Synda

Privacy Policy

Synda ehf
Effective Date: February 11, 2026 | Last Updated: February 11, 2026

1. Introduction

Synda ehf ("Synda," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Synda mobile application ("App") and related services (collectively, the "Service").

Contact Information:
Synda ehf
Email: support@synda.is

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email, username, password - for account creation and authentication
  • Profile Information: Bio, location, profile photo, date of birth - for personalization and social features
  • Swim Logs: Date, time, duration, distance, notes, ratings - for core service functionality
  • Reviews and Photos: Spot reviews, uploaded images - for community features
  • Emergency Contacts: Names, phone numbers, emails of contacts - for safety beacon feature
  • Communications: Support requests, feedback - for customer support

2.2 Information Collected Automatically

  • Device Information: Device type, OS version, unique identifiers - for service optimization and security
  • Usage Data: Features used, screens viewed, interactions - for service improvement
  • Log Data: IP address, access times, app crashes - for troubleshooting and security
  • Location Data: GPS coordinates (when permitted) - for swim tracking and spot discovery

2.3 Health and Fitness Data

With your explicit consent, we may collect health and fitness data from:

Apple HealthKit:

  • Workout data (swimming activities), heart rate data, energy burned, distance and duration
  • HealthKit data is never used for advertising, marketing, or sold to third parties
  • You can revoke access at any time in iOS Settings > Privacy > Health

Garmin Connect:

  • Activity summaries, workout details, heart rate and performance metrics, GPS route data
  • Data is used solely to provide and improve the Service

Fitbit / Google Fit:

  • Activity and exercise data, heart rate data
  • We comply with Google API Services User Data Policy

3. How We Use Your Information

3.1 Service Provision

  • Create and manage your account
  • Enable swim logging and GPS tracking
  • Display swimming spots and community content
  • Calculate achievements and statistics
  • Provide safety beacon functionality

3.2 Communication

  • Send service-related notifications and safety alerts (beacon notifications)
  • Respond to support requests
  • Provide updates about the Service (with consent)

3.3 Improvement and Analytics

  • Analyze usage patterns to improve features
  • Fix bugs and technical issues
  • Ensure security and prevent fraud

4. Health Data: Special Protections

We treat health and fitness data with the highest level of protection.

What We Do NOT Do:

  • ❌ Sell health data to any third party
  • ❌ Share health data for advertising purposes
  • ❌ Use health data for marketing
  • ❌ Share health data with data brokers
  • ❌ Transfer health data to third parties without explicit consent

What We DO:

  • ✅ Use health data solely to provide the Service
  • ✅ Store health data securely with encryption
  • ✅ Allow you to delete your health data at any time
  • ✅ Provide transparency about data usage

5. Location Data

When We Collect Location:

  • GPS Tracking: During active swim sessions (with permission)
  • Safety Beacon: When beacon is activated (with permission)
  • Spot Discovery: To show nearby swimming spots (with permission)

Emergency Contact Location Sharing:

When you activate the safety beacon, your location is shared with designated emergency contacts. Location updates continue until you end the session. This is an opt-in feature requiring explicit activation.

6. Data Sharing and Disclosure

We Share Data With:

  • Service Providers: Hosting, analytics, support - operational data only
  • Emergency Contacts: Safety beacon (your choice) - location, swim status
  • Other Users: Social features (your choice) - public profile, reviews, photos
  • Legal Authorities: As required by law

Current Service Providers: Supabase (Database, EU region), Expo/React Native (App framework), RevenueCat (Subscription management)

We Do NOT Share:

  • Health data with advertisers
  • Personal data with data brokers
  • Location history with third parties (except emergency contacts you designate)

7. Data Security

  • Encryption in transit (TLS/SSL) and at rest for sensitive data
  • Secure authentication with hashed passwords
  • Regular security audits and access controls
  • Row-level security in database

Breach Notification: In the event of a data breach affecting your personal data, we will notify you within 72 hours (as required by GDPR) and inform relevant supervisory authorities.

8. Data Retention

  • Account data: Until account deletion + 30 days
  • Swim logs: Until you delete them or account deletion
  • Health data: Until you delete or disconnect integration
  • Location data: Until you delete or account deletion
  • Support communications: 2 years

9. Your Rights (GDPR & Global)

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("Right to be Forgotten")
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time

How to Exercise Rights: In-App (Settings > Privacy > Data Management) or Email: support@synda.is. Response Time: Within 30 days.

10. International Data Transfers

Your data is primarily stored in the European Union (EU). If data is transferred outside the EU/EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs), adequacy decisions, or other approved mechanisms.

11. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we discover such data has been collected, we will delete it promptly. If you believe a child has provided us with personal data, please contact support@synda.is.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the "sale" of personal information. Note: We do not sell personal information.
  • Non-Discrimination: We will not discriminate against you for exercising your rights

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through in-app notifications, email (for significant changes), and updated "Last Updated" date. Your continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions or to exercise your rights:

Synda ehf
Email: support@synda.is

Data Protection Inquiries: Email: support@synda.is (Subject: "Privacy Request")

EU Representative: Synda ehf, Iceland (EU/EEA member via EEA Agreement)

15. Supervisory Authority

If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

For Iceland: Persónuvernd (Data Protection Authority) - https://www.personuvernd.is

By using Synda, you acknowledge that you have read and understood this Privacy Policy.

Last Updated: February 11, 2026