Synx Finance

Privacy Policy

Last Updated: April 2026

1. Introduction

At Synx, we are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial management platform, including our website and our iOS and Android mobile applications (collectively, the "Service").

By using Synx, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our service:

2.1 Account Information

When you create an account, we collect your email address, name, and any other information you choose to provide. This information is used to create and manage your account and to communicate with you about our service.

2.2 Financial Data

To provide our financial management services, we collect financial data from your connected bank accounts through our integration with Plaid, a third-party financial data aggregator. This includes:

  • Account balances and transaction history
  • Account names and types (checking, savings, credit cards)
  • Merchant names and transaction descriptions
  • Transaction amounts and dates

This data is collected in read-only mode. We do not have the ability to initiate transactions or modify your accounts.

When you link an institution, Plaid acts as the data conduit between your bank and Synx. Plaid's handling of your credentials and financial data is governed by its own privacy policy, available at plaid.com/legal/end-user-privacy-policy. By linking an account, you acknowledge and agree to Plaid's End User Privacy Policy.

2.3 Usage and Analytics Data

We automatically collect information about how you interact with the Service, including pages visited, features used, and time spent on the platform. This helps us improve the Service and user experience. We use PostHog for product analytics; usage events are associated with your user identifier and email so that we can measure feature adoption and troubleshoot issues for you specifically.

We use Sentry for crash and error reporting. When the app encounters an error, we send diagnostic information (stack traces, device model, operating system version, app version, and an anonymous user identifier) to Sentry so we can fix bugs. We do not send your bank credentials, transaction contents, or email address to Sentry.

2.4 Mobile App Data

Our iOS and Android apps collect the following additional information:

  • Biometric authentication: If you enable Face ID, Touch ID, or Android biometric unlock, authentication is handled entirely on your device by the operating system. The biometric template itself never leaves your device and is never transmitted to or stored by Synx.
  • Secure storage: Authentication tokens are stored in your device's secure keychain (iOS Keychain / Android Keystore) via expo-secure-store. These tokens remain on your device and are not shared with third parties.
  • Device information: We collect limited device metadata (model, OS version, app version, and a non-resettable or advertising-style identifier only where required by our crash reporter) to diagnose issues and improve compatibility.
  • Push notifications: If you grant permission, we store a device push token so we can send you account alerts and updates. You can revoke this permission at any time in your device settings.

The Synx mobile app does not collect location data, contacts, photos, microphone input, or camera input.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our financial management services
  • Process transactions and categorize your spending
  • Generate insights, reports, and financial summaries
  • Send you service-related communications and updates
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms of service

We do not sell, rent, or share your personal or financial information with third parties for their marketing purposes.

4. Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security). Financial data stored in our database is encrypted at rest using AES-256 encryption.
  • Read-Only Access: Our integration with Plaid provides read-only access to your financial accounts. We cannot initiate transactions or modify your accounts.
  • Access Controls: We use authentication and authorization controls to ensure only authorized personnel can access your data.
  • Regular Security Audits: We conduct regular security assessments and updates to protect against vulnerabilities.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to using commercially reasonable means to protect your data.

5. Data Sharing and Third-Party Services

We share your information only in the following circumstances:

  • Plaid: We use Plaid Inc. to securely connect to your financial institutions. Plaid's use of your information is governed by the Plaid End User Privacy Policy.
  • Supabase: We use Supabase for authentication and database services. Supabase's use of your information is governed by their Privacy Policy.
  • Stripe: We use Stripe to process payments for lifetime access and token purchases. Synx does not store your payment card details. Stripe's use of your information is governed by the Stripe Privacy Policy.
  • PostHog: Product analytics provider. Receives usage events along with your user identifier and email.
  • Sentry: Crash and error reporting provider. Receives diagnostic data and an anonymous user identifier; does not receive your email or financial data.
  • Legal Requirements: We may disclose your information if required by law or in response to valid requests by public authorities.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Your Rights and Choices

You have the right to:

  • Access and review your personal information
  • Update or correct inaccurate information
  • Request deletion of your account and associated data
  • Disconnect bank accounts at any time
  • Opt out of non-essential communications

To exercise these rights, please contact us at the email address provided in the Contact section below.

You may delete your account and all associated data at any time by visiting synxfinance.com/delete-accountor by using the "Delete Account" option inside the mobile app. Deletion removes your profile, linked institutions, transactions, and derived data within 30 days, except where retention is required by law.

