Synapse IT
Back to Synapse

SYNAPSE LEGAL

Privacy Policy

Last updated: 24 April 2026

Data controller

The data controller for Synapse is Mattia Capomagi, based in Italy. For privacy requests, contact mattia.capomagi@gmail.com.

This policy applies to the Synapse iOS app and to the Synapse section of this website.

What Synapse does

Synapse is an iOS app for daily micro-learning. It shows one curated daily fact based on the interests selected by the user and includes streaks, shields, read history, ratings, reports, friend features, leaderboards and optional online status.

Data we collect

Synapse does not knowingly collect precise geolocation, biometric data, advertising identifiers, private message content or ad-tracking data.

  • Account data: email address, display name, avatar or initials.
  • Preference data: selected topics and timezone, used to personalize facts and calculate local unlock times.
  • Usage data: opened daily facts, read history, timestamps, ratings, reports, streak count, max streak, shields and fact rarity statistics.
  • Social data: friend lists, friend requests, friends' streaks and shields shown in social features.
  • Presence data: last_seen_at and show_online_status, used only to show online status to friends when enabled.
  • Technical data: Supabase user UUID, timezone identifier and access timestamps.

Why we use data

  • To provide the app, accounts, daily facts, streaks, shields and syncing.
  • To personalize the selected topic experience.
  • To provide optional social features such as friends and leaderboards.
  • To show online status to friends only when the user chooses to make it visible.
  • To improve content quality through ratings and reports.
  • To send service communications such as account and password emails.
  • To comply with legal obligations.

Legal bases under the GDPR

  • Performance of a contract for core app features, account access, streaks, shields and service communications.
  • Consent for topic personalization, optional social features and optional online status visibility.
  • Legitimate interest for improving the service through ratings and incorrect-fact reports.
  • Legal obligation where processing is required by applicable law.

Processors and third parties

Synapse uses Supabase for PostgreSQL database hosting, authentication, storage and serverless infrastructure. Supabase may process the data listed in this policy as a data processor.

Apple processes data related to App Store distribution, TestFlight, system crash reports and Sign in with Apple where enabled, according to Apple's own privacy terms.

Synapse does not use advertising SDKs, third-party analytics SDKs, external crash-reporting SDKs or social login providers other than Apple.

Retention

  • Account, profile, streak, shield, read-history and preference data are kept until the account is deleted.
  • Ratings and reports are kept until account deletion unless they are converted into anonymous aggregate statistics.
  • Social data is deleted when a friendship is removed or when the account is deleted.
  • last_seen_at is overwritten during use and deleted with the account.
  • Technical logs are retained according to Supabase infrastructure policies, typically for a limited operational period.
  • After account deletion, personal data is deleted within 30 days, except anonymous aggregate data.

Security

Data in transit is protected through HTTPS/TLS. Synapse relies on Supabase Auth, encrypted infrastructure, expiring JWT sessions, refresh tokens and PostgreSQL Row Level Security policies to restrict access to data.

If online status visibility is disabled, last_seen_at is not exposed to other users.

International transfers

Synapse is intended to store app data on Supabase infrastructure in the EU region. Apple may process some App Store, TestFlight or authentication data outside the EU under its own transfer safeguards.

Children

Synapse is intended for users aged 13 or older, and for EU users where local law requires it, 16 or older. Synapse does not knowingly collect data from users below the applicable minimum age.

Your rights

Under the GDPR, users may request access, rectification, deletion, restriction, portability, objection to processing based on legitimate interest, and withdrawal of consent. Users may also lodge a complaint with the Italian Data Protection Authority at www.garanteprivacy.it.

Requests can be sent to mattia.capomagi@gmail.com. Synapse aims to respond within 30 days. Account deletion is available in the app from Profile, Settings, Delete account, or by email request.

Changes

Material changes to this policy may be communicated by in-app notice and, where appropriate, by email. The latest update date is shown at the top of this page.