Privacy Policy
Last updated: January 2026
TL;DR (The Quick Version)
- ✓ We collect minimal data - just what's needed
- ✓ Your ideas stay yours - we don't sell them
- ✓ AI processing happens via Anthropic (Claude)
- ✓ Analytics via PostHog (privacy-friendly)
- ✓ You can delete your data anytime
- ✓ We're UK-based, GDPR applies
What We Collect (At a Glance)
We DO collect:
- • Email (for account)
- • Your analysis inputs
- • Generated reports
- • Basic usage analytics
We DON'T collect:
- • Payment details (Stripe handles)
- • Precise location
- • Social media profiles
- • Third-party tracking data
1️⃣ Who We Are
Syntropic Works is operated by Peter Holford. We're based in the UK. For privacy questions, contact privacy@syntropicworks.com.
2️⃣ Data We Collect
Account Data
- • Email address (required for login)
- • Name (optional)
- • Authentication tokens (managed by Supabase Auth)
Analysis Data
- • Ideas and descriptions you submit
- • Generated reports and insights
- • Conversation history with agents
Usage Data
- • Pages visited (via PostHog)
- • Feature usage patterns
- • Error reports
- • Device type and browser (anonymised)
3️⃣ How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Providing the analysis service | Contract performance |
| Sending service emails | Contract performance |
| Improving the product | Legitimate interest |
| Security & fraud prevention | Legitimate interest |
| Marketing (only with consent) | Consent |
4️⃣ AI Processing
Your ideas are processed by AI
When you use the Analyser, your input is sent to Anthropic's Claude API for processing.
- • Anthropic does not use your data to train their models
- • Data is encrypted in transit
- • Anthropic's privacy policy applies to their processing
- • We don't share your data with other AI providers
5️⃣ Third-Party Services
- Supabase (Database & Auth) - EU hosted
- Anthropic/Claude (AI Processing) - US based, with data processing agreement
- Vercel (Hosting) - Edge network, data stays in nearest region
- PostHog (Analytics) - EU hosted, privacy-friendly
- Resend (Email) - For transactional emails only
6️⃣ Your Rights (GDPR)
Access:See what data we have
Rectification:Fix incorrect data
Erasure:Delete your data
Portability:Export your data
Objection:Stop certain processing
Restriction:Limit how we use data
To exercise these rights, email privacy@syntropicworks.com. We'll respond within 30 days.
7️⃣ Data Retention
- • Account data: Until you delete your account
- • Analysis data: Until you delete it, or 2 years after last use
- • Usage logs: 90 days
- • Billing records: 7 years (legal requirement)
8️⃣ Security
- • All data encrypted in transit (HTTPS/TLS)
- • Database encrypted at rest
- • Row-level security for user isolation
- • Regular security audits
- • We'll notify you of any breaches within 72 hours
📬 Contact & Complaints
Privacy questions: privacy@syntropicworks.com
You also have the right to complain to the UK Information Commissioner's Office (ICO).