Privacy Policy (App)

Last updated: October 30, 2025

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use Our application (“Service”) and informs You about Your privacy rights and how the law protects You.

We collect and use various types of data to provide and improve the Service. By using the Service, You agree to the collection and use of data in accordance with this Privacy Policy.

The app is not intended for anyone under the age of 13. We do not knowingly allow use by children under 13. If you are under 13, do not use the Service.

1. Interpretation and Definitions

1.1 Interpretation

Words whose initial letters are capitalized have meanings defined under the following conditions. These definitions have the same meaning regardless of whether they appear in singular or in plural.

1.2 Definitions

For the purposes of this Privacy Policy:

Account: A unique account created for You to access parts of Our Service.

Application: Refers to SYN-FX, the software program provided by the Company.

Business (For CCPA/CPRA): Refers to the Company that collects personal information, determines the purposes for data processing, and does business in California.

CalOPPA (California Online Privacy Protection Act): A California state law that requires commercial websites and online services to post a privacy policy.

CCPA/CPRA: Refer to the California Consumer Privacy Act and California Privacy Rights Act, respectively, providing California residents with certain rights regarding their personal information.

Company (referred to as “We”, “Us”, or “Our” in this Agreement): SYN-FX LP, located at 501 Silverside Road, STE 105-167, Wilmington, DE 19809. For the purpose of the GDPR, the Company is the Data Controller.

Consumer (For CCPA/CPRA): A natural person who is a California resident.

COPPA: The Children’s Online Privacy Protection Act, protecting personal information of children under 13 in the US.

Country: Refers to Delaware, United States.

Data Controller (For GDPR): The Company, which alone or jointly with others, determines the purposes and means of personal data processing.

Device: Any device that can access the Service such as a smartphone or a tablet.

Do Not Track (DNT): A concept promoted by US regulatory authorities for an internet mechanism that allows users to control online activity tracking.

GDPR: The EU General Data Protection Regulation.

Personal Data: Any information related to an identified or identifiable individual (under GDPR and other privacy laws), such as name, identification number, location data, or online identifiers.

Service: The Application.

Service Provider: Any natural or legal person who processes data on behalf of the Company.

Usage Data: Data collected automatically, generated by the use of the Service.

You: The individual accessing or using the Service or the legal entity on behalf of which such individual is accessing or using the Service.

2. Collecting and Using Your Data

2.1 Types of Data Collected

2.1.1 Personal Data

While using Our Service, we do not collect personally identifiable information such as your name or email address automatically. However, if You contact us via email or through the in-app contact button for support, We may store and use this voluntarily provided data (e.g., your email address and the content of your message) to respond to your inquiries and provide support.

2.1.2 Usage Data

Usage Data is collected automatically when using the Service and typically includes:

Pseudonymous User Identifiers: We assign unique identifiers to users that allow us to track events and behavior within the application across multiple sessions. These identifiers enable us to analyze user interactions over time without revealing your real identity.

Events and Interactions: Data about how You use the Application (e.g., pages visited, actions taken, time spent) to understand and improve the user experience.

Device and Technical Information: Non-personal information such as device model, operating system type and version, and app version to ensure optimal performance and for debugging purposes.

Diagnostics and Performance Data: In case of crashes or errors, we may collect diagnostic information to identify and fix issues promptly.

Location Information: We do not collect precise GPS location. We may infer coarse location (for example, country or region) derived from device and network information or store locale to help us understand general user distribution and improve the Service.

Attribution Information: We may receive pseudonymous Apple Search Ads attribution data to measure installs.

See §2.1.6 for Facebook SDK for iOS (v2.21+) details.

2.1.3 Media

We do not upload or store your photos or videos on our servers. Media created or edited with our Service remains securely on your device, or may be uploaded to your iCloud account if you have enabled iCloud backups or choose to store media in iCloud services. Storage in iCloud is managed under your Apple account and Apple’s terms.

2.1.4 Onboarding Survey (applies to app version 2.13 and later)

When you first open the app, you will be asked to answer a short survey about how you plan to use SYN-FX (for example: content type, target audience, experience level, features of interest, age group, and how you heard about us). These answers are stored with a pseudonymous user identifier and used for improving the app, product analytics and personalization.

2.1.5 In-App Feedback (optional) (applies to app version 2.16 and later)

If you choose to submit feedback within the app, we collect your free-text comments together with limited technical context and pseudonymous usage metrics to help us improve the Service. Please don’t include personal information; we also apply best-effort automated redaction of common personal identifiers before submission.

