Privacy Policy

Last updated: April 21, 2026 · Effective: April 21, 2026

TL;DR

We collect what we need to run Synergy — your name, email, phone number, birthday (to confirm you're 18+), and your profile info. We don't sell your data to anyone. Your data lives in Supabase (our database), Twilio sends your login codes, Resend sends your email, and Apple handles your push notifications. You can delete your account anytime from your Profile page, and it's gone within 30 days.

1. Who We Are

Synergy Community is a service of Synergy Events LLC, a Florida limited liability company with its registered address at 1209 Chenille Cir, Weston, Florida 33327, United States. Juan Cheret is the founder and privacy contact.

For privacy purposes, Synergy Events LLC is the "data controller" — the company that decides what personal data gets collected and how it's used. When we say "we," "us," or "Synergy" in this policy, we mean Synergy Events LLC.

2. What We Collect

Here's everything Synergy collects about you, broken down by category. If it's not on this list, we don't collect it.

Account identity

Your full name, email address, phone number (10 digits, US format), and a hashed password. Your phone number is how we identify you across every group you join on Synergy.

Date of birth

We ask for your birthday so we can confirm you're 18 or older. We don't use it for anything else — no birthday emails, no age-targeted content.

Profile

Your avatar image (JPG, PNG, GIF, or WebP up to 5 MB), a short bio, and your Instagram handle if you choose to add one. All three are optional.

Group membership & sales data

When a promoter adds you to a group, we store your role in that group (editor, viewer, or promoter), the promo code the admin assigned you, your tier position, and your sales or revenue numbers pulled from the group's ticketing imports.

User-generated content

Anything you post in community chat within a group, and any blast proof screenshots you upload to confirm you shared a promo asset. Other members of your group can see these; people outside the group cannot.

Moderation records

If you report another user or block someone, we store that report or block (who you reported, who you blocked, and the reason if you provided one). Group admins and Synergy admins review reports to keep the community safe. See Section 7 for the rights you have over this data.

Device data

If you install the Synergy iOS app and allow push notifications, we store an Apple Push Notification Service (APNs) device token so we can send you notifications. We also detect whether you're online or offline so the app can show an offline banner when your internet drops.

Behavioral data

Timestamps for when you apply to a group, when an admin accepts or denies your application, and basic login activity (managed by our auth provider, Supabase — see Section 4).

Consent timestamps

When you sign up, we record the exact date and time you agreed to our Terms of Service and this Privacy Policy. We keep this record so we can prove — to you, to regulators, and to Apple — that you gave informed consent.

Pre-signup placeholder data

You may appear as a placeholder in a group roster before you sign up — because a promoter imported a ticketing roster from Shotgun (or a similar platform) that included your name and phone number. That placeholder lives in the group's member list until someone signs up with the matching phone. When you sign up with that phone, your placeholder data merges automatically into your new account.

Data stored on your device (not sent to us)

While you're filling out the signup form, your name, email, phone, birthday, and avatar preview are saved in your browser's sessionStorageso a page refresh doesn't wipe your progress. This data stays on your device and is cleared automatically once your signup succeeds. It never reaches our servers unless you complete signup.

What we don't collect

We don't collect your location. We don't collect your contacts, photos, or camera roll. We don't read your other apps. We don't track you across the internet. We don't ask for a Social Security number or any payment information — Synergy is free for members.

What our infrastructure providers log

Our hosting and database providers (Supabase, Netlify, Sentry, and the Meta Pixel on the website only) automatically log IP addresses and user-agent strings for security, analytics, and abuse prevention. Synergy's own code does not write IP addresses into our database. See Section 4 for details on each provider.

3. How We Use It

We use your data only for these specific purposes:

To log you in: your phone number (or email + password) identifies your account. Without it, there's no way to sign you in.
To confirm you're 18+: we calculate your age from your birthday. If you're under 18, we don't let you sign up.
To match you with ticketing data: your promo code in each group is matched against ticket sales exports from Shotgun so we can show you (and your promoter) how many tickets you've sold.
To send you push notifications: your APNs token lets us send you app alerts (new blast, application accepted, etc.) when you opt in.
To respond to you: if you email us for support, we use your email or phone number to reply.
To keep the service working: error telemetry (via Sentry) tells us when something breaks so we can fix it.
To run moderation: your reports and blocks help us and group admins remove bad actors.
To link your placeholder record: when a promoter pre-imported your info from a ticketing roster, we merge that placeholder into your account when you sign up.
To prove consent: we keep your ToS and Privacy Policy consent timestamps as an audit trail in case we ever need to show a regulator or court that you agreed to these terms.

