Privacy Policy
Effective Date: April 23, 2026
At Synapse (accessible via ai-in-a-shell.com), we prioritize your privacy. This policy explains what information we collect, how we use it, and the rights you have over your data. By using our platform, you agree to the collection and use of information in accordance with this policy.
Looking for the iOS app privacy policy used for App Store submission? See Mobile App Privacy Policy — AI in a Shell.
1. Information We Collect
We adhere to the principle of Data Minimization. We only collect the data necessary to provide our interactive learning service.
A. Account Information
When you sign in via Google or GitHub, we receive and store:
- Name & Email Address: Used to identify your account and provide access.
- Profile Image: Displayed as your avatar in the dashboard.
- Authentication Tokens: Securely handled by our session system to maintain your login state.
B. Learning & Progress Data
To track your learning journey across sessions and devices:
- Course Progress: Which modules and concept cards you have completed.
- Quiz Answers: Your submitted answers to practice challenges.
- Reflection Prompts: Your written responses to reflection prompts.
- XP & Streaks: Gamification data (points earned, daily streak count).
C. Subscription & Billing (Web)
On the web platform, subscriptions are handled via Stripe. We store your subscription plan, status (active/inactive/canceled), and the end date of your current period. We do not store credit card numbers — Stripe handles all payment details.
D. AI Interactions
Synapse includes AI-powered features (chat tutor, answer evaluation). Your prompts, submitted answers, and the AI's responses are processed by Google Geminito generate feedback. These interactions are stored temporarily to power the feature and may be used anonymously to improve AI quality.
E. Usage Analytics
We use Umami (self-hosted, EU-based) to understand how users navigate the app (e.g., which pages are visited, which features are used). This is anonymous aggregate data — it is not linked to your email, name, or account. No advertising IDs, device fingerprinting, or cross-site tracking is involved.
F. Technical & Session Data
- IP Address & User Agent: Stored in session logs for security purposes (fraud prevention, rate limiting).
- Guest Progress: If you use the app without signing in, your progress is stored locally in your browser (localStorage). It is not transmitted to our servers and is not linked to any identity.
2. How We Use Your Data
- Service Provision: To unlock courses, save your progress across devices, and provide AI tutoring.
- AI Processing: Your prompts and answers are sent to Google Gemini to generate real-time feedback.
- Analytics: Umami helps us understand aggregate user behavior so we can improve the app. Data is anonymized and not linked to your account.
- Security: IP addresses and user agents are logged to detect suspicious activity and enforce rate limits.
- AI Quality Improvement: Anonymous AI interaction traces (prompt structure, error rates) are stored in Langfuse to help improve response quality.
3. Third-Party Processors (Sub-processors)
We use trusted third-party services to power our infrastructure. We ensure these partners adhere to strict security and privacy standards.
| Service | Purpose | Data Handled |
|---|---|---|
| Vercel | Hosting & Serverless Infrastructure | IP Addresses, System Logs |
| Neon (PostgreSQL) | Database Hosting | User Accounts, Progress Data, XP & Streaks |
| Google Gemini | AI Model Provider | Chat prompts, quiz answers, reflection responses. Not used to train models. |
| Stripe | Payment Processing (Web subscriptions) | Billing details, subscription status, transaction history |
| Umami | Product Analytics (self-hosted, EU) | Anonymous page views and navigation patterns. No PII, no cookies, no tracking. |
| Langfuse | AI Observability & Quality Monitoring | AI interaction traces (prompt structure, response latency, error rates). Stored anonymously; not linked to user accounts. |
| Better Auth | Authentication | OAuth tokens (Google, GitHub), session records |
4. Data Retention
We retain your personal data only as long as your account is active or as needed to provide you services. You may request deletion of your account and associated data at any time.
5. Your Rights (GDPR & CCPA)
Depending on your location, you may have the following rights regarding your data:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): Request that we delete your personal data.
- Right to Data Portability: Request a copy of your data in a machine-readable format.
To exercise any of these rights, please contact us at hello@ai-in-a-shell.com.
6. Cookies and Tracking
We use two types of cookies:
- Authentication cookies: Required to keep you signed in across pages. These are session-based and managed by Better Auth.
- Analytics: Umami does not use cookies. It tracks page visits anonymously using your browser's session. No advertising or cross-site tracking cookies are used.
7. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Effective Date."
8. Contact Us
If you have any questions about this Privacy Policy, please contact us:
- Email: hello@ai-in-a-shell.com