2.1.6 Advertising & Attribution (Facebook SDK for iOS) (applies to app version 2.21 and later)

Starting in version 2.21, we integrated the Facebook SDK for iOS to measure the effectiveness of ads we run on Meta platforms and to help prevent fraud. We disable automatic event logging.

If you Opt-Out in the in-app Privacy settings, we do not send analytics or Meta ads-measurement signals from this device.

If you Opt-In but deny Apple’s App Tracking Transparency (ATT) permission, we do not access the IDFA. We may still send aggregated measurement signals (for example, through privacy-preserving attribution frameworks such as Meta’s Aggregated Event Measurement and/or Apple frameworks like SKAdNetwork/AdAttributionKit) that do not use IDFA.

If you Opt-In and grant ATT permission, we may send selected app events and the IDFA to improve measurement.

Depending on your choices, data related to ads measurement may include selected app events (e.g., install, open, purchase) and standard device and network information present in network requests used for measurement, security, and attribution.

Minors: If you indicate you are below 18 during onboarding, we do not activate the Facebook SDK for iOS and we do not send advertising or attribution signals to Meta from this device.

2.2 Use of Your Data

The Company uses collected data for the following purposes:

To Provide and Maintain Our Service: Ensuring it runs efficiently and reliably.

To Improve and Personalize the Service: Analyzing usage patterns to enhance user experience and develop new features.

For Internal Research and Analytics: Understanding how the Service is used helps us refine the product, correct issues, and make data-driven decisions for ongoing improvements.

To Monitor the Usage of Our Service: Tracking which features are most popular and how different user segments engage with the app.

To Comply with Legal Obligations: Responding to law enforcement or other governmental agency requests, where necessary.

To Communicate with You: If You contact us for support, we may use your voluntarily provided email address and the content of your request to assist you.

Personalize your experience: show relevant tips, defaults, and feature suggestions based on your survey responses.

Product analytics and A/B testing: understand which features are helpful and improve the Service.

To evaluate and prioritize product improvements: receive, review, and act on your optional in-app feedback.

Ads measurement and attribution (v2.21+).

2.3 Retention of Your Data

We retain usage data as long as necessary for the purposes outlined in this Privacy Policy. Since pseudonymous and aggregated data does not directly identify you personally, it may be retained indefinitely for analysis and improvement of the Service, unless a specific retention period is mandated by applicable laws.

Data provided voluntarily through support inquiries will be retained for as long as necessary to address and resolve the request and to comply with legal obligations.

Feedback text submitted in-app is retained only as long as reasonably necessary to evaluate and act on it, after which it may be deleted or aggregated.

For advertising and attribution data (v2.21+), we retain only what is reasonably necessary for measurement and fraud prevention and as required by our service providers’ terms; we aggregate or delete when no longer necessary.

For California residents: We retain each category of personal information only as long as needed for the purposes described above; where a specific period isn’t possible, we use criteria such as recent app activity, feature usage, and legal obligations to determine retention and delete or aggregate the data when no longer necessary.

2.4 Transfer of Your Data

Your pseudonymous usage data is processed at the Company’s operating offices and in locations where the parties involved in processing are situated. It may be transferred to and stored on servers located outside of your state, country, or jurisdiction. We ensure appropriate safeguards to protect your data consistent with this Privacy Policy and applicable privacy laws.

Feedback data is stored in the United States with a cloud database provider with access controls.

Where personal data is transferred from the EEA or UK to the United States, we rely on the European Commission’s Standard Contractual Clauses (and, for the UK, the International Data Transfer Addendum). Where applicable, we may also rely on a service provider’s participation in the EU-U.S. Data Privacy Framework (and its UK Extension).

For ads measurement using the Facebook SDK for iOS (v2.21+), data may be processed by Meta entities in the United States and other countries where Meta operates. Where applicable, cross-border transfers rely on appropriate safeguards such as the Standard Contractual Clauses and/or participation in the EU-U.S. Data Privacy Framework (and UK Extension).

2.5 Delete or Access Your Data

We do not collect Personally Identifiable Information automatically. If you have concerns about any data associated with your pseudonymous identifier or information you voluntarily provided via email, you can contact us using the details provided in the “Contact Us” section. We will promptly address any requests related to data handling in compliance with applicable laws. Where we cannot reasonably verify your identity (for example, because we do not maintain user accounts), we may be unable to fulfill certain requests consistent with applicable law.

