Last Updated: February 28, 2026
Zynthr Inc. ("we," "us," or "our") operates the Zynthr platform. This Privacy Policy describes how we collect, use, store, and protect your information when you use our services.
1.1 Account Information. When you create an account, we collect your name, email address, organization name, and password. If you sign up through SSO (Microsoft Entra ID or Google), we receive your profile information from the identity provider.
1.2 Organization Data. Information about your organization including industry, size, department structure, team members, and role assignments.
1.3 Usage Data. We collect information about how you use the Platform, including pages visited, features used, AI queries made, workflows created, and interaction patterns.
1.4 Device and Technical Data. Browser type, operating system, IP address, device identifiers, and session information.
1.5 Content Data. All data, documents, messages, and content you upload to or create within the Platform, including AI chat conversations and generated outputs.
1.6 Integration Data. When you connect third-party services (Microsoft 365, Google Workspace, Slack, etc.), we access data as authorized by your integration permissions.
1.7 Communication Data. Records of support requests, feedback, and communications with our team.
2.1 Provide Services. To operate, maintain, and deliver the Platform features you use.
2.2 Personalization. To customize the Platform experience based on your organization industry, preferences, and usage patterns.
2.3 AI Processing. To power AI agents, bots, and intelligent features within the Platform. AI interactions are processed to generate responses, recommendations, and automations.
2.4 Security. To detect, prevent, and respond to security threats, fraud, and abuse. This includes audit logging, anomaly detection, and access monitoring.
2.5 Communications. To send transactional emails (account verification, password resets, billing), SMS/text messages (appointment reminders, security codes, agent notifications), platform updates, and, with your consent, marketing communications.
2.5.1 SMS/Text Messages. By providing your phone number and opting in, you consent to receive transactional and service-related text messages from Zynthr. Message frequency varies. Message and data rates may apply. You may opt out at any time by replying STOP to any message. For help, reply HELP or contact [email protected]. We comply with the Telephone Consumer Protection Act (TCPA) and applicable state regulations. We will not send marketing texts without your explicit prior written consent.
2.6 Improvement. To analyze usage patterns and improve the Platform features, performance, and reliability.
2.7 Legal Compliance. To comply with applicable laws, regulations, legal processes, or government requests.
3.1 Encryption. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3.
3.2 Multi-Tenant Isolation. Each organization data is logically isolated. Row-level security policies ensure no cross-tenant data access.
3.3 Access Controls. We implement role-based access controls (RKBAC) limiting data access to authorized personnel and systems only.
3.4 Audit Logging. All access to sensitive data is logged for audit and compliance purposes.
3.5 Infrastructure. Data is hosted on secure cloud infrastructure with SOC 2 Type II certified providers. Primary data storage is in the United States.
3.6 Backups. Regular encrypted backups are maintained for disaster recovery purposes.
3.7 Session Security. Automatic session timeout after 15 minutes of inactivity. Single-session enforcement available per organization policy.
4.1 We use the following categories of third-party service providers:
- Cloud Infrastructure: For hosting and data storage
- AI Model Providers: For powering AI features (Anthropic, OpenAI)
- Payment Processing: Stripe for subscription billing
- Analytics: For Platform usage analytics
- Email: For transactional and communication emails
- SMS/Voice: For transactional messages, security codes, and agent notifications (Twilio)
4.2 Each third-party provider is bound by data processing agreements that require them to protect your data and use it only for the specified purposes.
4.3 AI Model Providers. We contractually require that AI model providers do not retain, train on, or use your data beyond the immediate processing request.
4.4 We do not sell your personal information to third parties.
5.1 Access. You may request a copy of the personal information we hold about you.
5.2 Correction. You may update or correct your personal information through your account settings or by contacting us.
5.3 Deletion. You may request deletion of your personal information, subject to legal retention requirements.
5.4 Data Portability. You may export your data in standard formats through the Platform or by contacting support.
5.5 Opt-Out. You may opt out of marketing communications at any time. You may disable non-essential cookies through your browser settings.
5.6 Restriction. You may request that we restrict processing of your personal information in certain circumstances.
5.7 To exercise any of these rights, contact us at [email protected].
6.1 If your organization is a Covered Entity under HIPAA, we will enter into a Business Associate Agreement (BAA) with you prior to processing any Protected Health Information (PHI).
6.2 PHI Handling. When a BAA is in place:
- PHI is encrypted at rest and in transit
- Access to PHI is restricted to authorized users based on RKBAC policies
- All PHI access is logged for audit purposes
- PHI is not used for AI model training
- AI model providers are contractually prohibited from retaining PHI
- De-identification of PHI requires explicit written authorization
6.3 Breach Notification. In the event of a breach involving PHI, we will notify the Covered Entity within 30 calendar days of discovery, as required by HIPAA and the HITECH Act.
6.4 Minimum Necessary. We access, use, and disclose only the minimum amount of PHI necessary to provide the Platform services.
7.1 Account Data. We retain your account information for as long as your account is active and for 30 days after termination to allow data export.
7.2 Usage Data. Aggregated and anonymized usage data may be retained indefinitely for analytical purposes.
7.3 Audit Logs. Audit logs are retained according to your organization configured retention period (default: 90 days, configurable up to indefinite).
7.4 Chat History. AI chat conversations are retained according to your organization configured retention period (default: 30 days).
7.5 Backups. Backup data is retained for 90 days and then securely destroyed.
7.6 Legal Requirements. We may retain data longer if required by applicable law or legal proceedings.
8.1 We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Platform.
8.2 The "Last Updated" date at the top of this policy indicates when the latest revision was made.
8.3 Your continued use of the Platform after changes constitutes acceptance of the updated policy.
For questions, concerns, or requests regarding this Privacy Policy or your data:
Email: [email protected]
Address: Zynthr Inc., Jacksonville, Florida
For HIPAA-related inquiries: [email protected]
Data Protection Officer: [email protected]