Legal
Privacy Policy
Last Updated: February 4, 2026
This Privacy Policy describes how SynthWeave LLC ("SynthWeave," "we," "us," or "our") collects, uses, and shares information when you use our AI workflow design platform and related services (the "Service").
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address — Used for authentication, account recovery, and notifications
- Username — Your chosen display name
- Profile photo (optional) — If you choose to upload one
- Organization membership — Which workspaces you belong to and your role
1.2 Content You Create
When you use SynthWeave, we store:
- Snips — Text content, notes, and documents you create
- Chat conversations — Messages exchanged with AI assistants
- Files and attachments — Documents, images, and files you upload
- AI-generated artifacts — Content produced by AI features on your behalf
- Collaborative edits — Real-time changes made during collaborative sessions
1.3 Usage and Activity Data
We automatically collect:
- Activity logs — Content creation, edits, and interactions within the platform
- Session information — Login times, feature usage, and navigation patterns
- Technical telemetry — Performance metrics and error logs (for debugging and reliability)
1.4 Technical Information
We collect technical data including:
- Device and browser information
- IP address
- Authentication tokens (JWT-based)
2. How We Use Your Information
We use the information we collect to:
- Provide the Service — Enable content creation, collaboration, and AI-powered features
- Authenticate you — Verify your identity and manage access to your workspaces
- Process AI requests — Send your prompts and context to AI providers to generate responses
- Send notifications — Deliver email notifications about your account and activity
- Improve the Service — Debug issues, monitor performance, and enhance features
- Ensure security — Detect and prevent fraud, abuse, and unauthorized access
3. Google APIs and Google Drive Data
Google API Services User Data Policy Compliance
When you connect your Google account to SynthWeave, we access certain Google user data to provide our services. SynthWeave's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
What Google Data We Access
| Scope |
Data Accessed |
Purpose |
Storage |
openid, email, profile |
Email address, name, Google user ID |
Authenticate your account and enable sign-in |
Stored while your account is active |
drive.file |
File metadata and content for files you explicitly select |
Import, analyze, summarize, or process documents at your direction |
Only files you choose to import; content stored until you delete |
How We Use Google Drive Data
- File metadata — Used to display file names, types, and modification dates when you browse/select files to import
- File content — Accessed only when you explicitly select a file for import or AI processing. We read the content to import it into SynthWeave, create searchable text, or process it with AI features
How Google Drive Data is Shared
If you request AI analysis of a Google Drive file, the file content (or extracted text) may be sent to our AI processing providers (such as OpenAI or LlamaCloud) solely to fulfill your request. We send only the portions necessary for processing.
Limited Use Disclosure
We commit to the following regarding Google user data:
- No advertising — We do not use Google user data for advertising, profiling, or tracking
- No sale of data — We do not sell Google user data to third parties
- No AI training — We do not use Google user data to train generalized AI models
- User-directed only — We only use Google user data to provide user-facing features you explicitly request
Data Retention for Google Data
- Imported files — Retained until you delete them from SynthWeave
- Transient processing — If content is processed without saving (e.g., temporary AI analysis), it is deleted within 24 hours
- After disconnection — If you disconnect Google Drive, we retain previously imported content but no longer access your Drive
- Account deletion — Google Drive-derived content is deleted within 30 days, with backups expiring within 90 days
How to Revoke Access
4. Third-Party Services and Data Sharing
4.1 AI Service Providers
To power AI features, we share relevant content with:
| Provider |
Purpose |
Data Shared |
| OpenAI |
Text generation, embeddings |
Prompts, context, and content for processing |
| Google (Gemini) |
Image generation |
Prompts and reference content |
| LlamaCloud |
Document parsing |
Uploaded documents for conversion to text |
Note: Content sent to AI providers is processed according to their respective privacy policies. We use these services via API, not for model training purposes.
4.2 Infrastructure & Authentication
| Provider |
Purpose |
Data Shared |
| Auth0 |
Authentication & identity |
Email, user ID, organization membership |
| AWS S3 |
File storage |
Uploaded files and attachments |
| AWS SES |
Email notifications |
Email address, notification content |
4.3 No Sale of Personal Data
We do not sell your personal information to third parties.
5. Data Storage and Security
5.1 Where We Store Data
- Primary database: PostgreSQL (hosted infrastructure)
- File storage: AWS S3
- Cache: Redis for session and real-time data
- Vector database: Qdrant for semantic search (embeddings only, not raw content)
5.2 Security Measures
We implement industry-standard security practices:
- Encryption in transit — All data transmitted via HTTPS/TLS
- JWT authentication — Secure, signed tokens for API access
- Role-based access control (RBAC) — Granular permissions
- Secure credential storage — API keys and secrets are never logged or exposed
5.3 Staff Access
SynthWeave staff may access user content only under limited circumstances:
- When you request support and grant us permission
- To investigate suspected abuse or violations of our Terms
- As required by law
All staff access is logged and subject to internal access controls.
6. Data Retention
- Account data — Retained while your account is active
- Content (Snips, chats, files) — Retained until you delete them or close your account
- Activity logs — Retained for up to 12 months for operational and debugging purposes
- AI conversation history — Retained per your organization's settings
- After account deletion — Content is deleted within 30 days; backups expire within 90 days
You may delete your content at any time through the application.
7. Your Rights and Choices
Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Correct inaccurate information
- Delete your account and associated data
- Export your content
- Opt out of non-essential communications
To exercise these rights, contact us at privacy@synthweave.ai.
8. Cookies and Local Storage
We use:
- Authentication cookies/tokens — To keep you logged in
- Local storage — For application state and preferences
We do not use third-party advertising or tracking cookies.
9. Children's Privacy
SynthWeave is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.
10. International Data Transfers
Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers in compliance with applicable law.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new "Last Updated" date and, for significant changes, sending notice to your registered email address.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
Email: privacy@synthweave.ai