Privacy Policy

Effective 2026-04-26 · ExoSynk Beta

1. What we collect

Account basics: email, username, display name, avatar, bio, social links you set yourself. Content: everything you post, publish, save as a lab, or send in a DM. Technical: IP address, browser, timestamps, actions you take (logged for security and analytics). Payments: when you buy or withdraw Coins, our payment partner (Razorpay / Stripe) handles your card and bank details; we only see a payment reference and the amount.

2. How we use it

• Run the service (auth, serving labs, rendering pages).
• Keep the platform safe (rate-limiting, moderation, fraud checks).
• Show you relevant content on Explore, Signal, and Store.
• Email you about changes to your account, security alerts, and things you opted into.
• Comply with the law when required.

3. Who sees what

Public profile info (username, display name, bio, public labs, public posts) is visible to everyone. Private labs are only visible to you. DMs and private commentsare visible only to the participants. We don't sell your personal info. We share data with payment partners (for you to buy/withdraw Coins), hosting providers (Supabase, Vercel — our infrastructure), and law enforcement where legally required.

4. Your rights

You can edit or delete your profile info at any time via Edit profile. You can delete your account which wipes your personal info and anonymizes public contributions. EU / UK / California residents have additional rights (access, correction, portability, deletion) — email privacy@exosynk.comand we'll handle it.

5. Cookies

We use cookies to keep you signed in and remember your theme preference. We don't use third-party ad-tracking cookies. When you click an on-platform Sponsored ad, we record the click for the advertiser's analytics but do not pass your identity to the advertiser.

6. Children

ExoSynk isn't directed at children under 13 (under 16 in the EU). We don't knowingly collect info from them. If you believe a child has created an account, email privacy@exosynk.comand we'll remove it.

7. Retention

We keep account data for as long as your account is active. Payment records are kept for 7 years for tax compliance in India. Logs are kept 90 days. Deleted content is purged from live systems within 30 days and from backups within 90.

8. Security

Passwords are hashed. Transport is TLS. Database access is row-level-secured per user. We use industry-standard encryption at rest on Supabase. No system is perfectly secure — report vulnerabilities to security@exosynk.com.

9. International transfers

Your data is processed on servers in the region your Supabase project is provisioned in. If you're in the EU and we transfer data outside, we use Standard Contractual Clauses.

10. Changes

Updates will be announced in-app and dated at the top of this page.

11. Contact

Privacy questions: privacy@exosynk.com.