Synapse
Start Free Trial
← Back to Home

Privacy Policy

Last updated: February 17, 2026

1. Introduction

Synapse HR, Inc. (“Synapse,” “we,” “us,” or “our”) operates the Synapse AI recruiting automation platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our website, mobile application, and API.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information such as your name, email address, organization name, phone number (optional), and password. If you sign up via third-party authentication (e.g., Google, Apple, or LinkedIn OAuth), we receive the profile information you authorize those providers to share.

2.2 Integration Credentials

When you connect third-party services (ATS platforms, email sending tools, AI providers), we collect and store the credentials necessary to maintain those integrations. This may include API keys, OAuth access tokens, refresh tokens, and webhook URLs. All integration credentials are encrypted using AES-256-GCM encryption at rest and are scoped exclusively to your organization.

2.3 Candidate Data

Through the normal use of the Service, candidate data may be sourced from publicly available sources, third-party enrichment providers, or your own uploads. Candidate data may include names, job titles, employers, locations, email addresses, phone numbers, LinkedIn profile URLs, work history, education, and skills. You are responsible for ensuring your use of candidate data complies with all applicable privacy laws and regulations.

2.4 Usage Data

We automatically collect information about how you interact with the Service, including:

  • Pages visited, features used, searches performed, and actions taken within the Service.
  • Device information (device type, operating system, browser type).
  • Log data (IP address, access times, referring URLs, error logs).
  • Performance data (API response times, error rates) for monitoring and improving the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service — including candidate sourcing, AI scoring, outreach generation, and integration syncing.
  • Process billing and subscriptions — managing your plan, quotas, credit balances, and payment processing through our payment provider (Stripe).
  • Improve the Service — analyzing usage patterns to optimize features, fix bugs, and develop new functionality.
  • Communicate with you — sending account-related notifications, billing alerts, feature announcements, and responding to support requests.
  • Enforce our Terms of Service — detecting and preventing fraud, abuse, and violations of our acceptable use policies.
  • Comply with legal obligations — responding to lawful requests from public authorities and meeting applicable legal requirements.

4. Shared Database Model

Synapse operates a shared candidate database. Candidate profiles sourced from public sources and enrichment providers are available to all users of the Service. However, the following data is private to your organization and is never shared with other users:

  • Your candidate notes, tags, ratings, and internal comments.
  • Your outreach sequences, templates, and campaign data.
  • Your job descriptions and search configurations.
  • Your integration credentials and organizational settings.
  • Your pipeline stages and candidate dispositions.

5. Data Isolation

All organization-specific data is isolated using organization-scoped access controls. Every database query that accesses organization-specific data is filtered by your organization identifier. This ensures that:

  • Users within your organization can only see data belonging to your organization.
  • Integration credentials stored for your organization cannot be accessed by other organizations.
  • API requests are authenticated and scoped to your organization context.

6. Third-Party Services

We share data with third-party services only as necessary to provide the Service:

  • Payment Processing: Stripe processes subscription payments. We do not store your full credit card information on our servers. See Stripe’s Privacy Policy.
  • AI Providers: Candidate data may be sent to AI providers (OpenAI, Google, Anthropic) for scoring and outreach generation. Data sent to AI providers is used only for processing your requests and is not used to train their models per our data processing agreements.
  • Enrichment Providers: We use third-party data enrichment services to provide candidate contact information and profile details.
  • Email Delivery: When you connect email sending tools (Smartlead, Instantly, Apollo.io, Lemlist, Reply.io, Outreach, Salesloft, Mailshake, Woodpecker, QuickMail, GMass, Klenty, Close, Gmail, Microsoft Outlook, SMTP, or a custom webhook), your outreach data is transmitted to those services to deliver emails on your behalf.
  • ATS Platforms: When you connect an ATS (Greenhouse, Lever, Bullhorn, Workday, Ashby, Teamtailor, BambooHR, and others), job and candidate data is synced between Synapse and your ATS.
  • Analytics: We may use analytics services to understand how the Service is used. These services collect aggregated, anonymized data.

We do not sell your personal information to third parties.

7. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest: Sensitive data, including integration credentials and API keys, is encrypted using AES-256-GCM.
  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Organization-scoped isolation: All organization-specific data is scoped and filtered by organization identifier at the database query level.
  • Access controls: Role-based access controls restrict data access to authorized users within your organization.
  • Audit logging: We maintain logs of significant account actions for security monitoring and incident response.
  • Secure credential storage: Passwords are hashed using industry-standard algorithms. Plain-text passwords are never stored.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention policies include:

  • Account data: Retained for the duration of your account plus 30 days after account deletion to allow for recovery.
  • Usage logs: Retained for up to 12 months for analytics and debugging purposes, then aggregated or deleted.
  • Billing records: Retained as required by applicable tax and financial regulations (typically 7 years).
  • Candidate data you uploaded: Deleted within 30 days of account termination unless required for legal compliance.
  • Shared candidate profiles: Candidate profiles sourced from public sources are part of the shared database and are not deleted when individual accounts are terminated.

9. Your Rights

Depending on your location and applicable privacy laws, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal and contractual retention requirements.
  • Data portability: Request a copy of your data in a structured, machine-readable format.
  • Opt-out: Opt out of non-essential communications at any time by using the unsubscribe link in our emails or contacting us directly.
  • Restriction: Request restriction of processing of your personal information under certain circumstances.

To exercise any of these rights, please contact us at privacy@synapse.hr. We will respond to your request within 30 days, or as required by applicable law.

10. Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve the Service:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics cookies: Help us understand how users interact with the Service. You can opt out of analytics cookies through your browser settings.

We do not use advertising or targeting cookies. We do not track users across third-party websites for advertising purposes.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we will also notify you via email or through an in-app notification.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after the revised Privacy Policy is posted constitutes your acceptance of the changes.

12. Contact

If you have any questions about this Privacy Policy, your data, or your privacy rights, please contact us: