Privacy Policy
2026-05-09-f7798ab
The short version: We collect what we need to run an async standup tool — your account info, the standup text you write, and a small amount of technical metadata. We use it to provide the service to you and your team, including generating AI insights. We don't sell your data, and we don't train general-purpose AI models on it.
1. Who We Are
SimpleStandup is operated by Synapsium Labs ("we," "us," "our"). We provide an asynchronous standup platform where teams share daily updates without meeting and where AI generates insights from those updates.
For privacy questions, contact us at privacy@synapsiumlabs.io.
2. What Data We Collect
2.1 Account Information
When you sign up, we collect:
- Email address — from Google Sign-In or your organization's SSO provider, via Firebase Authentication
- Display name — from your authentication provider
- Theme preference — light, dark, or system, set by you
- Organization membership — which orgs and teams you belong to, and your role within them
2.2 Standup Content
The text you submit as standup updates (yesterday / today / blockers, or freeform text) is stored in our database. This is the core content of the product. It is visible to other members of the team you posted to and used to generate AI insights for that team.
2.3 Derived Content
From your standups we generate, store, and display:
- AI-generated insights about patterns, blockers, and progress
- Action items extracted from standup content
- Aggregated team metrics (submission rates, sentiment trends, etc.)
- Comments and reactions you and your teammates leave
2.4 Integration Data
If you connect Slack or Microsoft Teams to your organization:
- OAuth tokens for the connected workspace (encrypted at rest)
- Workspace and channel identifiers and names
- Your identity within the connected workspace (Slack user ID, Teams user ID)
2.5 Usage and Technical Data
- Browser type and version (User-Agent)
- IP address
- Pages visited within the dashboard
- API request timing and error rates (for performance monitoring)
2.6 Billing Information
Payment processing is handled entirely by Stripe. We never receive, process, or store credit card numbers or bank account details. We receive only:
- Subscription status (trial, active, canceled)
- Invoice amounts and payment dates
- The last four digits of your payment method (for display only)
3. What We Do NOT Collect
| Data Type | Collected? | Notes |
|---|---|---|
| Files from your computer or cloud drives | No | SimpleStandup doesn't access any files outside what you submit as standup text. |
| Calendar entries, emails, or messages outside SimpleStandup | No | We never see anything you don't submit through SimpleStandup or write in a connected Slack/Teams channel. |
| Credit card or bank account numbers | No | Handled entirely by Stripe. |
| Authentication passwords | No | Sign-in goes through Google or your SSO provider — we never see passwords. |
4. How We Use Your Data
- Service provision — to display your standups to your teammates, deliver reminders, and operate the dashboard
- AI insight generation — your standup content and team-level aggregates are sent to Google Cloud's Vertex AI (specifically the Gemini model family) to generate insights, summaries, and suggested actions. The output is stored in our database and shown to your team. Vertex AI does not use this data to train its models.
- Notifications and reminders — to send transactional emails, Slack messages, or Teams messages based on your team's configuration and your individual preferences
- Service improvement — to monitor performance, fix bugs, and improve reliability. Aggregate, de-identified statistics may inform product decisions.
- Account management — to identify you, enforce permissions, and bill you
5. How We Share Your Data
We do not sell your data. We share it only in these circumstances:
- Within your organization — your standup content is visible to other members of the team(s) you post to. Organization admins can see organization-wide content. Insights and actions follow the same visibility.
- With Google Cloud Vertex AI — for the purpose of generating insights, as described in Section 4
- With Stripe — billing and subscription management
- With Postmark — transactional email delivery (email addresses and message content only)
- With Slack or Microsoft Teams — only the data needed to deliver messages to channels you connect, scoped to your organization's connection
- With law enforcement — only when required by valid legal process
We do not use your standup content to train general-purpose AI models. Vertex AI's terms commit Google to not training its models on customer prompts and responses by default; we do not opt in to any such training.
6. Subprocessors
| Subprocessor | Purpose | Data Processed |
|---|---|---|
| Google Cloud Platform | Infrastructure (compute, database, secrets, monitoring, Vertex AI) | All service data including standup content for AI processing |
| Firebase / Identity Platform | Authentication | Email, display name, auth tokens |
| Stripe | Payment processing | Billing information |
| Postmark | Transactional email | Email addresses, notification content |
| Slack (if connected) | Standup submission and notifications | OAuth tokens, workspace and channel metadata, message content for connected channels |
| Microsoft Teams (if connected) | Standup submission and notifications | OAuth tokens, tenant metadata, message content for connected channels |
| Sentry | Error monitoring | Error stack traces, browser/runtime metadata. We avoid sending standup content to Sentry. |
7. Data Retention
We retain data for as long as necessary to provide the Services to you and your organization. The categories below describe how each type of data is handled:
- Account data — retained while your account is active.
- Standup content, insights, and actions — retained while your organization is using the Services.
- OAuth tokens (Slack, Teams) — retained until you disconnect the integration; deleted on disconnect.
- Billing records — retained as required by law, typically 7 years.
- Operational logs — short retention windows for performance monitoring and debugging.
If you request deletion of your account or data, we will complete the deletion within 90 days of receiving the request, except for billing records and other data we are required to retain by law. Contact privacy@synapsiumlabs.io to make a request.
8. Data Security
We implement standard security measures to protect your account and data:
- All data encrypted in transit (TLS) and at rest (Google Cloud default encryption)
- OAuth tokens stored encrypted in Google Cloud Secret Manager, not in the application database
- IAM-based database authentication and access control
- Authentication via Firebase / Identity Platform with optional organization-scoped tenants
- Optional SSO enforcement at the organization level
- Code changes reviewed before deployment; deployments automated through GitHub Actions
If you discover a security issue, please contact us at security@synapsiumlabs.io.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data — visible in the SimpleStandup dashboard. For a structured export, contact privacy@synapsiumlabs.io.
- Correct your personal data — edit your profile or standup entries directly, or contact us
- Delete your account and associated data — contact your organization admin or privacy@synapsiumlabs.io
- Object to processing — contact us and we will accommodate where legally required
- Withdraw consent — for example, by disconnecting Slack or Teams, or by deleting your account
10. Children's Privacy
SimpleStandup is a workplace tool. We do not knowingly collect data from children under 13 (or the applicable age in your jurisdiction). If you believe a child has provided us with personal information, please contact us.
11. International Data Transfers
SimpleStandup infrastructure is hosted on Google Cloud Platform in the United States (us-central1). If you are located outside the United States, your data will be transferred to and processed in the United States. We rely on Google Cloud's compliance certifications and contractual protections for these transfers.
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by email or through the SimpleStandup dashboard. Continued use of the service after changes constitutes acceptance. The current version is identified by the version string at the top of this page.
13. Contact
For privacy questions, data requests, or concerns:
- Email: privacy@synapsiumlabs.io
- Synapsium Labs, Atlanta, GA, United States