage)
- SSH session audit logs (commands, timestamps, IPs) for tenant environments you access
Lawful basis (GDPR Art 6): contract performance for account and billing; legitimate interest for security logging; legal obligation for tax-record retention. Full per-activity detail available on request.
how long we keep it
- Active accounts and active SMS recipients: while the relationship is active
- Closed accounts: deleted within 30 days (live data within 7 days; backups expire on the standard 30-day cycle)
- Login history and security audit logs: 12 months
- Operational metrics: 90 days
- Invoice and payment records: 7 years (US tax law; WORM-protected)
- Email correspondence: while operationally needed; reviewed annually
who we share it with
We share personal data only with vendors who help us operate the service. Current sub-processors:
- Amazon Web Services — infrastructure hosting (us-east-1)
- Cloudflare — DNS, CDN, edge security, Pages hosting
- Google Workspace — email, calendar, document storage
- Twilio — SMS messaging delivery (A2P 10DLC)
- Authorize.net — payment processing (when platform launches)
- Slack — internal workspace
Sub-processor list is maintained internally; material changes to platform tenants will be notified per the Data Processing Agreement once the platform launches. We do not sell personal data. We do not share for cross-context advertising.
your rights
Depending on where you live, you have rights under GDPR (EU/UK), CCPA (California), and other privacy laws. These include the right to:
- Know what data we hold about you
- Receive a copy (data portability)
- Correct inaccurate data
- Delete your data (subject to legal retention requirements like tax records)
- Object to processing based on legitimate interest
- Withdraw consent at any time (where consent is the lawful basis)
- Lodge a complaint with your supervisory authority
To exercise any of these rights, email privacy@synsmarts.ai. We will respond within 30 days.
international transfers
Synsmarts operates from the United States. If you are outside the US (in the EU/UK, for example), your data is transferred to the US under Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework where applicable. Full transfer impact assessments are available on request.
cookies
This website does not set tracking or analytics cookies. Cloudflare may set strictly-necessary cookies for security and bot mitigation. The platform dashboard (when launched) will use a session cookie for authentication and document its cookie usage at that time.
children
This service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us data, contact privacy@synsmarts.ai and we will delete it.
california residents
The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives California residents the rights listed in the "your rights" section above. This block is the Notice at Collection required by California law.
In the past 12 months we may have collected the following categories of personal information about California residents:
- Identifiers — name, email address, IP address, phone number (SMS recipients), account or employee identifier
- Commercial information — invoice and payment history (when the platform launches)
- Internet or network activity — interactions with the website, platform usage logs (when the platform launches)
- Geolocation data — approximate location derived from IP address, never precise GPS
- Professional or employment information — limited to staff who opt in to the SMS alert program
- Inferences — operational signals drawn from the above (e.g. incident routing and escalation patterns)
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes other than those allowed by CCPA Section 7027(m).
To exercise your CCPA/CPRA rights, email privacy@synsmarts.ai. We will verify your identity before responding to substantive requests, and we will respond within 45 days (extendable by 45 more days where permitted).
changes to this policy
We may update this policy. The "last updated" date above reflects the most recent change. Material changes will be highlighted at the top of the page.
contact
Privacy questions: privacy@synsmarts.ai
General contact: humans@synsmarts.ai