Legal

Privacy Policy

How Synthos collects, uses, stores, and protects your data — including data accessed from Google via the Gmail API.

Last updated: June 28, 2026

1. Overview

Run Synthos LLC (“Run Synthos LLC,” “Synthos,” “we,” “us,” or “our”) operates the Synthos platform available at app.runsynthos.com (the “Service”), which helps Amazon sellers track orders and detect leakage by reading order and purchase confirmation emails. This Privacy Policy explains what information we collect, how we use it, how we store and protect it, and the choices you have.

This policy applies to runsynthos.com, app.runsynthos.com, and the related services we operate. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Google User Data & the Gmail API

With your explicit consent, the Service connects to your Google account and accesses your Gmail messages using Google’s gmail.readonly scope. This is read-only access — we never send, delete, or modify your email.

We use this access for a single, specific purpose:

  • To read order and purchase confirmation emails (for example, order-confirmation and shipping-notification messages) and extract structured order data from them — such as items purchased, order totals, order dates, and tracking numbers.
  • That extracted order data powers your order tracking and leakage detection dashboards within our Amazon-seller operations platform.

We only process the data necessary for these features. We do not read, index, or store the contents of unrelated emails, and we do not use Gmail data for advertising of any kind.

3. Limited Use & the Google API Services User Data Policy

Synthos’ use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In keeping with those requirements, we affirm that:

  • We only use Google user data to provide and improve the user-facing features described in this policy.
  • We do not transfer or sell Google user data to third parties for advertising, marketing, or other unrelated purposes.
  • We do not use Google user data to serve advertisements.
  • We do not allow humans to read Google user data unless we have your affirmative consent for specific messages, it is necessary for security purposes (such as investigating abuse), required to comply with applicable law, or the data has been aggregated and anonymized for internal operations.

4. Information We Collect

We collect the following categories of information:

  • Account information — your name, email address, and the Google account identifier you use to sign in, plus basic profile details provided by Google during authentication.
  • Order data extracted from Gmail — the structured purchase details (items, totals, order and shipping dates, tracking numbers, and related metadata) parsed from your order-confirmation emails.
  • OAuth tokens — the access and refresh tokens issued by Google so the Service can read your messages on your behalf, stored securely and used only to perform the functions you authorized.
  • Usage and technical data — limited log and device information (such as IP address, browser type, and timestamps) used to operate, secure, and debug the Service.

5. How We Use Information

We use the information we collect to:

  • Provide order tracking — aggregating purchase data into your dashboard so you can monitor orders end to end.
  • Power leakage detection — analyzing order data to surface discrepancies and anomalies relevant to Amazon-seller operations.
  • Authenticate you, maintain your account, and provide customer support.
  • Operate, secure, debug, and improve the Service, and comply with legal obligations.

We do not sell your personal information or Google user data, and we do not use Gmail data for advertising.

6. How We Share Information

We do not sell your data. We share information only in these limited circumstances:

  • Service providers — infrastructure vendors that process data on our behalf under contract, such as our database and hosting provider (see Storage & Security below). They may only use the data to provide services to us.
  • Legal requirements — when required to comply with applicable law, regulation, legal process, or an enforceable governmental request.
  • Protection of rights — to detect, prevent, or address fraud, security, or technical issues, or to protect the rights and safety of our users and the public.

Any sharing of Google user data is consistent with the Google API Services User Data Policy, including the Limited Use requirements.

7. Storage & Security

We store data in a managed Supabase (PostgreSQL) database. We apply industry-standard safeguards to protect your information, including:

  • Encryption at rest for stored data and encryption in transit (TLS) for data moving between your device, Google, and our systems.
  • Access controls that restrict data access to authorized personnel and systems on a need-to-know basis, with OAuth tokens and secrets handled securely.
  • Ongoing monitoring and safeguards appropriate to the sensitivity of the data we handle.

No method of transmission or storage is completely secure, but we work to protect your information and to limit the data we retain to what the Service needs.

8. Data Retention

We retain your account information and extracted order data for as long as your account is active or as needed to provide the Service. You may request deletion of your data at any time.

When you revoke access or delete your account, we delete or de-identify the associated Google user data and stored OAuth tokens within a reasonable period, except where we are required to retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements. To request deletion, contact support@runsynthos.com.

9. Your Choices & Revoking Access

You are in control of the access you grant to Synthos. You can revoke the Service’s access to your Google account at any time:

  • Visit your Google Account permissions page at myaccount.google.com/permissions, select Synthos, and choose “Remove access.”
  • You may also disconnect your Google account from within the Service settings, or email us to request account and data deletion.

Revoking access stops further reading of your Gmail messages. It does not by itself delete data already stored — to remove that, also request deletion as described above.

10. Children’s Privacy

The Service is intended for businesses and users aged 18 and older. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can remove it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at support@runsynthos.com.

See also our Terms of Service.