4. Who We Share It With

Synergy runs on a handful of third-party services. Each one only sees the specific data it needs to do its job. Every provider listed here is required by our agreements with them to protect your data at least as well as we do.

Supabase (primary data processor, USA)

Supabase runs our database, authentication, file storage, realtime channels, and edge functions. Everything stored in Synergy lives in Supabase's US region. They see your full account data.

Twilio Verify (SMS login codes)

When you log in with your phone, Twilio sends you a 6-digit code by text message. Twilio sees only your phone number — nothing else.

Resend (transactional email)

Resend sends our welcome email, application-accepted and application-denied emails, password-reset emails, and blast notification emails. Resend sees your name, email address, and the content of the email we're sending you.

Apple Push Notification Service (APNs) (iOS push)

APNs delivers push notifications to the iPhone app. Apple sees your device token and the notification payload (title and body text). Apple does not see any data from inside the app.

Apple — Sign in with Apple (future feature)

We're preparing a future option to let you sign in with your Apple ID. When we launch it, Apple will see an opaque user ID and (optionally) an email relay address. We're disclosing this now for transparency; the feature is not yet live.

Sentry (error tracking)

Sentry collects error reports when Synergy crashes or hits a bug — stack traces, the URL you were on, your user-agent, and sanitized context about what the app was doing. Sentry never receives your password, payment information, or message content. Error logs are retained for 90 days.

Meta Pixel (Facebook) (web only — not in the iOS app)

On our website (synergy-community.com), we use the Meta Pixel to track page views so we know which pages people visit. This does not run inside the Synergy iOS app — we've stripped it from the native build. When you use our website in a browser, Meta may receive your page URL, the _fbp cookie, your user-agent, and your IP address.

Google Fonts (web fonts CDN)

Our website loads the Inter and Poppins fonts from Google's font CDN. When your browser requests a font, Google may log your IP address. Google does not receive any Synergy account data.

Netlify (hosting)

Netlify hosts the Synergy website and serves each page you visit. Netlify keeps request logs (IP, user-agent, URL) for infrastructure and abuse-prevention purposes. Netlify does not see your account data.

Cloudflare (DNS only)

We use Cloudflare for DNS (turning synergy-community.com into an IP address). Cloudflare does not proxy your traffic and does not see your data.

No sale of your personal information

We do not sell your personal information. We do not share it with advertisers, data brokers, or any third party for marketing purposes. The only third parties we send data to are the service providers listed above, and only to the extent needed to run Synergy.

No automated decision-making

We do not use automated decision-making technology that produces legal or similarly significant effects on you. Decisions about your account (application approval, moderation, account termination) are made by humans — group admins or Synergy staff.

5. When We May Need to Disclose Data

Beyond the service providers in Section 4, there are limited situations where we may be legally required (or ethically obligated) to disclose your personal data. These are the only situations:

Legal process: if we receive a valid subpoena, court order, search warrant, or other lawful request from a government authority, we may disclose the data the law requires. We will only disclose what's specifically requested, and where legally permitted we'll notify you first so you have the chance to contest the request.
Safety emergencies: if we reasonably believe disclosure is necessary to prevent imminent harm to you, another user, or the public (for example, threats of violence or self-harm surfaced through moderation reports), we may share information with law enforcement or emergency responders.
Fraud and abuse investigations: if we're investigating suspected violations of our Terms of Service, fraud against Synergy, or abuse targeting our users, we may share relevant records with outside counsel, law enforcement, or affected parties as needed to resolve the issue.
Business transactions: if Synergy Events LLC is acquired, merges with another company, or sells substantially all of its assets, your personal data may transfer to the successor entity as part of that transaction. We'll notify you by email at least 30 days before the transfer completes, and the successor will be bound by this Privacy Policy (or a substantially equivalent one).
Protecting our rights: we may disclose information as needed to establish, exercise, or defend legal claims on behalf of Synergy Events LLC.

In every one of these situations, we will disclose only the minimum data necessary and will keep a record of the disclosure for audit purposes.