You may also request deletion of any feedback you submitted in-app by contacting us; please include enough detail for us to locate the submission.

For ads measurement data (v2.21+), opting out in the app stops future sending from this device. Existing ads measurement data held by service providers is subject to their policies and retention schedules; we will cooperate in good faith where applicable law requires or permits.

2.6 Disclosure of Your Data

We may disclose data only if:

We are Legally Required to Do So: Complying with a legal obligation or responding to valid requests by public authorities.

To Protect the Rights and Safety of the Company: Investigating and preventing wrongdoing connected to the Service, or protecting the safety of Service users or the public.

2.7 Security of Your Data

We are committed to securing your data. Where feasible, we store data in pseudonymized form and use commercially reasonable means to protect it. However, no method of electronic data transmission or storage is 100% secure, and we cannot guarantee absolute security. We continually implement and update physical, technical, and organizational safeguards to protect your data from unauthorized access and to maintain data accuracy.

3. Service Providers

3.1 General

We employ third-party companies and individuals (Service Providers) to operate and maintain the Service on Our behalf, to perform service-related tasks, or to assist us in analyzing how the Service is used. These Service Providers have access only to data necessary to perform these tasks and are obligated not to use it for any other purpose.

Supabase (cloud database/storage)

Purpose: Securely store optional in-app feedback. Access is limited to this purpose.

Data: Free-text feedback after best-effort automated redaction, plus limited technical context. Data is transmitted over TLS and stored with access controls.

3.2 Analytics

We use third-party Service Providers to monitor and analyze the use of our Service:

Amplitude

Purpose: Analyze user engagement by tracking user events within the Service to help us understand user behavior and improve user experience.

Data: Configured to collect pseudonymous analytics identifiers that persist across sessions. We do not use IDFA or IDFV for analytics. Coarse location (e.g., country or region) may be derived from network information; we do not collect precise GPS location. COPPA (Child privacy) controls are enabled.

Mixpanel

Purpose: Tracks user events, interactions, and usage patterns within the Service to help us improve the user experience.

Data: Configured to collect data while operating in anonymous/pseudonymous mode, collecting aggregated data without any identifiers that link back to individual users. We do not use IDFA or IDFV for analytics.

3.3 Payments

We may provide paid services within the Service:

Apple App Store In-App Purchases

Process: When you make an in-app purchase through Apple’s payment processing system, financial and billing information is handled directly by Apple. We do not store or process this payment information.

3.4 Advertising & Attribution (Facebook SDK for iOS) (v2.21 and later)

Facebook SDK for iOS

Provider: Meta Platforms

Purpose: Ads measurement and attribution of our campaigns; fraud prevention.

Data: Depending on your Opt-In/ATT choice, aggregated measurement signals (no IDFA), and—if ATT is granted—selected app events and the IDFA. Requests may include standard device and network information.

Autologging: Disabled.

Controls: In-app Privacy Opt-Out and iOS ATT settings. Facebook SDK for iOS events are disabled for users who indicate they are under 18.

4. GDPR Privacy (For European Economic Area Users)

4.1 Data Protection Rights

If You are located in the European Economic Area (EEA) and data protection laws like the GDPR apply, You have certain rights:

Access and Correction: Request access to and correction of any personal data we hold that may identify you.

Objection to Processing: Object to our processing of your personal data under certain circumstances.

Data Portability: Request a copy of your personal data in a structured, machine-readable format.

Withdraw Consent: Withdraw your consent at any time if processing is based on consent.

Even though we cannot directly identify you through the pseudonymous data, we are committed to respecting your rights under GDPR. If you believe that any of the data we process can be considered personal data, please contact us to exercise your rights. Where we cannot reasonably verify your identity, we may be unable to fulfill certain requests, consistent with GDPR Articles 11/12.

4.2 Legal Basis for Processing Data

We rely on the following legal bases for processing data under GDPR:

Legitimate Interests: For analyzing usage data to improve performance, user experience, and the functionality of our Service (including first-party in-app personalization), debugging, security, and fraud prevention without using tracking identifiers.

Consent: For access to IDFA (via ATT) and any ads measurement that relies on advertising identifiers and related app events.

Legal Obligations: If required to comply with applicable laws or in response to lawful requests from public authorities.

We do not process special categories of personal data, nor do we make decisions based solely on automated processing that produce legal or similarly significant effects concerning you.

