Privacy Policy

Synthmark ("we," "our," or "us") is committed to protecting your privacy. This policy explains how we collect, use, disclose, and safeguard information when you use our annotation platform and related services (the "Service").

By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

Account information

When you register, we collect your name, email address, and password. If you provide an organization name, we store that too. This information is necessary to create and maintain your account.

Project data

We store the images, annotations, label schemas, and metadata you upload or create in the Service. You retain full ownership of this data. We process it only to deliver the Service to you.

Usage data

We log how you interact with the Service — which features you use, error events, and session metadata. This helps us improve the product and diagnose technical issues. We do not build individual behavioral profiles for advertising.

Technical information

We collect IP addresses, browser type, and operating system automatically when you access the Service. This is used for security monitoring and infrastructure optimization, not for tracking.

• Provide, operate, and maintain the Service
• Process annotation workflows, review queues, and exports
• Send transactional emails related to your account
• Respond to support requests
• Detect and prevent fraud or abuse
• Comply with applicable legal obligations

We do not use your project data to train our own models or any third-party models.

Data is stored on cloud infrastructure with encryption in transit (TLS 1.2+) and encryption at rest. We enforce role-based access controls internally and conduct regular security reviews.

Project images are stored with an industry-standard object storage provider. Annotation metadata and user records are stored in a managed PostgreSQL database. Both providers are SOC 2 Type II certified.

No security system is perfect. We recommend using a strong, unique password and enabling two-factor authentication when available.

We do not sell your personal information. We share data only:

• Within your workspace: Project data is accessible to the collaborators you explicitly invite.
• With infrastructure vendors: Cloud storage, database, and email providers who are bound by data processing agreements.
• For legal compliance: If required by a valid court order, subpoena, or applicable law.
• In a business transfer: If Synthmark is acquired or merges with another entity, data may be transferred to the successor. We will notify you before that happens.

• Access a copy of your personal data
• Correct inaccurate information
• Delete your account and associated data
• Export your project data in COCO, YOLO, VOC, or JSON format at any time
• Opt out of non-transactional communications

To exercise any of these rights, email privacy@synthmark.io. We will respond within 30 days.

We keep your data for as long as your account is active. When you delete your account, we permanently delete your personal data and project data within 30 days, except where we are legally required to retain records for longer.

We use session cookies to keep you signed in and remember your UI preferences. We do not use advertising cookies, cross-site tracking, or third-party analytics that share data with advertising networks.

The Service is not directed at children under 16. We do not knowingly collect personal information from minors. If you believe a child has provided us their data, contact us and we will delete it promptly.

If you access the Service from outside the United States, your data may be transferred to and stored in the US. We rely on standard contractual clauses and other lawful transfer mechanisms where required by applicable data protection law.

We may update this policy when our practices change. For material changes we will notify you by email at least 14 days before they take effect. The date at the top of this page always reflects when it was last updated.

Questions or requests about this policy should be directed to privacy@synthmark.io.