Synopsio
sign inget started

Privacy Policy

Last updated: June 2026

1. Who we are

This Privacy Policy is provided by Che Liu ("we", "us", "our"), the data controller for the Synopsio service. Synopsio is a knowledge network and team collaboration platform. If you have questions about this policy, please contact us at support@synopsio.space.

2. Personal data we collect

We collect the following categories of personal data:

  • Identity and contact data: name, email address, display name.
  • Account and authentication data: login credentials, session tokens, and authentication provider identifiers.
  • Service usage data: workspace content you create (documents, nodes, decisions, comments), interaction history, and feature usage.
  • Support data: messages and correspondence when you contact support.
  • Device and technical data: IP address, browser type, device identifiers, and cookies (see section 9).

3. How we use your data

We process personal data for the following purposes and legal bases:

  • To provide the service — account creation, workspace hosting, document storage, and real-time collaboration (legal basis: contract performance).
  • To ensure security and prevent fraud — authentication, access controls, abuse detection (legal basis: legitimate interests and legal obligation).
  • To improve the product — aggregated analytics and error monitoring (legal basis: legitimate interests, with opt-out where required).
  • To communicate with you — service updates, billing notifications, and support responses (legal basis: contract performance and legitimate interests).
  • Marketing — only with your explicit consent, which you can withdraw at any time.

4. Data sharing and recipients

We share personal data only with the following categories of recipients:

  • Service providers: hosting infrastructure (cloud providers), analytics providers, and customer support tooling.
  • Merchant of Record (Paddle): Paddle.com acts as our Merchant of Record for subscription billing, payment processing, tax compliance, and invoicing. Paddle receives payment-related data necessary to complete transactions and manage subscriptions. Their privacy practices are governed by their own policies.
  • Professional advisers: legal and accounting professionals, bound by confidentiality.
  • Authorities: where required by applicable law or to protect our legal rights.

We do not sell personal data to third parties.

5. Data retention

We retain personal data for as long as your account is active, or as needed to provide the service and comply with legal obligations. When you delete your account or request erasure, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (e.g., tax records). Workspace content may be retained in backups for a limited period before permanent deletion.

6. Your rights

Depending on your location, you have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request deletion of your data.
  • Restriction: request limitation of processing in certain circumstances.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: withdraw consent at any time for consent-based processing.

To exercise these rights, contact us at support@synopsio.space. We will respond within one month. You also have the right to lodge a complaint with your local data protection supervisory authority.

7. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/SSL), encryption at rest, access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.

8. International transfers

Your data may be processed and stored in jurisdictions outside your country of residence, including the United States and the European Economic Area. Where data is transferred outside the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions to ensure an adequate level of protection.

9. Cookies

We use cookies and similar technologies to operate the service (essential cookies), analyse usage (analytics cookies), and support authentication. You can manage cookie preferences through your browser settings. Essential cookies cannot be disabled as they are necessary for the service to function.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the service. Continued use of the service after changes constitutes acceptance of the updated policy.