LEGAL
Privacy Policy
Effective date: July 3, 2026
This Privacy Policy explains what information Syzafi ("we," "us") collects when you use our website and services, how we use it, and the choices you have. The short version: we collect the minimum needed to run an account-based product, we don't sell your data, and we never touch your funds or wallets.
1. Information We Collect
Information you give us
When you create an account we collect your first and last name, email address, mobile phone number, mailing address, and a password. Your email and phone number are verified with one-time codes (email, and SMS via Amazon Cognito) to confirm they belong to you; we use the phone number only for account verification and security, never for marketing calls or texts. Passwords are handled by Amazon Cognito, AWS's managed identity service — they are hashed and are never visible to us in plain text. If you email us, we receive your address and the contents of your message.
Information collected automatically
Like most websites, our hosting infrastructure (Amazon CloudFront and API Gateway) records standard technical logs: IP address, browser type, pages requested, timestamps, and error information. We use these for security, debugging, and aggregate usage understanding. We do not run third-party advertising or cross-site tracking scripts.
Information we do not collect
We never ask for or store: exchange API keys, wallet addresses, private keys, holdings, trade history, or payment card numbers (no card is required for the trial; if paid plans launch, payments will be processed by a dedicated payment provider and card details will go to them, not us).
2. How We Use Information
We use your information to: create and secure your account; operate the free trial (trial dates are stored against your account); respond to support requests; monitor for abuse and keep the Service reliable; and — only if you opt in — send product updates. We do not sell or rent personal information, and we do not use it for third-party advertising.
3. Cookies and Local Storage
We use your browser's localStorage (not tracking cookies) to keep you signed in: it holds your session token and a cached copy of your basic profile. Clearing your browser storage signs you out. We do not set third-party advertising or analytics cookies.
4. Third-Party Services
The Service is built on a small set of processors and data sources:
- Amazon Web Services (Cognito, DynamoDB, Lambda, API Gateway, S3, CloudFront) — hosting, accounts, and data storage, in the us-east-1 (N. Virginia) region.
- Coinbase public market-data APIs and WebSocket — live and historical prices. Your browser connects to Coinbase directly for live ticks; Coinbase's own privacy policy governs what it sees (effectively your IP address).
- CoinGecko — market-cap rankings and coin logos, fetched via our API and, for logo images, directly by your browser.
- Google Fonts — the Inter typeface; your browser requests font files from Google's servers.
Each provider processes only what is necessary for its function.
5. Sharing
We share personal information only: with the service providers above, as needed to operate the Service; if required by law or valid legal process; to protect the rights, safety, or property of Syzafi or its users; or in connection with a merger or acquisition, in which case this policy continues to apply until amended. That's the complete list — there is no data-broker or advertiser sharing.
6. Retention
Account records are kept while your account exists. If you request deletion, we remove your account record and Cognito identity within 30 days, except minimal records we must retain for security or legal compliance. Infrastructure logs rotate automatically on short schedules.
7. Security
All traffic is encrypted in transit (HTTPS/TLS, with HSTS enforced). Passwords are managed by Amazon Cognito. Data at rest lives in AWS-managed encrypted services. No method of transmission or storage is 100% secure, but we deliberately minimize what we collect so there is little to lose.
8. Your Rights
Depending on where you live (including under the EU/UK GDPR and the California CCPA/CPRA), you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise any of these rights, email hello@syzafi.com from your account address — we honor these requests for all users regardless of jurisdiction. We do not "sell" or "share" personal information as those terms are defined in the CCPA/CPRA.
9. International Users
The Service is operated from the United States and data is stored in the AWS us-east-1 region. If you use the Service from outside the U.S., you understand your information is processed in the U.S.
10. Children
The Service is not directed to anyone under 18, and we do not knowingly collect personal information from children. If you believe a minor has created an account, contact us and we will delete it.
11. Changes
We will post any changes to this policy here with an updated effective date, and notify account holders by email for material changes.
12. Contact
Privacy questions or requests: hello@syzafi.com.