← insynctech.io
Privacy Policy
Effective 2026-05-13 · InSync Tech, Inc. · Venice, FL
The short version: We collect what we need to run the service and bill you correctly. Your sessions are encrypted at rest. We don't sell your data. We don't train external models on it.
1. What we collect
- Account info — email, name (optional), company (optional), use-case description (optional).
- Payment info — handled by Stripe. We see the last 4 digits + cardholder name; Stripe holds the rest.
- Session data — your conversations with Aria, the memory cards she builds, the splat audit trail of her decisions.
- Operational data — IP address (truncated), browser type, signin timestamps, error logs.
2. How we use it
- Authenticate you (magic-link email).
- Run Aria for you — store memory cards she uses to remember you across sessions.
- Bill you correctly. Send receipts.
- Diagnose problems. Improve reliability.
- Optionally, send onboarding emails to help you get the most from the 3-month growth curve.
3. What we DON'T do
- Sell your email or data to third parties.
- Train our base models on your private code without explicit per-account opt-in.
- Surface your sessions to other customers, ever.
- Use cookies for tracking outside our own service.
4. Data storage + encryption
- Servers in Lansing, Michigan (Liquid Web). Backed up to Acronis cloud.
- Memory card summaries encrypted at rest with AES-256 (pgcrypto). Phase 2 of our encryption rollout.
- Voice call audio (when used) encrypted with AES-256-GCM.
- HTTPS everywhere — Let's Encrypt certs renewed automatically.
5. Third parties we share with
- Stripe — payment processing. Stripe privacy.
- Resend — transactional email (sign-in links, receipts).
- Anthropic — when you escalate to premium tier, your prompt is sent to Anthropic. Our sovereign tier keeps everything in-house.
- ElevenLabs — if you use voice mode on the paid sacred line.
- Internet Archive — public-domain corpus we use for model training (never your data).
6. Your rights
- Access — request a copy of your data anytime via ian@insynctech.io.
- Deletion — same email. We honor within 30 days; some operational logs retained for legal/billing reasons up to 1 year.
- Correction — edit your profile at /portal.
- Portability — we'll export your memory cards + splats in JSON on request.
7. Cookies
ac_session — your sign-in cookie. HttpOnly, Secure, 30-day TTL. Used only by us.- No third-party tracking cookies. No analytics that ship your identity off-platform.
8. Children
Aria Code is for adults. We don't knowingly collect data from anyone under 13. If you believe a minor has signed up, email us and we'll delete the account.
9. International users
Our servers are in the US. By using Aria Code outside the US, you consent to your data being transferred to and stored on US servers. EU/UK users: we honor GDPR-equivalent rights via the access/deletion process above.
10. Changes
If we change this policy materially, we'll email you 14 days in advance. Continued use after the effective date = acceptance.
Contact
Ian Steitz · InSync Tech, Inc. · Venice, FL · ian@insynctech.io
This is a launch-version privacy policy. We'll refine it with counsel before broader scale. Last updated 2026-05-13.