What AI models do you support?

We support Claude Haiku 4.5 for fast, cost-effective work — recommended for most use cases. For complex reasoning and architectural decisions, we offer Claude Opus 4.5 and Claude Opus 4.6, the latest and most capable model. You can switch models per project at any time.

What integrations do you support?

Synlets integrates with Jira and Asana for ticket management, GitHub and GitLab for repositories and pull requests, and Confluence and Notion for knowledge bases. Connect your existing tools in minutes — no custom setup required.

How does billing work?

You purchase ACU (AI Compute Unit) credits that are consumed per task. Each agent iteration uses a set amount of ACUs based on the model and complexity. You only pay for what you use — no idle costs, no per-seat fees.

Do you store my private repository code?

No. Your codebase is retrieved directly from GitHub or GitLab at agent runtime and is cleaned immediately after each task completes. We do not store repository contents in our database. Agent context and code analysis happen in-memory during execution and are discarded once the task is done.

Security is built into every layer. All data is encrypted in transit and at rest. We use isolated execution environments for each agent task. Repository access is scoped to the minimum required permissions, and you can revoke access at any time from your GitHub or GitLab settings.

Can I try it before committing?

Yes. Our free tier includes ACU credits so you can test the full platform — create a project, connect a repo, and let an agent implement a real ticket. No credit card required to get started.

What happens if the AI gets something wrong?

Every change the AI makes goes through a pull request — nothing is merged without your approval. Our PR review agents also catch issues automatically. If you leave feedback on a PR, the agent reads it, iterates on the code, and pushes fixes. It's a feedback loop, not a black box.

Privacy Policy

Last Updated: February 2026

1. Introduction

Synlets ("we," "our," or "us") operates the Synlets platform, an autonomous AI software development service. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website and services at synlets.com (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree to this policy, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Name and email address
Company/organization name
Password (cryptographically hashed)
Billing information (processed securely by our payment processor)

2.2 Integration Data

To provide our Service, we access data from third-party platforms you connect:

Platform	Data Accessed	Purpose
GitHub	Repository names, code, pull requests, comments	AI agents read code, create PRs, respond to reviews
GitLab	Repository names, code, merge requests, comments	AI agents read code, create MRs, respond to reviews
Jira	Tickets, descriptions, status, comments	AI agents pick up and update work items
Asana	Tasks, descriptions, status, comments	AI agents pick up and update work items
Notion	Pages, databases, task descriptions	AI agents pick up work items and access documentation
Confluence	Page content	Knowledge base for AI context

OAuth Token Storage: When you connect third-party platforms, we store OAuth access tokens and refresh tokens in our database to maintain persistent access to your connected accounts. These tokens are encrypted at rest and can be revoked at any time by disconnecting the integration from your account settings.

2.3 Code and Content

When AI agents work on your repositories, we process:

Source code from connected repositories
Ticket descriptions and requirements
Pull request content and review comments

Code Processing: Code is processed in real-time by AI services to perform requested tasks. We may temporarily cache code context during active work sessions to improve performance.

Important: We do not use your proprietary code to train AI models. Code is processed only to provide the Service.

2.4 Agent Activity Data

Our AI agents generate and store data about their work:

Task execution history and status
Pull request and code review activity
Compressed context summaries (learned patterns and task progress)
Token usage and cost calculations

This data enables continuity across work sessions and helps agents provide better service.

About Context Summaries: Context summaries are high-level abstractions of task progress and patterns—they do not contain your full source code and cannot be used to reconstruct your codebase. These summaries are deleted when your account is deleted.

2.5 Usage Data

We collect information about how you use the Service:

Features used and actions taken
AI agent activity and task completion
Credit usage and billing events
Error logs for troubleshooting

2.6 Technical Data

We automatically collect:

IP address
Browser type and version
Device information
Access times and referring URLs
API request metadata
Error information

3. How We Use Your Information

We use your information to:

Purpose	Legal Basis
Provide and operate the Service	Contract performance
Process payments	Contract performance
Send service-related communications	Legitimate interest (service delivery)
Provide customer support	Contract performance
Improve and develop the Service	Legitimate interest (service improvement)
Detect and prevent fraud or abuse	Legitimate interest (security)
Comply with legal obligations	Legal compliance

4. Third-Party Services

We share data with the following categories of third-party services:

4.1 AI Processing

Provider Type	Data Shared	Purpose
AI service providers	Code snippets, prompts, task descriptions	AI processing for code generation and analysis

We send only the minimum data necessary for AI processing. Our AI provider (Anthropic) processes data under commercial API terms that prohibit using customer data for model training. Your code and content sent to AI services is used solely to generate responses for your requests and is not retained by the AI provider for training purposes.

