Privacy Policy — Plain English, No Surprises

Most privacy policies are written to protect the company, not inform you. Ours is different. Plain English. No legalese. No surprises.

Effective Date: April 5, 2026

The short version

If you read nothing else, read this.

Zero tracking

No analytics. No cookies. No pixels. No fingerprinting. We don't measure your behavior.

No AI training

Your documents and conversations are never used to train AI models. Ever.

No data selling

Your data is never sold, rented, or shared with advertisers or data brokers.

Encrypted everything

TLS 1.3 in transit. AES-256 at rest. Row-level security on every query.

Who we are

SynthCounsel is a legal document preparation platform operated by SynthCORP LLC, based in Utah. We built this product for people navigating the legal system on their own. Your trust is the only reason we exist, so we treat your privacy like our own.

What we collect

Only what's needed to make the product work. Nothing more.

Account info

Your email address, name (if you provide one), and authentication credentials. Managed by Supabase Auth.

Case data

Case names, numbers, parties, court details, and other information you enter. This is your data — we just store it for you.

Generated documents

The documents you create, stored in encrypted storage buckets scoped to your user ID. No one else can access them.

Audit logs

Timestamps, document types, disclaimer acceptance, and generation metadata. We do not log the substantive content of your documents.

Payment info

Processed and stored entirely by Stripe. We never see or store your credit card number.

What we don't collect

This is the part most companies skip.

Analytics or usage tracking of any kind

Cookies for tracking or advertising

Browser or device fingerprints

Clicks, scrolls, or navigation patterns

Third-party tracking pixels or scripts

Biometric data

How we use your data

To generate your documents and calculate your deadlines
To manage your subscription and enforce free tier limits
To maintain audit trails — for your protection and ours
To send you important service updates (not marketing, unless you opt in)

That's it. We don't “improve the service based on aggregate usage patterns” because we don't collect usage data to aggregate.

How AI works

When you generate a document or chat with Counsel, we send the minimum necessary context to the AI provider (Anthropic) via their API.

Document generation

Your case details and document parameters are sent to Anthropic. We use API configurations that explicitly opt out of model training. The AI processes your request and returns the result. It does not retain your data.

Chat conversations

Messages are sent to the AI for response generation only. Your conversations are stored in your account (encrypted at rest) so you can reference them later. Never shared. Never used for training.

Document uploads

When you upload a document, the AI reads it in a single API call to classify it, extract dates, and identify parties. The AI does not retain the document content after processing.

AI costs are included in your subscription. You never need to provide your own API keys. We hold the relationship with Anthropic on your behalf and pass through their no-training data terms.

Data storage & security

Hosted on Supabase (AWS infrastructure) with row-level security — every database query is scoped to your user ID

Encrypted in transit (TLS 1.3) and at rest (AES-256). Backups encrypted. Documents in encrypted object storage.

Authentication required on every API endpoint. Principle of least privilege. Parameterized queries everywhere.

Third-party services

We use exactly three external services. No more.

Supabase

Authentication, database, file storage

Account data, case data, documents

Stripe

Payment processing

Billing info only — we never see card numbers

Anthropic

AI document generation and chat

Case context sent per-request, opted out of training

Vercel hosts the web application. It serves pages but does not access your case data or documents.

Data retention

Account and case data: retained while your account is active

Deleted documents: soft-deleted immediately, permanently purged after 30 days

Full account deletion: available anytime — contact privacy@synthcounsel.com

Your rights

Access

Request a copy of all your personal data

Correction

Update or correct your personal data anytime

Deletion

Request deletion of your account and all associated data

Export

Download your case data and generated documents

To exercise any of these rights: privacy@synthcounsel.com

Children

SynthCounsel is not intended for anyone under 18. We do not knowingly collect data from minors.

Changes to this policy

If we make material changes, we'll email registered users before the changes take effect. The effective date at the top reflects the latest revision.

Privacy shouldn't require a law degree to understand. We wrote this policy for humans, not lawyers. If something is unclear, email us at privacy@synthcounsel.com and we'll explain it in plain English. See also: Security commitments.

A privacy policy you can actually read.