Messenger

CreateJoinMessagesDrop

Wallet

Wallet

Earn

Referral

Account

PricingLog in
Sign Up

Privacy Policy

Last updated: April 6, 2026

1. Introduction

Synro ("we", "us", "our") operates the synro.app website and the Synro mobile application. This Privacy Policy explains how we handle information when you use our services. Synro is designed with privacy as a core principle — we collect the minimum data necessary to operate.

2. Data We Collect

To provide the service, we collect and process the following:

  • Username — required for account creation. Used for authentication and display in chats. We recommend using a pseudonym.
  • Email (optional) — provided at your discretion for account recovery purposes only. Not required and not verified.
  • Password — stored as a bcrypt hash. We never store or have access to your plaintext password.
  • Encrypted message payloads — relayed through and temporarily cached on our server but never decrypted. Automatically deleted when the channel TTL expires.
  • Device fingerprint hash — a SHA-256 hash of non-identifying browser properties, used for free plan rate limiting. Not linked to your account.

3. Data We Do NOT Collect

  • We do not read, store, or have access to your message content — all messages are end-to-end encrypted (AES-256-GCM)
  • We do not track your location
  • We do not use cookies for tracking
  • We do not share any data with third parties
  • We do not use analytics services, advertising networks, or any other third-party trackers
  • We do not require your real name, phone number, or any government ID

4. Encryption

All messages are encrypted on your device using AES-256-GCM with per-message key ratcheting derived via HKDF-SHA256. The encryption key is derived from a shared secret that is never transmitted to our server. Our server acts purely as a relay — it forwards encrypted payloads without the ability to decrypt them. Voice messages are additionally processed with McAdams anonymization to make speaker identification mathematically impossible.

5. Data Storage

  • Accounts — username, email (if provided), and password hash are stored in PostgreSQL
  • Chat messages — encrypted payloads are temporarily stored in Redis with TTL-based auto-deletion
  • Synro Drop — encrypted drops are deleted immediately after being read once (burn-after-read)
  • Subscriptions — plan type and expiration date are stored. No payment details touch our servers.
  • Sessions — JWT refresh tokens are stored with 30-day expiration for authentication

6. Payments

Payments are processed via direct cryptocurrency transfers to unique deposit addresses generated by our system. We receive only a blockchain confirmation of the transaction. No credit card data, bank details, or financial information is collected. Payment addresses are derived using industry-standard HD wallet (BIP-39/BIP-44) key derivation.

7. Your Rights

You may delete your account at any time. Upon account deletion, your username, email, password hash, and all session data will be permanently removed. Chat channels you created will continue to self-destruct according to their TTL settings. For account-related requests, contact us at privacy@synro.app

8. Children

Synro is not intended for use by individuals under the age of 13. We do not knowingly collect any information from children.

9. Changes

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

10. Contact

For privacy-related inquiries, contact us at privacy@synro.app