Privacy Policy

1. Information We Collect

• Mobile Phone Number: Required for account registration and OTP authentication.
• GPS Coordinates & Plot Data: Precise geolocation and plot boundary data you submit for EUDR compliance reporting.
• Device Information: Device type, OS version, and app version for technical support.
• Usage Analytics: Anonymous crash reports and feature interaction data to improve the app.
• Farm & Agricultural Data: Plot acreage, planting dates, yield records, and palm health observations submitted via PalmLulus or PalmView.

2. How We Use Your Information

• Service Delivery: To provide PalmLulus, PalmView, and related features.
• Identity Verification: To send SMS OTP codes for authentication.
• EUDR Compliance: To generate due diligence statements and geospatial risk reports.
• Product Improvement: Aggregated, anonymised data may be used to improve our AI models.
• Customer Support: To respond to inquiries and troubleshoot issues.

3. SMS Communications

We send SMS messages exclusively for account verification (OTP codes). We do not send promotional or marketing SMS. Your phone number is never sold or shared for marketing purposes. SMS is delivered via Twilio, Inc. Standard carrier rates may apply.

4. Data Sharing & Third-Party Services

We do not sell your personal information. We share data only with trusted providers:

• Twilio, Inc. — SMS delivery for authentication.
• Supabase — Database hosting, authentication, and cloud file storage (AWS ap-southeast-1).
• Isar — Local on-device encrypted database used by PalmLulus to store plot data offline. Data remains on your device unless you enable cloud sync.
• OneSignal — Push notification delivery, used only when you grant notification permissions. Only a device token is processed; no personal data is shared.
• Google Play / Apple App Store — App distribution platforms with their own privacy policies.

5. Data Storage & Security

Your data is stored on servers in Singapore via Supabase. We use TLS encryption in transit, encryption at rest, and role-based access controls. Despite these measures, no system is completely secure.

6. Data Retention

• Account data: retained up to 12 months after account closure.
• Farm & EUDR data: minimum 5 years to meet regulatory requirements.
• Authentication logs: up to 90 days.

7. Your Rights

You have the right to access, correct, delete, or export your personal data. To exercise these rights, contact hello@synga.ai. We will respond within 30 days.

8. Children's Privacy

Our Services are not intended for users under 13. We do not knowingly collect data from minors. Contact hello@synga.ai if you believe a child has submitted data.

9. Cookies & Analytics

Our website uses essential cookies for session management and analytics cookies to understand visitor behaviour. You can manage cookie preferences through your browser settings.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via the "Last updated" date and, where applicable, in-app notification.

11. Contact Us