Privacy Policy

Last updated: March 13, 2026

SyndromeAI ("we," "our," or "us") is committed to protecting the privacy and security of your business data. This Privacy Policy explains how we collect, use, store, and protect information when you use our gas station operations intelligence platform.

            Summary: We collect only what's necessary to run our service. Your operational data is encrypted, isolated, and never sold or shared. You own your data and can export or delete it at any time.
        

1. Information We Collect

Account Information

When you create an account, we collect:

Full name and email address
Business name and number of gas stations
Phone number (optional, used for support)
Billing information (processed securely by Stripe — we never store your credit card)

Operational Data

When you upload reports, we process:

POS end-of-day reports (Topaz PDFs, Tender receipts)
Veeder Root tank monitoring reports
Sales, fuel, department, and cashier data extracted from these reports
Employee names and performance metrics as reported by your POS system

Usage Data

We automatically collect basic usage data including pages visited, features used, browser type, and device information to improve the platform experience.

2. How We Use Your Information

We use your information exclusively to:

Provide the service: Parse reports, generate analytics, detect anomalies, and create weekly strategy decks
Send alerts: Fuel variance warnings, employee risk alerts, and target notifications
Deliver reports: Weekly automated PDF reports to your email
Provide support: Respond to your questions and troubleshoot issues
Improve the platform: Identify bugs, optimize performance, and develop new features
Process billing: Through Stripe, manage your subscription

3. Data Isolation & Multi-Tenancy

            Each customer account is fully isolated. Your operational data is stored in separate, encrypted partitions. No other customer, employee (except authorized support staff), or third party can access your station data. We use per-tenant encryption keys to ensure complete data separation.
        

4. Data Security

We implement multiple layers of security to protect your data:

Encryption in transit: All connections use HTTPS/TLS 1.2+ encryption
Encryption at rest: All stored data is encrypted using AES-256 with per-tenant keys
Authentication: JWT-based authentication with secure token management
Access control: Role-based permissions for manager and owner accounts
Infrastructure: Hosted on enterprise-grade cloud infrastructure with automated backups
Monitoring: 24/7 system monitoring with automated threat detection

5. Data Sharing

We do not sell, rent, or share your data with third parties.

The only exceptions are:

Stripe: Processes your payments. They receive billing information only. See Stripe's Privacy Policy.
Legal compliance: We may disclose data if required by law, court order, or government regulation.
With your consent: We will never share data without your explicit permission.

6. Data Retention

Active accounts: We retain your data for as long as your account is active
After cancellation: We retain your data for 30 days after account cancellation to allow for reactivation, then permanently delete it
Backups: Encrypted backups are purged within 90 days of account deletion
Billing records: Transaction records are retained for 7 years as required by law

7. Your Rights

You have the right to:

Access your data: Request a copy of all data we have about you
Export your data: Download your operational data in standard formats (CSV, PDF) at any time from your dashboard
Correct your data: Update or correct any inaccurate personal information
Delete your data: Request permanent deletion of your account and all associated data
Restrict processing: Request that we stop processing your data while you review a concern
Data portability: Receive your data in a structured, machine-readable format

To exercise any of these rights, email [email protected] or call (947) 273-8380. We respond to all requests within 5 business days.

8. Cookies

We use minimal cookies:

Essential cookies: Required for authentication and session management
Analytics cookies: Basic usage tracking to improve the product (no third-party tracking)

We do not use advertising cookies or share cookie data with third parties.

9. Breach Notification

In the unlikely event of a data breach:

We will notify affected customers within 72 hours via email
We will provide a detailed report of what data was affected
We will notify relevant authorities as required by applicable law
We will take immediate steps to contain and remediate the breach

10. Children's Privacy

SyndromeAI is a B2B platform designed for business operators. We do not knowingly collect information from individuals under the age of 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 30 days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Email: [email protected]
Phone: (947) 273-8380