Privacy Policy

1. Introduction

This Privacy Policy explains how The Rewrite App ("the App," "we," "us," "our"), operated by Synqa Inc. ("the Company"), a company incorporated in Canada, on behalf of The Rewrite Lab, collects, uses, stores, and protects your personal data when you use the App. Synqa Inc. is the data controller responsible for your personal data.

We take privacy seriously. The App is designed so that the information you bring to it, including sensitive birth details and personal reflections, is handled with care, stored securely, and used only to make the App work for you.

By using the App, you agree to the practices described in this policy. If you do not agree, do not use the App.

This policy is written to align with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy law, and, for users in those regions, the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Singapore's Personal Data Protection Act (PDPA), among other frameworks. Your rights under these laws are described in Section 8.

2. The information we collect

We collect the following categories of personal data.

Account information. When you create an account, we collect your email address and, if you sign in through a third party such as Apple or Google, the basic identifying information that sign-in provides. We may store a record of your subscription tier.

Birth details. To generate your reading, the App collects your date of birth, time of birth, and place of birth. We treat these as sensitive personal data and protect them accordingly (see Section 5). These details are used to compute your reading across the four interpretive traditions and are not used for any other purpose.

Your conversations and reflections. When you use The Draft, we store the messages you send and the responses the App generates, so that your reflective record persists across sessions, which is a core part of how the App is designed to work. You can delete this record (see Section 8).

Usage and device information. We collect limited technical information needed to operate and improve the App, such as app version, device type, general region, and anonymised or aggregated usage events. Where we use a privacy-focused analytics provider, we configure it to minimise the personal data collected.

We do not collect more than we need, and we do not sell your personal data.

3. How we use your information

We use your personal data only for the following purposes:

• to create and manage your account and authenticate your access;
• to compute your reading from the birth details you provide;
• to generate and store your conversations with The Draft, so your reflective record persists;
• to operate, maintain, secure, and improve the App;
• to process subscriptions and purchases through the applicable app store;
• to enforce our Terms, protect the safety of users, and comply with our legal obligations.

We rely on the following legal bases where GDPR or similar law applies: performance of our contract with you (to provide the App you signed up for), your consent (for sensitive birth data and for any optional features you switch on), our legitimate interests (to secure and improve the App, balanced against your rights), and compliance with legal obligations.

We process your sensitive birth details only with your consent, which you give during onboarding, and you can withdraw that consent by deleting the relevant data or your account.

4. How your information is shared

We do not sell your personal data, and we do not share it for advertising. We share personal data only in the following limited circumstances:

Service providers (processors). We use trusted providers to run the App on our behalf, for example cloud hosting and database services, authentication, and the AI services that help generate responses. These providers process data under our instructions and under contractual obligations to protect it. They are not permitted to use your data for their own purposes.

AI processing. Some responses are generated with the assistance of AI models. Where a response is generated on your device, the content stays on your device for that step. Where a response is generated by a server-side AI service, the necessary content is sent to that service to produce the response, under a contract that restricts its use to providing the service. We design the App to keep sensitive identifying details out of these requests wherever feasible.

Legal and safety. We may disclose personal data where required by law, to comply with a valid legal process, to enforce our Terms, or to protect the rights, safety, or property of users, the public, or the Company.

Business transfers. If the Company is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, subject to the protections of this policy.

Because the Company is based in Canada and some providers operate elsewhere (including the United States and other regions), your data may be transferred across borders and processed outside your country of residence. Where it is, we put appropriate safeguards in place as required by applicable law (for example, standard contractual clauses or equivalent mechanisms for transfers subject to GDPR, and comparable protections for transfers subject to PIPEDA).

5. How we protect your information

We use technical and organisational measures designed to protect your personal data, including:

• encryption of sensitive data, including your birth details, at rest;
• encryption of data in transit;
• access controls so that your data is accessible only to the parts of the system and the people that need it to operate the App;
• row-level security so that your records are accessible only under your own authenticated account.

No system is perfectly secure, and we cannot guarantee absolute security, but we work to protect your information using measures appropriate to its sensitivity.

6. How long we keep your information

We keep your personal data for as long as your account is active and for as long as needed to provide the App. If you delete specific content, we remove it from active systems. If you delete your account, we delete or anonymise your personal data, including your birth details and conversation history, except where we are required to retain certain limited information to meet a legal obligation, resolve a dispute, or enforce our agreements. Backups are cycled out on a routine schedule.

7. AI, automated processing, and your reflections

The App uses AI models to generate readings and conversational responses. This processing is automated, but it does not make legal or similarly significant decisions about you. The output is reflective content for your personal use; it is not a decision, a score, an assessment, or a determination about you.

We do not use the content of your private conversations to train publicly released AI models. Where we improve the App, we do so using aggregated, de-identified, or internally controlled information, and in line with this policy.

8. Your rights and choices

Depending on where you live, you have some or all of the following rights over your personal data:

• Access — to know what personal data we hold about you and to obtain a copy.
• Correction — to correct inaccurate or incomplete data.
• Deletion — to ask us to delete your personal data, including the right to erasure under GDPR and the right to delete under CCPA. The App provides a self-service way to delete your data and account.
• Restriction and objection — to ask us to limit or stop certain processing, including the right to object to processing based on legitimate interests.
• Portability — to receive certain data in a portable format.
• Withdraw consent — to withdraw consent you have given, including consent for processing your sensitive birth details, without affecting processing already carried out.
• Non-discrimination — under CCPA, we will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, use the in-App controls where available or contact us at privacy@synqa.ca. We will respond within the timeframes required by applicable law. You also have the right to lodge a complaint with your local data protection authority (for example, the Office of the Privacy Commissioner of Canada or your provincial authority, your supervisory authority in the EU or UK, the California Privacy Protection Agency, or the Personal Data Protection Commission in Singapore).

9. Children's privacy

The App is intended for adults and is not directed to anyone under 18. We do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has provided us with personal data, contact us at privacy@synqa.ca and we will take steps to delete it.

10. International users

The App is operated from Canada and is available in several regions. Wherever you use it, this policy applies, supplemented by any rights granted to you under your local law. Where your local law gives you stronger protections, those protections apply.

11. Changes to this policy

We may update this Privacy Policy from time to time. Where changes are material, we will take reasonable steps to notify you, for example in the App or by email, before they take effect. The "Last updated" date at the top of this document shows when it last changed. Your continued use of the App after an update means you accept the revised policy.

12. Contact us

If you have questions about this Privacy Policy or how we handle your personal data, contact us at:

If GDPR applies to your data and we are required to designate a representative or data protection officer, their contact details will be provided here.