SYND
Download on
the App StoreGet it on
Google Play
/ Legal · Privacy

Your data, on a short leash.

What we collect, what we don't, and the rules we follow. No ad trackers, no resold portfolio data, no surprises.

Last updated · May 28, 2026

01Data Collection Overview

SYND Intelligence Terminal LLC ("SYND", "we", "us") is committed to protecting your privacy. This policy outlines what data we collect, why we collect it, how it is used, and your rights regarding that data. We collect only what is necessary to operate and improve the terminal. We do not sell your personal data to third parties.

02Information We Collect

  • Account & Identity. Email address, display name, and (optionally) avatar and storefront banner you upload. Email is used for authentication, product updates, and critical system alerts. Marketing emails (product announcements, feature releases, promotions) are sent only if you've opted in, and every such email includes a one-click unsubscribe link in the footer. You can also email support@synd.pro to opt out at any time without affecting your account.
  • Portfolio Data (the Vault). Any asset cost-basis, inventory, condition, or P&L data you enter into the Vault is stored securely and used only to generate your personal readouts. This data is never shared with or sold to third parties.
  • Card Images. Photos of cards you scan or attach to vault items are uploaded to Supabase Storage under your user ID and used only within the app.
  • Messages. Direct messages you send to other users (trade negotiations, reservation inquiries, vendor questions) are stored on our servers to deliver them and maintain dispute history.
  • Push Token. If you enable notifications, we store your Apple or Google push token to deliver price alerts, message notifications, and trade events.
  • Mobile App Telemetry. Anonymized usage events (feature opens, scan counts, screen views) via Sentry (errors) and PostHog (product analytics). On iOS, this is gated by App Tracking Transparency — see Section 05.
  • Subscription State. Whether you are on Free, Collector, or SYND Pro is tracked via RevenueCat to gate paid features.
  • Session Data. Temporary session tokens maintain your authenticated session. These expire on sign-out or after extended inactivity.
  • Payment Information. Billing is processed by Apple App Store, Google Play Store, and RevenueCat. SYND never sees or stores full card numbers or sensitive payment credentials.

03Cookies & Tracking

We use the following tracking technologies:

  • Google Analytics 4. We use GA4 to monitor site traffic, session duration, and user flow through the terminal. IP addresses are anonymized. You can opt out of GA4 tracking with the Google Analytics Opt-out Browser Add-on.
  • Vercel Analytics. We use Vercel's built-in analytics for performance monitoring and Core Web Vitals reporting. This data is aggregated and not tied to individual identities.
  • Essential Cookies. Required for the terminal to function correctly — including authentication state and session management. These cannot be disabled.

We do not use advertising cookies, retargeting pixels, or third-party behavioral tracking networks.

04Third-Party Services

SYND integrates with the following third-party services, each governed by their own privacy policies:

  • Supabase. Backend database, authentication, and file storage. Supabase Privacy Policy.
  • RevenueCat. Subscription management for App Store / Play Store in-app purchases. Receives anonymized user identifier and subscription state. RevenueCat Privacy Policy.
  • Sentry. Crash and error reporting. Captures stack traces, device model, OS version. Linked to your user ID only with App Tracking Transparency consent on iOS. Sentry Privacy Policy.
  • PostHog. Product analytics (feature usage, funnel events). User identification gated by ATT consent on iOS. PostHog Privacy Policy.
  • Google Gemini. Card image identification when you use the scanner. We send the cropped card image; no personal account data is included. Google Privacy Policy.
  • Pokémon Price Tracker & eBay Browse API. Used server-side to fetch pricing and population data. No user-identifiable information is sent.
  • Apple Push Notification Service / Google Firebase Cloud Messaging. Used to deliver push notifications. Receives only your push token.
  • Google Analytics 4 (web only). Aggregated traffic on synd.pro. IP addresses anonymized. Opt out via the GA Opt-out Add-on.
  • Vercel. Web hosting and CDN. Vercel Privacy Policy.

05Mobile App Permissions

The SYND mobile app requests the following device permissions:

  • Camera. Required to scan trading cards in the Scanner and to scan QR codes during in-person trades on the Trade Desk. We do not record video or audio.
  • Photo Library. Used when you attach a card image to a vault item or export analytics. We only access photos you explicitly select; we do not scan or upload your entire library.
  • Notifications. Optional. Required for price alerts and message delivery. You can disable at any time in your device settings.
  • App Tracking Transparency (iOS only). On first launch after sign-in, iOS asks if SYND may track activity using identifiers from RevenueCat, Sentry, and PostHog. If you choose "Ask App Not to Track", we still operate normally but our analytics no longer link to your user ID. We never share device IDs with advertisers or data brokers.

SYND does not request access to your microphone, contacts, location, calendar, health data, or any background tracking permissions.

