Effective date: February 2026 · Last updated: February 2026
Synthaskill (“we”, “us”, or “our”) operates synthaskill.com and the Synthaskill CLI tool. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using Synthaskill you agree to the practices described here.
When you sign in with Google or GitHub we receive and store:
We do not receive your OAuth password, private repositories, or any data beyond what is listed above. OAuth tokens are used only to retrieve your profile and are not stored.
Payments are processed by Stripe. We never see or store your credit card number, CVV, or bank details. After a successful payment we store: your email address, the license tier purchased (Dev or Pro), the Stripe session ID, the amount paid, and the purchase date. This information is required to fulfil your license and comply with financial record-keeping obligations.
When you link a machine to your account using the CLI, a randomly generated device ID (UUID) is created on your local machine and sent to our server. We store the device ID alongside your email to enforce per-plan device limits (10 devices for Dev, unlimited for Pro). The device ID contains no information about your hardware, user account, or file system.
The CLI may send anonymous telemetry to help us understand how the tool is used. Telemetry records include: detected programming languages and build tools, number of agents/skills generated, generation duration, CLI version, and OS platform. Telemetry does never include file paths, source code, repository names, or any personally identifiable information. You can opt out by setting the environment variable SYNTHASKILL_TELEMETRY=0 or passing --no-telemetry to any command.
We set a single session cookie after you log in. This cookie contains a signed session token (no plaintext personal data) and is used solely to keep you authenticated across page loads. It expires after 30 days of inactivity. The cookie is flagged HttpOnly, Secure, and SameSite=Lax. We do not use advertising cookies, tracking cookies, or third-party cookies beyond what is described in Section 3.
We use the information we collect to:
We do not use your data for advertising, profiling, or sale to third parties.
No other third-party analytics, advertising, or tracking services are used.
Your data is stored in a MariaDB database on a dedicated server located at Hetzner FSN1-DC11, Helsinki, Finland (EU). All data in transit is protected by TLS/HTTPS. Session tokens are signed with HMAC-SHA256. Database credentials are kept in server-side environment variables, never in source code. Access to the server is restricted to SSH key authentication.
While we implement industry-standard safeguards, no system can guarantee absolute security. If we become aware of a breach affecting your personal data we will notify you within a reasonable timeframe.
When you request account deletion we will remove your account data, session records, and device records within 30 days. Payment records required for legal compliance are anonymised rather than deleted where deletion is not permitted.
Depending on your jurisdiction (including the EU/EEA under GDPR) you may have the right to:
To exercise any of these rights, email [email protected] with the subject line “Privacy Request”. We will respond within 30 days.
Synthaskill is not directed at children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it.
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. If changes are material we will notify you by email or by a prominent notice on the website. Continued use of Synthaskill after changes take effect constitutes acceptance of the revised policy.
Synthaskill
Owner: Valeriy Baranyshyn
Privacy inquiries: [email protected]