SynapseCom
CS

Privacy Policy

Last updated: January 2026

1. Introduction

SynapseCom ("we", "us", or "our"), operated by Cabakorp, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our end-to-end encrypted messaging platform.

SynapseCom is a private communication platform designed for organizations that require genuine privacy. Our architecture is fundamentally different from typical messaging apps — we minimize data collection and maximize encryption.

2. Information We Collect

Due to our end-to-end encryption architecture, we collect only the minimum information necessary to operate the service:

Account Information

  • Email address (required for account identification)
  • Display name (optional, set by you or your administrator)
  • Phone number (optional)
  • Organization membership and role

Device Information

  • Device name (user-provided identifier)
  • Device type (e.g., iPhone, iPad)
  • Device certificate thumbprint (for secure authentication)
  • Last connection timestamp

Push Notification Tokens

  • Apple Push Notification service (APNs) tokens for message delivery notifications
  • VoIP push tokens for incoming call notifications

3. What We Cannot Access

By design, the following data is inaccessible to us and our servers:

  • Message content — All messages are encrypted end-to-end using the Signal Protocol. Only you and your intended recipients can read your messages.
  • Voice and video call audio/video — Calls are transmitted peer-to-peer with DTLS-SRTP encryption. Call media never passes through our servers.
  • Your private encryption keys — Private keys are generated on your device and stored exclusively in your device's Secure Enclave or Keychain. They never leave your device.
  • Call history — Your call records are stored locally on your device only and are never synchronized to our servers.

4. Voice and Video Calling

SynapseCom supports encrypted voice and video calls with the following privacy characteristics:

  • Calls are established peer-to-peer using WebRTC technology
  • All call media is encrypted with DTLS-SRTP — we cannot listen to or record your calls
  • Call signaling (connection setup) passes through our servers but contains no call content
  • Call history is stored only on your local device
  • We use TURN/STUN servers to help establish connections when direct peer-to-peer is not possible due to network restrictions

5. Message Handling and Retention

Messages in SynapseCom are handled with privacy as the primary concern:

  • Encrypted storage — Messages are stored as encrypted ciphertext. Without the decryption keys (which exist only on recipient devices), the content is unreadable.
  • Ephemeral messages — You can set messages to automatically expire. Expired messages are permanently deleted from our servers.
  • Metadata — We store minimal metadata necessary for message delivery: timestamps, delivery status, and sender/recipient device identifiers.
  • Message reactions — Reactions to messages are also encrypted.

6. Third-Party Services

We use a limited number of third-party services to operate SynapseCom:

  • Apple Push Notification service (APNs) — To deliver message and call notifications to iOS devices. Push notifications contain minimal information and no message content.
  • Brevo — For sending invitation and account-related emails only.
  • TURN/STUN servers — To facilitate WebRTC call connections. These servers relay encrypted call data when direct peer-to-peer connections cannot be established.
  • Microsoft Azure — Our infrastructure is hosted on Azure in the West Europe region.

7. Data Security

We implement multiple layers of security to protect your data:

  • Signal Protocol — Industry-standard end-to-end encryption with forward secrecy and future secrecy (Double Ratchet algorithm)
  • Post-quantum cryptography — We use ML-KEM-768 (CRYSTALS-Kyber) to protect against future quantum computing threats
  • Device certificates — Mutual TLS authentication ensures only authorized devices can connect
  • Data isolation — Each organization's data is isolated using PostgreSQL Row-Level Security policies
  • Encrypted local storage — The iOS app stores data in an encrypted local database

8. Data Retention and Deletion

We retain data only as long as necessary:

  • Account data is retained while your account is active
  • Ephemeral messages are automatically deleted after their expiration time
  • Call session data is temporary and automatically expires within 5 minutes of call completion
  • Device data is retained until the device is removed or revoked
  • Upon account deletion, your data is removed from our servers

9. Emergency Data Deletion

SynapseCom includes an emergency "panic button" feature that allows organization administrators to immediately and permanently delete all organization data in crisis situations. When activated:

  • All messages and conversations are permanently deleted
  • All user accounts in the organization are deactivated
  • All registered devices are revoked
  • This action is irreversible — data cannot be recovered

10. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict processing of your data
  • Data portability (receive your data in a structured format)

Note: Due to end-to-end encryption, we cannot provide access to message content as we do not have the ability to decrypt it. You can export your messages directly from the app on your device.

11. Device Permissions

The SynapseCom app may request the following device permissions:

  • Microphone — Required for voice calls
  • Camera — Required for video calls
  • Push notifications — To receive message and call notifications

You can manage these permissions in your device settings at any time.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the app or by email. Your continued use of SynapseCom after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at [email protected].

Data Controller: Cabakorp
Website: https://cabakorp.com