Privacy Policy
Last updated: December 2025
TL;DR - Our Iron-Clad Privacy Promise
- ✓We NEVER store your queries or code. Data passes through to AI providers and is immediately discarded. No logs. No backups. No exceptions.
- ✓Memory stores insights, not conversations. We save synthesized insights like "prefers TypeScript" or "uses React hooks" - never your actual code or queries.
- ✓Your API keys are encrypted. AES-256 encryption at rest, never logged, never visible to staff, never shared.
- ✓Everything is encrypted at rest. Memory, API keys, and metadata are all protected with industry-standard encryption.
- ✓You can delete everything. Account deletion permanently removes all your data within 30 days.
Legal Commitment
This privacy policy constitutes a legally binding agreement between you and KekwanuLabs. Any violation of these commitments by KekwanuLabs would constitute a material breach of contract, entitling you to remedies under applicable law. We stake our reputation and legal standing on these promises.
1. Information We Collect
Account Information
When you create an account, we collect your email address and, if you use OAuth, your name and profile picture from Google or GitHub. This is used solely for authentication and account management.
API Keys (BYOK Mode)
If you bring your own API keys, they are encrypted using AES-256 before storage. Keys are decrypted only at runtime to make API calls on your behalf. We never log, view, or share your API keys.
Usage Metadata
We collect anonymized usage statistics including: token counts, debate timestamps, model selections, and response times. This is used for billing, rate limiting, and service improvement. We do not store the content of your queries or code.
2. What We DO NOT Collect or Store (Legally Binding)
The following commitments are legally binding. We do not have the technical capability to store this data even if we wanted to, as our architecture is designed for pass-through processing only.
| Data Type | Stored? | Technical Reality |
|---|---|---|
| Your queries | NEVER | Pass-through to AI providers; no database write path exists |
| Your code | NEVER | Processed in memory only; garbage collected immediately |
| Conversation content | NEVER | Discarded after AI response; no logging infrastructure |
| Your original queries/code | NEVER | Only synthesized insights saved; source content discarded |
| File contents | NEVER | Streamed through; no file storage infrastructure |
| AI responses | NEVER | Streamed to client; server retains nothing |
Technical Verification: Our API is stateless and runs on Cloudflare Workers, which have no persistent storage for request/response data. All processing happens in ephemeral memory that is cleared after each request. You can verify this by inspecting our open-source CLI code.
3. How Memory Works
Synod's memory system extracts synthesized insights from debates, not your actual code or queries. When we "remember" that you prefer TypeScript over JavaScript, we store:
- A synthesized insight (e.g., "prefers TypeScript over JavaScript")
- A semantic embedding (1024-dimensional vector for retrieval)
- A category tag (e.g., "preference", "pattern", "fact")
- Metadata (confidence score, timestamp)
We NEVER store: Your original queries, your code, your conversation history, or the raw content that led to insights. Only the distilled, synthesized insight is saved - never the source material.
Example: If you ask "Help me refactor this React component to use hooks instead of classes" with 200 lines of code, we might save "prefers React hooks over class components" - but your actual code and query are immediately discarded.
4. Third-Party AI Providers
Your queries are sent to the AI providers you configure (Anthropic, OpenAI, Google, xAI, DeepSeek, etc.). Each provider has their own privacy policy:
When using BYOK mode, your API keys are used to make direct calls to these providers. Synod acts as an orchestration layer and does not retain the content of these communications.
5. Data Security
- All data in transit is encrypted via TLS 1.3
- API keys are encrypted at rest using AES-256
- We use Cloudflare's edge network for DDoS protection
- Database access is restricted and audited
- We do not share data with third parties except as required by law
6. Data Retention
- Free tier: Memory retained for 30 days, session history for 7 days
- Pro/Team: Memory and history retained indefinitely
- Account deletion: All data permanently deleted within 30 days
7. Your Rights
You have the right to:
- Access your account data
- Export your memory data
- Delete your account and all associated data
- Opt out of non-essential data collection
To exercise these rights, contact us at privacy@synod.run.
8. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use after changes constitutes acceptance.
9. Contact
For privacy questions or concerns:
- Email: privacy@synod.run
- GitHub: Open an issue
© 2025 KekwanuLabs. All rights reserved.