SYNPHORIA

Legal

Privacy Policy

This policy explains how SYNPHORIAAI sp. z o.o. collects, uses, shares, and protects personal data when you use Synphoria websites, applications, and related services.

Last updated: 18 February 2026

1. Who We Are

SYNPHORIAAI sp. z o.o. (ul. Migowska 54D/4, 80-287 Gdansk, Poland; KRS 0001167839; NIP 9571187114; REGON 541473225) is the data controller for most processing described in this Policy. If you use Synphoria through an organisation, that organisation may be a separate controller for some processing.

2. Contact

Privacy and data protection contact: contact@synphoria.app. Security and safeguarding contact (priority): security@synphoria.app. Postal address: SYNPHORIAAI sp. z o.o., ul. Migowska 54D/4, 80-287 Gdansk, Poland. If we appoint a formal Data Protection Officer where required, we will publish their contact details in the Service.

3. What This Policy Covers

This policy applies to Synphoria websites, applications, and related services. It should be read together with the Terms of Service, Cookie Policy, Safeguarding Policy, and Data Safety & Security Statement.

4.1 Data You Provide

  • Account data: email address, password (stored in hashed form), and profile details you choose to provide.
  • User Content: messages, prompts, and other content submitted to the Service.
  • Support and feedback information you provide when contacting us.
  • Optional safeguarding contact information, including your number and/or a trusted person's number.

4.2 Data We Collect Automatically

  • Usage data, including feature interactions, frequency, and performance metrics.
  • Device and log data, including IP address, device type, OS, browser type, identifiers, timestamps, and error logs.
  • Cookies and similar technologies as described in the Cookie Policy.

4.3 Data We Infer or Generate

Because Synphoria is an emotional support companion, the Service can generate insights from conversations. This can include special category data (health-related data) under GDPR.

  • Emotional state monitoring outputs, such as inferred emotional tone, mood patterns, and wellbeing indicators.
  • Memory and context notes used to support continuity.
  • Safeguarding risk indicators and scores to help detect potential crisis situations.

4.4 Location Data (Optional)

If you enable location permissions, we may process limited location signals (for example, last known device location). Location is not required for normal operation and is used primarily for safeguarding escalation where legally permissible.

5. Legal Bases for Processing

  • Performance of a contract (GDPR Art. 6(1)(b)).
  • Consent (GDPR Art. 6(1)(a) and Art. 9(2)(a) for special category data where required).
  • Legitimate interests (GDPR Art. 6(1)(f)) for security, maintenance, and improvement.
  • Legal obligation (GDPR Art. 6(1)(c)).
  • Vital interests (GDPR Art. 6(1)(d) and, where applicable, Art. 9(2)(c)).

5.1 Core Service Provision

  • Create and manage accounts, authenticate users, and provide support.
  • Process User Content to generate AI output and maintain context continuity.

5.2 Emotional Monitoring and Special Category Data

The core Synphoria experience includes emotional personalisation. Where required, we request explicit consent before enabling Emotional State Monitoring and related long-term memory features. You can withdraw consent at any time; some features may then be unavailable or limited.

5.3 Safety and Safeguarding

We use automated safety signals to identify potential safeguarding events and present in-chat support. In higher-risk cases, exceptional human review may occur to verify risk and decide protective action. Decryption-capable actions are limited, role-restricted, reason-recorded, and audited.

5.4 Security, Fraud Prevention, and Improvement

We maintain and secure the Service, prevent abuse, enforce Terms, investigate incidents, and improve performance and reliability. If personal data is used beyond core service operation for broader AI model improvement, we apply safeguards and consent where required.

6. How We Share Data

  • We do not sell personal data.
  • We share data with processors and service providers (for infrastructure, communications, analytics, support, and payments).
  • We may share minimum necessary data with authorities or emergency services where required by law or to protect vital interests.
  • We may share data with professional advisers and in corporate transactions, subject to safeguards.

7. International Data Transfers

Some providers may process data outside the EEA. Where transfers occur, we use safeguards such as Standard Contractual Clauses and supplementary measures where required.

8. Data Retention

  • Account data: retained while the account is active; then deleted or anonymised subject to legal/security retention duties.
  • User Content: retained as needed for service operation and according to user settings and deletion controls.
  • Safeguarding records: retained for appropriate accountability and legal compliance periods.
  • Security logs: retained for limited periods for monitoring and investigations.

9. Security Measures

  • Encryption in transit and at rest for stored chat data.
  • Role-based access controls, least privilege, and MFA for privileged access where appropriate.
  • Audit logging and monitoring for sensitive administrative actions.
  • Secure development practices and vulnerability management.

10. Your Rights and Choices

Depending on your location, you may have rights including access, rectification, erasure, restriction, portability, objection, and consent withdrawal. To exercise rights, contact contact@synphoria.app. You also have the right to lodge a complaint with a supervisory authority (in Poland: UODO).

11. Children

The Service is not intended for children under 16, and we do not knowingly collect personal data from them.

12. Automated Decision-Making

Synphoria uses automated processing (including Emotional State Monitoring) to personalise responses and identify potential safeguarding indicators. This is not intended to produce legal effects about you. Where a potential safeguarding event is identified, human review may occur.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in practices, technology, or legal requirements. We will update the Last updated date and provide additional notice for material changes where appropriate.

14. Contact

Email (privacy): contact@synphoria.app. Email (security/safeguarding): security@synphoria.app. Postal address: SYNPHORIAAI sp. z o.o., ul. Migowska 54D/4, 80-287 Gdansk, Poland.

Contact: contact@synphoria.app | security@synphoria.app