Privacy Policy

Last updated: June 8, 2026

1. Introduction

Syphin ("we", "us", "our") operates the syphin.dev website, app.syphin.dev dashboard, the @syphin/mcp server, and the syphinCLI (collectively, the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

  • Account information: When you sign up, we collect your name, email address, and organization details via our authentication provider (Clerk).
  • Usage data: We collect telemetry about which skills and rules your agents load during coding sessions, including tool names, token counts, and timestamps. We do not collect the content of your code or conversations with AI agents.
  • Billing information: Payment processing is handled by Stripe. We do not store credit card numbers. We retain Stripe customer and subscription IDs to manage your account.
  • Technical data: Server logs may include IP addresses, browser user-agent strings, and request metadata. These are retained for security and debugging purposes.

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Display session telemetry and usage analytics in your dashboard
  • Send transactional emails (account verification, billing receipts)
  • Detect and prevent abuse, fraud, or security incidents
  • Respond to support requests

4. Information Sharing

We do not sell your personal information. We share data only with:
  • Clerk — authentication and user management
  • Stripe — payment processing
  • Vercel — hosting and infrastructure
  • Neon — database hosting
We may also disclose information if required by law or to protect our rights.

5. Data Retention

We retain your account data for as long as your account is active. Telemetry data is retained according to your plan tier (7 to 90 days). You can request deletion of your account and associated data by contacting us.

6. Security

We implement industry-standard security measures including encrypted connections (TLS), hashed authentication tokens, and access controls. Service tokens are stored as SHA-256 hashes — we never store raw tokens.

7. Cookies

We use essential cookies for authentication sessions via Clerk. We do not use advertising or third-party tracking cookies.

8. Your Rights

You may request access to, correction of, or deletion of your personal data by emailing us at privacy@syphin.dev. If you are in the EU/EEA, you have rights under the GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting a notice on our website or sending you an email.

10. Contact

For privacy-related questions, contact us at privacy@syphin.dev.