Privacy Policy

We collect personal information that you voluntarily provide to us when you register on our platform, express interest in obtaining information about us or our products, or contact us.

The personal information we collect may include:

• Account Credentials: Email addresses, passwords, names, and contact information.
• OAuth Profile Data: If you authenticate using Google OAuth, we receive profile information (your email, name, profile image URL, and unique Google ID) from Google.
• Device Log Files: Syslogs and analytics log data that you choose to upload from your NAS devices for parsing.

We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent. We use the information we collect or receive to:

• Facilitate Account Creation: Set up your dashboard, log analytical queries, and associate uploaded devices with your account.
• Deliver Analysis: Process your uploaded NAS logs to identify authentication failures, access patterns, storage quotas, and security anomalies.
• Send Security Alerts: Notify you via email of detected security concerns, such as log in attempts, user management changes, etc.

We implement appropriate technical and organizational security measures designed to protect the security of any personal information and raw log data we process. These include:

• Encryption of all data in transit using TLS/HTTPS.
• Encryption of stored database fields and hashed user passwords using secure, modern algorithms (BCrypt).
• Strict firewalls and private network routing to restrict access to database nodes containing log records.

However, please remember that no transmission over the Internet or electronic storage technology can be guaranteed 100% secure. Although we will do our best to protect your information, transmission of data and log files to and from our site is at your own risk.

As a specialized log analysis platform, Synalyze handles complex structured and unstructured device logs. We treat your log files with strict privacy:

• Processing: Log files are parsed asynchronously. Once parsed into structured indexing metrics, raw text logs are either compressed in encrypted cold storage or deleted depending on your plan configuration.
• Access Control: Our engineering personnel do not access the content of your logs unless explicitly requested by you to troubleshoot parsing syntax errors or log parser bugs.
• No Sell Policy: We never sell, rent, or lease your log files, parsed IP address lists, username traces, or network graphs to third parties.

We only share information with your consent, to comply with laws, to provide you with services, or to protect rights. We may share data under the following circumstances:

• Compliance with Laws: We may disclose your information where we are legally required to do so to comply with applicable law, governmental requests, judicial proceedings, or court orders.
• Third-Party Service Providers: We use trusted third parties to handle hosting infrastructure (e.g. cloud hosting providers) and transactional emails (e.g. SMTP routing). These processors have no independent right to use your personal information.

We use cookies and similar tracking technologies to access or store session information. Cookies are small text files stored on your browser to facilitate authentication.

We use essential session cookies to keep you logged in to your account. You can configure your browser to refuse all cookies or notify you when a cookie is set; however, disabling cookies will prevent you from logging into the Synalyze dashboard.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Depending on your location, you may have certain rights regarding your personal information under local privacy laws (e.g. GDPR, CCPA, or the Personal Data Protection Act of Sri Lanka).

These rights may include:

• The right to request access to and obtain a copy of your personal data.
• The right to request rectification of inaccurate data or deletion of your profile.
• The right to restrict or object to the processing of your log analytics.
• The right to withdraw consent for third-party integrations (e.g. revoking Google OAuth access via your Google account settings).

To exercise any of these rights, please contact us at support@synalyze.net. We will respond in accordance with applicable data protection laws.

Synalyze supports authentication via Google OAuth services.

When you choose to register or log in using Google, we request access to basic scopes: `email`, `profile`, and `openid`. We use this data only to verify your identity, verify your email address, and pre-fill account registration fields (e.g. display name, profile image).

We do not request permissions to access your Google Drive, Gmail, or other Google cloud storage services. You can revoke Synalyze's access to your Google account at any time via your Google security settings.

We may update this privacy policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible.

If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you an email notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.