Privacy Policy

Effective Date: February 7th, 2025 · Synaply Inc.

Synaply Inc. ("we," "our," or "us") values your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, share, and protect your data when you use our services, including our SaaS platform. By using our Services, you agree to the terms of this Privacy Policy.

Section 01 — Information We Collect

We collect the following types of personal data:

• Contact Information: Including emails and names.
• Account Information: Including passwords and company organization chart data (such as who reports to whom).
• Payment Information: Including billing details processed via Stripe.
• User Activity: Data about your interactions with our platform to improve your experience.

Section 02 — How We Use Your Information

• Provide and maintain our services.
• Improve the user experience, including offering customer support and personalized content.
• Communicate with you, including sending marketing materials (with your consent).
• Process payments securely via Stripe.

Section 03 — Data Storage and Sharing

Storage: Your data is stored on Amazon Web Services (AWS) servers.

Data Sharing: We do not share your personal data with third parties, except as necessary to provide our services (e.g., Stripe for payments). If this policy changes in the future, we will notify you and update this Privacy Policy accordingly.

Third-Party Service Providers: We use third-party services like AWS and Stripe. Your use of these services is subject to their respective terms of service. We are not responsible for the performance or availability of these third-party services.

Section 04 — Cookies and Tracking Technologies

We may use cookies and similar technologies to enhance your experience. These may be used to track activity on our platform and store preferences. If you wish to manage or disable cookies, you can do so through your browser settings.

Section 05 — User Rights

You have the right to:

• Access, update, or delete your personal data.
• Opt-out of marketing communications at any time.
• Request a copy of the data we have stored about you.

However, please note that in some circumstances, we may refuse access to certain types of personal data, such as detailed activity logs, if:

• Fulfilling the request would adversely affect the rights and freedoms of others.
• The request is manifestly unfounded or excessive.
• Providing the data would require significant technical or operational effort (e.g., retrieving complex data from our database).

If we refuse access to your data, we will notify you with an explanation of why the request cannot be fulfilled.

To exercise these rights, please contact us at info@synaply.io.

Section 06 — Data Security

We implement commercially reasonable security measures to protect your data while stored on AWS. However, no method of data transmission or storage is 100% secure, so we cannot guarantee complete security. You are also responsible for maintaining the confidentiality of your account credentials and agree to notify us immediately of any unauthorized access or security breaches related to your account.

Section 07 — International Data Transfers

Depending on the location of the AWS servers, your personal data may be transferred to, and stored on, servers located outside of your country of residence. By using our services, you consent to such transfers.

Section 08 — Data Retention

We retain your personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. After that, your data will be securely deleted or anonymized in accordance with applicable laws.

Section 09 — Children's Privacy

We do not knowingly collect or solicit personal data from individuals under the age of 13. If we learn that we have collected personal data from a child under 13, we will take steps to delete such information.

Section 10 — Limitation of Liability

To the maximum extent permitted by law, Synaply Inc. shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or in connection with this Privacy Policy or the use of the Services, even if we have been advised of the possibility of such damages.

Section 11 — Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will post the updated policy on this page and update the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically.

Section 12 — Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at:

Synaply Inc. 62 Carnforth Rd, Toronto, ON, M4A 2K7

• General Inquiries: info@synaply.io
• Product Support Inquiries: support@synaply.io

Section 13 — MCP & AI Integration

MCP Integration & AI Data Handling

Synaply maintains a publicly accessible privacy policy that explicitly covers MCP (Model Context Protocol) data handling. This section describes what data is accessed via the MCP integration, the purposes for which it is used, data retention periods, user rights including deletion, and contact mechanisms for privacy-related enquiries. This policy is reviewed and updated to remain current with the product's data handling practices.

What the MCP integration accesses

When you connect Synaply to an AI assistant (such as Claude via Claude.ai) through our Model Context Protocol (MCP) server, the integration is granted access to the following categories of data within your Synaply workspace, subject to your role and privacy settings:

• Insights & knowledge entries — content, titles, insight types, creation timestamps, and privacy levels for entries you and your team have published or drafted
• User identity & org structure — your profile, division memberships, reporting relationships, and team hierarchy
• Division schema — insight type definitions, form fields, and guidelines configured by your workspace admin
• Analytics summaries — aggregated submission trends and participation data across your accessible divisions

Purpose of access

Data accessed via the MCP integration is used solely to provide the Synaply knowledge management and AI assistance features you have requested — specifically, to enable your AI assistant to read, synthesize, draft, and publish organizational insights on your behalf within the Synaply platform. We do not use MCP-accessed data to train AI models, and we do not share it with third parties beyond what is necessary to operate the service.

How data is transmitted

Data passed through the MCP connection travels between Synaply's servers and your AI assistant provider (e.g., Anthropic) over encrypted HTTPS connections. Synaply does not store the content of individual MCP tool calls beyond what is necessary to fulfill the request. Your AI assistant provider's own privacy policy governs how they handle data received via MCP tool calls.

Retention

Data accessed via the MCP integration is retained in Synaply's systems for as long as your subscription is active and as necessary to provide the Services. Upon account termination or subscription cancellation, your data is handled in accordance with Section 8 (Data Retention) of this policy. Draft insights created during an MCP session but not published are stored temporarily and may be deleted if not acted upon.

Your rights & how to exercise them

You have the right to access, correct, or request deletion of data accessed through the MCP integration. To exercise these rights, or to revoke the MCP connection at any time, contact us at support@synaply.io. You may also disconnect the Synaply MCP connector directly from your AI assistant's settings at any time, which immediately terminates the integration's access to your data.