5. CCPA/CPRA Privacy Notice (For California Residents)

5.1 Categories of Information Collected

In the past 12 months, we have collected the following categories of information from California residents:

Identifiers and Usage Data: Unique pseudonymous user identifiers that persist across sessions, user engagement data, and technical information about the device used.

Commercial Information: If paid services are used, we may have records related to your purchase history or subscription details through Apple In-App Payments.

Starting with SYN-FX v2.13: Characteristics of protected classifications (CCPA/CPRA): Age group (e.g., 18–24, 25–34) collected via onboarding survey for product analytics and app personalization. Not sold or shared. Retained only as long as needed for these purposes.

Contact Information (support interactions): email address and message content that you voluntarily send us when contacting support. Not sold or shared. Retained only as long as necessary to address your request and for legal compliance.

Starting with SYN-FX v2.16: Other User Content — optional in-app feedback text you choose to submit (after best-effort automated redaction), plus limited technical context. Not sold or shared. Retained only as long as needed to evaluate and act on it.

Starting with SYN-FX v2.21: Advertising and attribution data used to measure ad performance (e.g., selected app events, and if ATT is granted, the IDFA; plus standard device and network information used for measurement, security, and attribution). May be shared for cross-context behavioral advertising. Not sold.

We do not collect sensitive personal information as defined by the CCPA/CPRA, and we do not sell personal information.

5.2 Rights Under CCPA/CPRA

If You are a resident of California, You have the following rights:

Right to Know: What personal information is collected, used, disclosed, or sold.

Right to Delete: Request the deletion of certain personal information collected from you.

Right to Opt-Out: Direct a business not to sell your personal information.

Right to Non-Discrimination: Not to be discriminated against for exercising your rights under these acts.

While the data we collect may not directly identify you, we respect and uphold the privacy rights of California residents under the CCPA/CPRA. If you have any concerns or requests regarding your personal information, please contact us.

5.3 Do Not Sell or Share

We do not sell personal information. Starting with SYN-FX v2.21, if you Opt-In, we may share certain personal information for cross-context behavioral advertising with Meta to measure and attribute ads. You can opt out of sharing at any time using the in-app Privacy Opt-Out control (which turns off both analytics and Meta from this device).

In addition, we do not ‘share’ personal information for cross-context behavioral advertising for users who indicate they are under 18.

6. COPPA Compliance (Children’s Privacy)

Our Service is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are under 13, do not use the Service.

Where available, our analytics services are configured with child-privacy controls to help prevent collection from children under 13. If a parent or guardian believes that a child under 13 has used the Service or provided information, please contact us at privacy@syn-fx.com and we will promptly delete such information and take appropriate steps to prevent further use.

Additional teen protections (13–17): We do not run Meta Ads & Attribution for users who indicate they are under 18.

7. CalOPPA Compliance (California Online Privacy Protection Act)

7.1 What is CalOPPA?

CalOPPA is a California state law that requires commercial websites and online services to post a privacy policy. The policy must state:

The categories of personally identifiable information that the website collects.

How the website responds to “Do Not Track” signals.

How users can review and make changes to their personal information.

7.2 Do Not Track Signals

Our Service does not currently respond to Do Not Track (DNT) signals. DNT is a privacy preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting your web browser’s settings or preferences. Where required by law, we will honor recognized opt-out preference signals on the web.

7.3 Changes to Personal Information

If you have provided personal information through support contact, you may review or make changes to this information by emailing us at privacy@syn-fx.com. We will respond to requests to update or delete such personal data as required by CalOPPA within a reasonable timeframe.

7.4 Effective Dates and Updates

This Privacy Policy:

Can change over time, and we will update the “Last updated” date and provide you with a new version if significant changes occur.

Is posted on our Service and accessible via a conspicuous link.

8. Links to Other Websites and Social Media

Our Service may contain links to external websites or social media platforms (e.g., Instagram) not operated by us:

Disclaimer: We are not responsible for the content, privacy policies, or practices of third-party websites or services.

Recommendation: We strongly advise reviewing the Privacy Policy of every third-party site or service you visit.

9. Changes to this Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page, and the “Last updated” date at the top will be updated accordingly. We will also notify you of any significant changes via email or a prominent notice on the Service if the changes will affect you.

We recommend that you review this Privacy Policy periodically to stay informed about how we handle your data.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data collection practices, please contact us:

By email: privacy@syn-fx.com

By visiting this page on our website: https://www.syn-fx.com/app-privacy

We will respond to your inquiries promptly and address your concerns with the utmost care.