7. Children's Privacy

Synx is not directed to, and we do not knowingly collect personal information from, children under the age of 16. If we learn that we have collected personal information from a child under 16 without verifiable parental consent, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at the address below.

8. Data Breach Notification

In the event of a data breach that compromises your personal information, Synx will notify you and the applicable state or federal regulators without unreasonable delay and in accordance with applicable breach-notification laws (including, where applicable, the Gramm-Leach-Bliley Act's Safeguards Rule notification requirements, Washington's data-breach statute RCW 19.255, and equivalent laws in other states where affected users reside). Notification will describe, to the extent known, the nature of the information involved, the steps we are taking in response, and steps you can take to protect yourself.

9. Financial Privacy (Gramm-Leach-Bliley Act)

Synx provides financial services to consumers and handles nonpublic personal information ("NPI") as defined by the Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801-6809) and its implementing regulations, including Regulation P (12 C.F.R. Part 1016). This Privacy Policy constitutes our GLBA privacy notice.

We do not share your NPI with non-affiliated third parties for their own marketing or cross-marketing purposes. We share NPI only with service providers that need it to perform the Service (Plaid, Supabase, Stripe, PostHog, Sentry — each under written confidentiality and security obligations), or as otherwise permitted by 15 U.S.C. § 6802(e) (including to comply with law, protect against fraud, or respond to your requests). Because we do not share NPI for marketing purposes with non-affiliated parties, no GLBA opt-out is required.

We maintain an information-security program designed to meet the requirements of the GLBA Safeguards Rule (16 C.F.R. Part 314), including administrative, technical, and physical safeguards appropriate to the size of our operations and the sensitivity of the data.

10. State-Specific Rights

10.1 California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the following rights with respect to personal information we collect about you:

  • Right to know the categories and specific pieces of personal information we have collected about you, the sources, the business or commercial purpose, and the categories of third parties with whom we share it.
  • Right to delete personal information we have collected from you, subject to certain exceptions.
  • Right to correct inaccurate personal information.
  • Right to limit the use and disclosure of sensitive personal information to purposes necessary to provide the Service.
  • Right to opt out of the sale or sharing of personal information. Synx does not sell or share personal information as those terms are defined under the CCPA/CPRA.
  • Right to non-discrimination for exercising any of these rights.

Categories of personal information collected (in the past 12 months): identifiers (name, email, user ID), financial information (account balances, transaction history via Plaid), commercial information (purchase history with Synx), internet activity (usage analytics), geolocation (general, from IP only), and inferences drawn from the above (spending categories, budgets). We do not collect sensitive categories such as biometric identifiers, precise geolocation, health data, or contents of private communications.

To exercise any of these rights, email privacy@synxfinance.com or use the in-product deletion flow at synxfinance.com/delete-account. We will verify your request using the email address associated with your account. You may designate an authorized agent by providing written, signed authorization.

10.2 Washington Residents (My Health My Data Act)

Synx is a personal-finance service. We do notcollect, process, or share "consumer health data" as defined by the Washington My Health My Data Act (RCW 19.373). Spending categories inferred from transaction data (e.g., "Groceries," "Restaurants") are not used to infer health status or conditions and are not shared for health-related purposes.

10.3 Other U.S. State Rights

Residents of Colorado, Connecticut, Utah, Virginia, Oregon, Texas, and other states with comprehensive consumer privacy laws have rights substantially similar to those described in Section 10.1. To exercise these rights, contact us using the methods above.

11. International Users and Data Transfers

The Synx Service is intended solely for residents of the United States. By using the Service, you consent to the collection, processing, and storage of your information in the United States and in the data-center regions operated by our service providers, which may differ from the data-protection laws of your jurisdiction. Synx does not currently offer the Service to residents of the European Economic Area, the United Kingdom, or Switzerland.

12. Data Retention

We retain your information for as long as your account is active or as needed to provide our services. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, tax, audit, or regulatory purposes (for example, records of financial transactions required under applicable law).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we will additionally provide notice through the Service or by email at least 30 days before the changes take effect. Your continued use of our service after such changes constitutes your acceptance of the updated policy.

Prior versions. We maintain an archive of prior versions of this Privacy Policy. If you would like a copy of a previous version, email privacy@synxfinance.com with the date of the version you are requesting.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@synxfinance.com