Privacy Policy

Last Updated: 15th July 2025

Syncora Technologies, Inc. (“Syncora,” “we,” “our,” or “us”) respects your privacy and is committed to protecting personal data entrusted to us. This Privacy Policy (“Policy”) explains how we collect, use, store, share, and safeguard personal data when you access or use Syncora's self-serve synthetic data engine, on-chain data hub, and related services (the “Services”).

This Policy is designed to comply with the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and other applicable global privacy laws.

By using the Services, you agree to the terms of this Policy. If you do not agree, please discontinue use of the Services.

1. Data We Collect

We collect limited categories of data:

Account & Contact Information

  • Name, email, and account credentials when you register.

Usage Information

  • Log files, browser/device details, IP addresses, and interaction metrics for security and analytics.

Contributor Data Submissions

  • Raw data uploaded by Contributors for validation and synthesis.
  • This may include personal, regulated, or sensitive data (e.g., health, financial, or behavioral records).

Synthetic Data

  • Generated synthetic datasets derived from Contributor submissions. Synthetic data is non-identifiable and does not constitute personal data.

2. Purpose of Processing

We process data for the following purposes:

  • To provide, operate, and improve the Services.
  • To validate and synthesize Contributor submissions into synthetic datasets.
  • To ensure compliance with GDPR, HIPAA, and other regulations.
  • To detect, prevent, and mitigate fraud, abuse, or unauthorized activity.
  • To process payments and distribute Contributor royalties.
  • To communicate with Users (e.g., service updates, support).

3. Legal Basis for Processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

  • Contractual necessity - to provide the Services you request.
  • Legitimate interests - for security, analytics, product improvement.
  • Consent - where required (e.g., marketing communications).
  • Legal obligations - to comply with applicable law and regulation.

4. HIPAA Compliance

For any protected health information (PHI) submitted by Contributors:

  • Syncora acts as a Business Associate under HIPAA.
  • PHI is processed only to generate synthetic datasets.
  • Original raw PHI is deleted after synthesis.
  • Synthetic datasets contain no PHI and cannot be used to re-identify individuals.

5. Data Minimization & Deletion

  • Raw Contributor data is automatically deleted following synthesis and validation.
  • Only synthetic data and anchored proofs remain in the system.
  • Users may request deletion of their account and associated data at any time by contacting support@syncora.ai.

6. Data Sharing

We do not sell personal data. We may share data with:

  • Buyers - only synthetic datasets, never raw data.
  • Service providers - for hosting, cloud, payments, and security (bound by confidentiality and data-processing agreements).
  • Regulators or authorities - where required by law.

7. International Data Transfers

  • Syncora is headquartered in the United States.
  • Data may be processed globally where our servers or service providers are located.
  • We rely on lawful transfer mechanisms (e.g., Standard Contractual Clauses under GDPR) to protect data when transferred internationally.

8. Security Measures

  • Encryption in transit and at rest.
  • Secure enclaves and privacy-preserving compute.
  • Automated PII detection and removal.
  • Regular audits, access controls, and monitoring.

9. Data Subject Rights (GDPR/CCPA)

Depending on your jurisdiction, you may have rights to:

  • Access your personal data.
  • Rectify or update data.
  • Request erasure (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability.
  • Opt out of “sale” of personal data (CCPA).

Requests may be submitted to support@syncora.ai.

10. Children's Privacy

The Services are not directed to individuals under 18. We do not knowingly collect personal data from children.

11. Retention

We retain Contributor raw data only as long as necessary to validate and synthesize synthetic datasets. Synthetic data and associated proofs may be retained for licensing and compliance purposes.

12. Liability & Limitations

Syncora takes all reasonable steps to safeguard data. However, no system is completely secure. Users acknowledge inherent risks in data submission and release Syncora from liability beyond what is permitted under applicable law and the Terms of Service.

13. Modifications

We may update this Policy from time to time. Material changes will be posted on our website. Continued use of the Services constitutes acceptance of any changes.

14. Contact

For privacy questions or data requests, contact:

📧 support@syncora.ai

📍 Syncora Technologies, Inc.

580 California St Suite 1200

San Francisco, CA 94104