Data shared with AI providers is subject to their respective privacy policies and terms of service. We recommend reviewing the privacy practices of our AI providers if you have concerns about how your data may be processed by them.

4.2 Infrastructure & Services

Provider Type	Data Shared	Purpose
Cloud infrastructure providers	All Service data	Cloud hosting and database
Payment processors	Payment information	Payment processing

Payment card data is handled directly by our payment processor. We never see or store your full card number.

4.3 Connected Platforms

Provider Type	Data Shared	Purpose
GitHub	OAuth tokens, API requests	Repository access
GitLab	OAuth tokens, API requests	Repository access
Atlassian (Jira/Confluence)	OAuth tokens, API requests	Ticket and knowledge base access
Asana	OAuth tokens, API requests	Task and project access
Notion	OAuth tokens, API requests	Page and database access

These platforms receive data only when you explicitly connect them to your Synlets account.

4.4 Legal Disclosures

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, government request, or subpoena). We may also disclose information when we believe in good faith that disclosure is necessary to:

Comply with legal obligations
Protect and defend our rights or property
Prevent or investigate possible wrongdoing
Protect the personal safety of users or the public
Protect against legal liability

4.5 Sub-processors

We use the following sub-processors (third-party service providers) to process data on our behalf:

Sub-processor	Purpose	Location
Microsoft Azure	Cloud infrastructure, hosting	Australia / Global
Anthropic	AI processing	United States
Stripe	Payment processing	United States

An up-to-date list is maintained at synlets.com/legal/subprocessors. We will notify users via email at least 14 days before engaging any new sub-processor that processes customer data.

5. Data Storage and Security

5.1 Storage Location

Your data is stored on secure cloud infrastructure with enterprise-grade security in protected data centers. Data may be processed in multiple geographic regions depending on the services involved.

5.2 Security Measures

We implement appropriate technical and organizational measures including:

Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256) for databases
Access controls and authentication
Regular security assessments
Secure credential and token handling

5.3 Personnel Access

Access to customer data is restricted to authorized personnel who require it to perform their job functions (e.g., customer support, engineering). All employees, contractors, and third-party service providers with data access are bound by confidentiality obligations. We implement role-based access controls and audit logs to monitor data access.

5.4 Data Retention

We retain your data as follows:

Data Type	Retention Period
Account data	Duration of account + 90 days after deletion
Usage and activity logs	24 months (then anonymized or deleted)
Billing records	7 years (legal requirement)
AI processing context	Duration of account (deleted upon account deletion)
Anonymized/aggregated data	Indefinitely

Data Retention Rationale: We retain identifiable usage data for up to 24 months to improve our Service, analyze trends, troubleshoot issues, and enhance performance. After this period, data is either deleted or anonymized. Anonymized data may be retained indefinitely as it cannot identify you.

Account Deletion: Upon account deletion request, we will delete or anonymize your personal data within 90 days, except:

Data retained for legal compliance (e.g., billing records)
Anonymized or aggregated data that cannot identify you
Data necessary to resolve disputes or enforce our agreements

5.5 Data Breach Response

In the event of a data breach affecting your personal information, we will:

Investigate and contain the breach promptly
Notify affected users within 72 hours of becoming aware of the breach
Provide details of the nature of the breach and the categories of data affected
Describe the measures taken or proposed to address the breach
Notify relevant supervisory authorities as required (including the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme)
Take steps to mitigate harm and prevent recurrence

We may delay notification if law enforcement advises that notification would impede a criminal investigation, in which case we will notify you as soon as permitted.

Our liability for data breaches is limited as set forth in Section 14 of this Privacy Policy.

5.6 International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States (for AI processing via Anthropic) and other regions where our cloud infrastructure operates.

Where we transfer data outside Australia, we ensure appropriate safeguards are in place, including:

Contractual protections with our service providers
Standard Contractual Clauses (SCCs) for transfers to jurisdictions without adequate data protection laws
Selection of providers with robust privacy and security practices

For users in the European Union or United Kingdom, transfers outside the EEA/UK are conducted in compliance with GDPR requirements, including the use of Standard Contractual Clauses where applicable.