06Portfolio Privacy

Your portfolio data within the Vault is encrypted at rest and in transit. SYND calculates your personal P&L and ROI readouts within your session. We do not broadcast, sell, or share user-specific portfolio data with third-party market makers, data brokers, or advertisers under any circumstances.

07Account Deletion

You can permanently delete your SYND account from inside the app: Profile → Danger Zone → Delete Account. Typing the word "DELETE" confirms; the deletion is immediate and cannot be undone.

What gets erased:

  • Your profile, display name, avatar, and storefront branding.
  • Your entire Vault (cards, sealed product, slabs) and watchlists.
  • Card images you uploaded to Supabase Storage.
  • Push token, scan counters, preferences.
  • Reservations and waitlist entries.

What is preserved (for legal, dispute, and counter-party reasons):

  • Messages you sent to other users — your username is removed and shown as "Deleted user" but the conversation history remains visible to the other party.
  • Settled transaction records on the Trade Desk — both parties retain the receipt of any trade you completed, with your identity anonymized.

Subscriptions auto-renew unless cancelled separately in your Apple App Store or Google Play account settings. Deleting your SYND account does not cancel an active subscription.

If you encounter any issue with deletion, email support@synd.pro — we will manually process the request within 5 business days.

08User-Generated Content & Moderation

SYND lets members message each other to negotiate trades, settle reservations, and ask vendor questions. Messages are user-generated content, and we enforce community standards to keep that channel safe.

What's not allowed: harassment, hate speech, sexually explicit content, scams or fraud, illegal activity, counterfeit goods, off-platform payment evasion, and spam. The full list and our enforcement approach is published in our Community Guidelines.

Tools available to you in-app:

  • Report any message — hold the message bubble → Report.
  • Block any user — Profile menu → Block. Blocked users cannot send you new messages and existing threads are hidden from their view.
  • Disable messaging entirely — Profile → Privacy → Allow Messages.

Reports are reviewed by the SYND team. Outcomes range from message hiding to temporary suspension to permanent ban. Review response times are listed in our Community Guidelines.

09Data Retention

We retain your data for as long as your account is active or as needed to operate SYND. Specifically:

  • Waitlist email addresses. Retained until you request removal or until the waitlist program concludes.
  • Account data. Retained until you delete your account in-app. We do not enforce an inactivity-deletion policy.
  • Vault data. Erased immediately on account deletion.
  • Card images in storage. Erased immediately on account deletion.
  • Messages. Retained for the lifetime of both participating accounts. When either account is deleted, the deleted user's identity is anonymized on their messages but message bodies remain visible to the surviving party.
  • Transaction records. Retained for at least 7 years after settlement to support dispute resolution and tax reporting, with identifying information anonymized as accounts close.
  • Analytics. Sentry and PostHog data is retained per each provider's standard schedule. GA4 web analytics is 26 months by default.
  • Moderation records. Reports and moderator actions are retained for 2 years for audit and pattern detection.

10Your Rights

Depending on your jurisdiction (GDPR, CCPA, and similar), you may have the following rights regarding your personal data:

  • Access. Request a copy of the personal data we hold about you.
  • Correction. Request correction of inaccurate or incomplete data.
  • Deletion. Use the in-app Delete Account flow (Section 07), or email us to request removal of data not exposed by the in-app flow.
  • Portability. Request your Vault, transaction history, and messages in a structured, machine-readable format.
  • Opt-Out. Decline App Tracking Transparency on iOS, disable notifications, or unsubscribe from marketing emails. None of these affect your access to the app.

International transfers. SYND's backend (Supabase) is hosted in Singapore. If you access SYND from the EU, UK, or another jurisdiction with data-localization laws, your personal data is transferred to and processed in Singapore under Standard Contractual Clauses (or equivalent safeguards). Our subprocessors — Supabase, Vercel, RevenueCat, Sentry, PostHog, and Google (Gemini) — each maintain their own SCCs and adequacy frameworks. You can request the full subprocessor list and applicable safeguards by emailing support@synd.pro.

To exercise any of these rights, contact us at support@synd.pro. We will respond within 30 days.

11Children's Privacy

SYND is not intended for users under 13. We do not knowingly collect personal data from anyone under 13. The App Store rates SYND 12+ for content suitability; this content rating reflects subject matter, not a substitute for our minimum-age policy. If you believe a child under 13 has created an account, email support@synd.pro and we will delete the account and any associated data without delay. In the EU, our minimum age is the higher of 13 or the digital-consent age in your member state.

12Security Protocol

All data transmissions between your device and SYND servers are secured using TLS. Our backend infrastructure runs on Supabase and Vercel, both of which maintain SOC 2 compliance. Database access is row-level-secured by user ID. Service-role credentials are server-only and never exposed to the mobile client. Card images uploaded to storage are scoped to your user ID and not publicly browsable.

13Contact

For privacy-related inquiries, data requests, content moderation concerns, or any other question covered in this policy, email support@synd.pro. We are committed to resolving all concerns promptly and transparently.