The short version

SynthOS is local-first. Your vault, your run history, your credentials, and the work your agents do live on your Mac — we never see them and don't want to. What we hold is the minimum needed to run a store: your account, your subscription state, and basic site analytics.

What we collect

Account: your email address and sign-in identifiers (managed by Supabase, our auth provider).

Billing: your subscription status and plan. Card details go directly to Stripe; we never see your card number.

Credits: if you use built-in credits, we keep a ledger of grants and usage amounts so your balance is correct.

Site analytics: anonymous page views and button clicks on trusynth.com (Vercel Analytics — no cookies, no cross-site tracking, no advertising identifiers).

What we never collect

The contents of your vault. Your API keys (they live in your macOS keychain). The prompts you type in the app or the outputs your agents produce when you bring your own key. Your files. [⚠ confirm telemetry state of the app build George ships — this claim must match the binary]

Who we share with

Our processors: Supabase (auth + database), Stripe (payments), Vercel (hosting + analytics). Each receives only what their job requires. We don't sell or rent personal data to anyone.

Your rights

You can export or delete your account data by emailing hello@trusynth.com — we honor deletion requests within 30 days. EU/UK residents have GDPR rights (access, rectification, erasure, portability); California residents have CCPA rights. [⚠ confirm data-controller entity + DPO contact]

Changes & contact

If this policy changes materially we'll tell you by email before it takes effect. Questions: hello@trusynth.com.