Privacy Policy

Last Updated: July 2025

Contact Information

Company: Synali (Martin Quinones)

Email: contact@synali.com

Website: https://synali.com

1. Introduction

This Privacy Policy describes how Synali ("we," "our," or "us") collects, uses, and protects your information when you use our Chrome extension ("Synali" or "the Extension"). We are committed to protecting your privacy and ensuring transparency about our data practices.

Key Privacy Principles:
  • We do not store your conversations or messages
  • We only read message content in real-time to generate AI responses
  • We collect minimal personal data necessary for service functionality
  • You have full control over your data and can delete it at any time

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you use our extension:

  • Account Information: Email address, full name, and avatar URL when you create an account
  • Authentication Data: Secure tokens for maintaining your login session
  • User Preferences: AI model preferences, response style settings, and language preferences
  • Usage Data: Number of AI responses generated per month (for billing purposes)

2.2 Message Content (Real-Time Only)

Important: We do not store your conversations or messages. We only read message content in real-time to:

  • Understand conversation context for generating AI responses
  • Provide relevant and contextual AI assistance
  • Process messages only when you actively request an AI response

Message content is processed in real-time and immediately discarded - it is never stored in our databases.

2.3 Knowledge Base Data

If you choose to upload knowledge bases, we may collect:

  • Uploaded Files: CSV files, PDF documents, or manually entered text
  • Knowledge Base Metadata: Names, descriptions, and source URLs
  • Vector Embeddings: Processed text data for semantic search (stored securely in Pinecone)

2.4 Technical Information

We automatically collect certain technical information:

  • Browser Information: Browser type, version, and extension version
  • Platform Data: Which messaging platforms you use (WhatsApp, LinkedIn, Slack, Instagram, Gmail)
  • Performance Data: Response generation times and error logs

3. How We Use Your Information

3.1 Service Provision

We use your information to:

  • Provide AI-powered messaging assistance
  • Generate contextual responses based on conversation history
  • Maintain your account and preferences
  • Process payments and manage subscriptions

3.2 AI Processing

When you request an AI response:

  • We read the last 10 messages from your current conversation
  • Send this context to our AI service providers (OpenAI/Anthropic)
  • Generate a response based on your preferences and knowledge bases
  • Return the response to you immediately
  • Discard all conversation data after processing

3.3 Knowledge Base Processing

For uploaded knowledge bases:

  • We process and create vector embeddings for semantic search
  • Store files securely in Supabase Storage
  • Use the knowledge base content to enhance AI responses
  • Maintain your knowledge base settings and preferences

4. Information Sharing and Disclosure

4.1 Third-Party Services

We use the following third-party services:

  • Supabase: Database, authentication, and file storage
  • OpenAI: AI response generation (GPT-4, GPT-3.5-turbo)
  • Anthropic: Alternative AI response generation (Claude)
  • Pinecone: Vector database for knowledge base search
  • Paddle: Payment processing and subscription management

4.2 Data Sharing

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party services necessary for our operations
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your data:

  • Encryption: All data is encrypted in transit and at rest
  • Authentication: Secure token-based authentication
  • Access Controls: Row-level security policies in our database
  • Regular Audits: Security assessments and penetration testing

5.2 Data Retention

  • Account Data: Retained until you delete your account
  • Knowledge Bases: Retained until you delete them
  • Usage Data: Retained for billing and service improvement
  • Message Content: Never stored - processed in real-time only

6. Your Rights and Choices

6.1 Access and Control

You have the following rights regarding your data:

  • Access: View all personal data we have about you
  • Correction: Update or correct inaccurate information
  • Deletion: Delete your account and all associated data
  • Portability: Export your data in a machine-readable format
  • Objection: Object to certain types of data processing

6.2 Account Management

You can manage your data through:

  • Extension Settings: Update preferences and delete knowledge bases
  • Account Dashboard: Manage subscription and billing information
  • Email Support: Contact us for data-related requests

7. Browser Permissions

7.1 Required Permissions

Our extension requires the following browser permissions:

  • activeTab: To access the current tab when generating AI responses
  • storage: To save your preferences and authentication data
  • tabs: To communicate with tabs and manage authentication state
  • Host Permissions: To access WhatsApp Web, LinkedIn, Slack, Instagram, and Gmail for AI assistance

7.2 Permission Usage

These permissions are used exclusively for:

  • Reading conversation context in real-time
  • Injecting AI response buttons into messaging platforms
  • Managing your authentication and preferences
  • Providing seamless AI assistance across platforms

8. International Data Transfers

Your data may be processed in countries other than your own. We ensure that all data transfers comply with applicable data protection laws and implement appropriate safeguards.

9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a notification in the extension

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR). You can exercise these rights by contacting us at contact@synali.com.

This Privacy Policy was last updated on July 2025.