Mr Syn

Privacy Policy

Last updated: March 1, 2026

Mr Syn Ltd ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Mr Syn mobile application, website, and related services (collectively, the "Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: Name, email address, username, date of birth, and password when you create an account.
  • Profile information: Profile photo, bio, fitness goals, height, weight, and activity preferences.
  • Identity verification: Government-issued ID and proof of address when required for financial features.
  • Communications: Messages, feedback, and support inquiries you send to us.

1.2 Information Collected Automatically

  • GPS and location data: Real-time GPS coordinates during activity recording. This is essential for challenge verification and activity tracking. Location data is only collected while activities are being recorded.
  • Activity and sensor data: Distance, speed, pace, elevation, heart rate (if connected to wearable), calories burned, and route data during recorded activities.
  • Photos: Photos taken for challenge verification checkpoints and AI food scanning. Photos are processed for verification purposes and stored securely.
  • Device information: Device type, operating system, unique device identifiers, and app version.
  • Usage data: Features accessed, screens viewed, actions taken, time stamps, and interaction patterns within the Service.

1.3 Payment Information

Payment information (credit card numbers, bank account details) is collected and processed directly by our payment processor, Stripe. We do not store your full payment credentials on our servers. We receive limited payment information from Stripe, including the last four digits of your card, card brand, expiration date, and transaction amounts, for record-keeping and customer support purposes.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To provide, maintain, and improve the Service, including activity tracking, challenge management, and payout processing.
  • Verification: To verify challenge completion, detect fraud, and maintain fair play using GPS data, photos, and AI analysis.
  • AI food scanning: To analyze food photos and provide nutritional information using AI models.
  • Communication: To send you transactional notifications (challenge updates, payment confirmations), security alerts, and customer support responses.
  • Analytics: To understand how the Service is used and to improve features, performance, and user experience.
  • Safety and security: To detect and prevent fraud, cheating, unauthorized access, and other harmful activities.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

3. Third-Party Services

We share data with the following third-party services to operate the Service:

  • Supabase: Cloud database and authentication provider. Stores account data, activity records, and application data. Data is encrypted in transit and at rest. Privacy policy: supabase.com/privacy
  • Stripe: Payment processing for stakes, subscriptions, and payouts. Handles all financial data in compliance with PCI-DSS Level 1. Privacy policy: stripe.com/privacy
  • Anthropic (Claude AI): Powers AI verification for photo checkpoints and food scanning. Photos submitted for verification are processed by Anthropic's Claude AI model. Anthropic does not use your data to train their models. Privacy policy: anthropic.com/privacy

We require all third-party service providers to handle your data in accordance with applicable data protection laws and to maintain appropriate security measures.

4. Data Retention and Deletion

  • Account data: Retained for as long as your account is active. Upon account deletion, personal data is deleted within 30 days, except where retention is required by law.
  • Activity data: GPS routes and activity recordings are retained for as long as your account is active. Deleted upon account deletion request.
  • Verification photos: Challenge verification photos are retained for 90 days after challenge completion, then automatically deleted.
  • Food scan photos: Deleted within 24 hours of processing.
  • Financial records: Transaction records are retained for 7 years to comply with financial regulations, even after account deletion.
  • Fraud prevention data: Data related to confirmed fraud or prohibited conduct may be retained indefinitely to prevent repeat abuse.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, commonly used, machine-readable format (JSON or CSV).
  • Export: Export all your activity data, nutrition logs, and challenge history through the app settings.
  • Restriction: Request that we limit the processing of your personal data in certain circumstances.
  • Objection: Object to the processing of your personal data for specific purposes.
  • Withdraw consent: Withdraw your consent for data processing at any time, where processing is based on consent.

To exercise any of these rights, contact us at privacy@mrsyn.app or use the data management features in the app settings. We will respond to all requests within 30 days.

6. GDPR Compliance (European Economic Area)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:

  • Legal basis for processing: We process your data based on: (a) performance of our contract with you (service delivery, challenge management); (b) legitimate interests (fraud prevention, service improvement); (c) your consent (marketing communications); and (d) legal obligations (financial record keeping).
  • Data transfers: Your data may be transferred to and processed in countries outside the EEA. We ensure adequate protection through Standard Contractual Clauses or other approved transfer mechanisms.
  • Data Protection Officer: You may contact our Data Protection Officer at dpo@mrsyn.app.
  • Supervisory authority: You have the right to lodge a complaint with your local data protection supervisory authority.

7. CCPA Compliance (California Residents)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to opt-out: We do not sell your personal information. If this practice changes, we will provide a "Do Not Sell My Personal Information" mechanism.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email privacy@mrsyn.app with the subject line "CCPA Request."

8. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete that information immediately.

Users aged 13 to 17 may use free features of the Service with verifiable parental consent. Financial features (staking, subscriptions) are restricted to users 18 and older. Parents or guardians may contact us at privacy@mrsyn.app to review, modify, or delete their child's information.

9. Security Measures

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Secure authentication with hashed and salted passwords.
  • Role-based access controls limiting employee access to personal data.
  • Regular security audits and penetration testing.
  • PCI-DSS compliant payment processing through Stripe.
  • Automated monitoring for suspicious activity and unauthorized access.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

10. Cookie Policy

Our website uses only essential cookies required for the Service to function properly. We do not use tracking cookies, advertising cookies, or analytics cookies that track you across other websites.

  • Essential cookies: Session management, authentication state, and security tokens. These cannot be disabled without impairing Service functionality.

Our mobile application does not use cookies. Device identifiers used for authentication and security purposes are described in Section 1.2 above.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service, updating the "Last updated" date, and sending you an email or in-app notification at least 14 days before changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, contact us:

Back to Home