6. Your Rights

Depending on your location, you may have the right to:

Right	Description
Access	Request a copy of your personal data
Correction	Request correction of inaccurate data
Deletion	Request deletion of your data
Portability	Receive your data in a portable format
Objection	Object to certain processing activities
Withdraw Consent	Withdraw consent where processing is based on consent

To exercise these rights, contact us at support@synlets.com. We will acknowledge your request within 30 days (or longer if permitted by applicable law) and will use reasonable efforts to fulfill valid requests promptly.

6.1 How to Delete Your Account

To request deletion of your account and associated data:

Email support@synlets.com with subject "Account Deletion Request"
Include the email address associated with your account
We will verify your identity and respond to your request within 30 days
You will have 30 days to export your data before deletion begins
Deletion will be completed within 90 days after the export window closes
You will receive confirmation when deletion is complete

We reserve the right to decline deletion requests if we cannot reasonably verify your identity. Some data may be retained as required by law (e.g., billing records).

6.2 Australian Privacy Rights

If you are in Australia, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You can request access to or correction of your personal information, and lodge a complaint if you believe we have breached the APPs.

6.3 GDPR Rights (EU/UK Users)

If you are in the European Union or United Kingdom, you have additional rights under GDPR including the right to lodge a complaint with a supervisory authority.

EU Representative: If required by Article 27 of the GDPR due to the volume of EU users, we will appoint a representative in the European Union. Contact support@synlets.com for current representative details if applicable.

6.4 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect and how it is used
Request deletion of your personal information
Opt-out of the sale or sharing of personal information (note: we do not sell or share personal information as defined under CCPA/CPRA)
Non-discrimination for exercising your privacy rights

To exercise these rights, contact support@synlets.com.

7. Data We Do NOT Collect

For clarity, we do NOT:

Store your full payment card numbers (payment processor handles this)
Access repositories you haven't explicitly connected
Use your proprietary code to train AI models
Sell your personal data to third parties
Use cross-site tracking technologies

8. Anonymized and Aggregated Data

We may use anonymized, aggregated data that cannot identify you to:

Improve our Service and how we use AI capabilities (e.g., prompt optimization, workflow improvements)
Generate industry benchmarks and statistics
Conduct research and analysis

Clarification: "Improving our AI capabilities" refers to how we configure and use AI services—not training foundation models. We do not use your proprietary code to train AI models (see Section 2.3 and Section 7).

This data contains no personally identifiable information and is not subject to this Privacy Policy.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

10. Business Transfers

If Synlets is involved in a merger, acquisition, sale of assets, or bankruptcy, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your data. Following such a transfer, you may contact the new entity with any inquiries concerning the processing of your data.

11. Cookies and Tracking

We use essential cookies to operate the Service. We do not use third-party advertising cookies or cross-site tracking technologies.

Cookie Name	Purpose	Duration
Session cookie	Maintains your login session	Browser session
Authentication token	Keeps you logged in	30 days
CSRF token	Prevents cross-site request forgery	Browser session

These cookies are strictly necessary for the Service to function and cannot be disabled.

If we introduce analytics or non-essential cookies in the future, we will update this policy and provide appropriate notice and consent mechanisms.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on our website
Sending an email to your registered address

Material changes will take effect 30 days after notification, unless otherwise specified. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you disagree with any changes, you should stop using the Service before the effective date and may request account deletion.

13. Your Responsibilities

By using the Service, you represent and warrant that:

You have the legal right to share any data you provide to us
You have obtained necessary consents from individuals whose data may be included in your repositories or content
You will not upload data you are not authorized to share
You are responsible for ensuring your use of the Service complies with applicable laws

If you upload data belonging to third parties (e.g., customer data in test files, personal information in code), you are solely responsible for ensuring you have the right to do so. We are not liable for processing data you were not authorized to share.

14. Limitation of Liability

While we implement reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Our liability for any claims arising from this Privacy Policy, including data-related incidents, is governed by the limitation of liability provisions in our Terms of Service (Section 11). In the event of any conflict between this Privacy Policy and the Terms of Service regarding liability, the Terms of Service shall prevail.

15. Force Majeure

We shall not be liable for any failure or delay in performing our obligations under this Privacy Policy where such failure or delay results from circumstances beyond our reasonable control, including but not limited to: natural disasters, acts of government, internet or telecommunications failures, cyberattacks, pandemics, or third-party service provider outages.

16. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of Australia. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Australia. If you are located outside Australia, you agree that any disputes will be resolved in Australian courts, and you waive any objection to such jurisdiction.

17. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Synlets
Email: support@synlets.com

For privacy-specific inquiries or to exercise your data rights, email: support@synlets.com

Effective Date: February 2026