← Back to Syncademia

Privacy Policy

Last updated: July 1, 2026 · Version 1.2

1. Who we are

Syncademia AI Inc. is an Ontario corporation operating Syncademia AI, a student productivity platform with AI-powered study tools.

Contact: syncademiaai@gmail.com

Mailing address: [TODO: Add physical address]

2. What data we collect

Account data

  • Full name, email address, password (hashed — never stored in plain text)
  • University, program, year of study (optional)
  • Profile picture (optional)
  • Timezone preference

Usage data

  • Pages visited, features used, time spent
  • Clicks, search queries, navigation patterns
  • Device type, browser, operating system
  • IP address (security and fraud prevention)

Academic data (provided by you)

  • Course names and codes, syllabus files, documents, assignments, due dates, grades
  • Notes, study materials, and flashcard content

AI interaction data

  • Messages to Syncy, AI responses, documents sent for AI processing
  • Quest questions and answers, flashcard generation requests

Payment data

  • Subscription tier and status, billing email via Stripe
  • Last four digits of card (held by Stripe, not by us)
  • We never store full card numbers

Wellness data (optional)

  • Mood check-ins, stress self-assessments, wellness quiz responses

3. How we use your data

  • Provide and improve the Syncademia platform
  • Personalize Syncy with your academic context
  • Generate flashcards, study plans, and Quest content from your materials
  • Send account emails (password reset, billing receipts)
  • Enforce our Terms of Service and prevent abuse
  • Analyze aggregate usage to improve features
  • Comply with legal obligations

4. AI provider disclosure

Important: Syncademia uses artificial intelligence extensively. AI outputs may be inaccurate. Do not rely on Syncy for medical, legal, financial, or professional advice.

AI providers we use

Sent to AI providers

  • Messages to Syncy, uploaded document content for AI processing
  • Course and task context used to personalize responses
  • Flashcard and Quest generation requests

Not sent to AI providers

  • Your password, payment information, or other users' data

We use OpenAI's API under terms that restrict use of API data for training their public models. See OpenAI's current enterprise/API data processing terms for details.

5. Third-party services

ServicePurposeData shared
SupabaseDatabase, auth, storageAccount and app data
StripePaymentsEmail, subscription status
OpenAI / GeminiAI featuresMessages, documents, context
VercelHostingIP addresses, request logs
SentryError monitoringError data, stack traces

We do not use PostHog or advertising analytics SDKs.

6. Data retention

  • Account data: while your account is active
  • Usage logs: up to 90 days
  • AI conversation history: until you delete it or delete your account
  • Wellness check-ins: until you delete them or delete your account
  • Payment records: 7 years (legal requirement)
  • Deleted accounts: anonymized within 30 days of deletion request

7. Your rights

All users

  • Access, correct, delete your data, and withdraw optional consents
  • Export: contact syncademiaai@gmail.com or use Settings → Delete/Export where available

Canadian users (PIPEDA / Quebec Law 25)

  • Right to access, correction, and withdrawal of consent
  • Quebec residents may have additional rights including de-indexing

EU/UK users (GDPR)

  • Access, rectification, erasure, portability, objection, and restrictions on automated decision-making

California users (CCPA/CPRA)

  • Right to know, delete, and non-discrimination. We do not sell personal information.

8. Children's privacy

Syncademia is intended for university students (typically 18+). We do not knowingly collect data from children under 13. Contact syncademiaai@gmail.com if you believe a child created an account and we will delete it.

9. Security

  • Passwords hashed with industry-standard algorithms
  • Data encrypted in transit (TLS 1.2+)
  • Database access restricted by row-level security
  • API keys stored as environment variables, not in source code
  • We will notify affected users within 72 hours of discovering a material security breach

10. Contact

Privacy questions, access requests, or deletion: syncademiaai@gmail.com

We aim to respond within 30 days.

Questions? Contact syncademiaai@gmail.com. We aim to respond within 30 days.