6. How Long We Keep It

Account data: we keep your data for as long as your account is active.
After you delete your account: your profile, messages, group memberships, and uploaded content are permanently removed within 30 days.
Error logs (Sentry): retained for 90 days, then auto-deleted.
Backup snapshots: deleted data may briefly persist in routine backup snapshots for up to 30 additional days before final purge.
Moderation records: reports and blocks you file are kept as long as your account exists, so repeat-offender patterns can be identified. They're deleted when your account is deleted.
Consent timestamps: kept for as long as your account exists so we can prove you agreed to our terms. Deleted when your account is deleted, unless we're required by law (for example, in response to a regulator request) to retain them longer.
Legal hold: if we're legally required to retain specific data for longer (for example, in connection with an open investigation or an ongoing legal claim), we may keep it beyond the periods above, but only for as long as the legal requirement applies.

7. Your Rights

You have the following rights over your data. To exercise any of them, email us at team@synergy-community.com or use the in-app tools where noted.

Right to know: ask for a copy of the data we hold about you.
Right to delete: delete your account anytime from the Profile page — see Section 13.
Right to correct: update your name, email, phone, avatar, bio, and Instagram handle directly from your Profile page.
Right to portability: ask us for an export of your data in a machine-readable format.
Right to opt out of sale or sharing: we don't sell your data, so there's nothing to opt out of.
Right to limit use of sensitive personal information (California residents, 2026): email us to restrict how we use your phone number and date of birth.
Right to non-discrimination: exercising any of these rights will not affect the service you receive. We won't charge you more, give you a worse experience, or kick you out.
EU / UK residents (GDPR): you additionally have the right to object to processing, restrict processing, and lodge a complaint with your local data protection supervisory authority.
Withdraw consent: you can turn off push notifications in iOS settings at any time, and you can stop using Synergy by deleting your account.

8. Children

Synergy is for users 18 years of age or older. We do not knowingly collect information from anyone under 18. During signup we ask for your birthday and block accounts where the calculated age is below 18.

If we discover an account belonging to someone under 18, we'll delete it. Parents or guardians who believe their child has created an account can contact us at team@synergy-community.com and we'll remove it promptly.

9. Data Storage & Security

Where it lives: your data is stored in Supabase's US region in a PostgreSQL database with Row-Level Security (RLS) enforced.
How it travels: every connection between your device and Synergy uses HTTPS / TLS encryption.
Passwords: passwords are hashed by our auth provider (Supabase GoTrue). We never see, store, or transmit your password in plain text.
Who can see your profile: other Synergy members in your group can see your public fields (name, avatar, bio, Instagram handle). Your email, phone number, and birthday are only visible to you and Synergy's admins.
Admin access: only super-admins (Synergy's own staff, currently Juan) can read all profiles. Group admins can only see the profiles of members in their own group.

No system is perfectly secure.While we use industry-standard practices to protect your data (TLS in transit, Row-Level Security in the database, hashed passwords, access-scoped admin roles), no method of transmission over the internet and no method of electronic storage is 100% secure. We can't guarantee absolute security, and you agree not to hold Synergy Events LLC liable for security issues caused by circumstances beyond our reasonable control (for example: a successful attack against a service provider despite their own reasonable security measures).

Do Not Track.Your browser may send a "Do Not Track" signal. Because the DNT standard hasn't been adopted industry-wide and doesn't have a common meaning, we don't currently respond to it. You can still exercise any of the rights listed in Section 7.

10. International Transfers

Our primary database runs in Supabase's US region. If you're located in the European Economic Area (EEA), the United Kingdom, or Switzerland, your data is transferred to the United States when you use Synergy. We rely on the Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for this transfer.

If you have questions about how your data is protected during international transfer, email us at team@synergy-community.com.

11. Links to Other Sites

Synergy may contain links to external websites and services that we don't operate — for example, Instagram profiles, Shotgun event pages, Apple's App Store, or a promoter's own external site. When you click a third-party link, you leave Synergy and land on a service run by someone else.

We're not responsible for the content, privacy practices, or security of any third-party site. We strongly encourage you to review the privacy policy of every website you visit. This Privacy Policy only covers data handled by Synergy Events LLC.

12. Changes to This Policy

We may update this Privacy Policy as Synergy grows. When we make a material change, we'll notify you by email and/or an in-app prompt, and we'll update the "Last updated" date at the top of this page. You'll have at least 30 days to review the update before it affects you. If you keep using Synergy after that, we take it as acceptance of the updated policy.

If any part of this policy is found to be invalid or unenforceable, the rest of the policy stays in force.

13. Contact Us

Questions, data requests, or complaints? Email us at team@synergy-community.com or juanma.cheret@gmail.com. We read every message.

Or by mail:

Synergy Events LLC
1209 Chenille Cir
Weston, Florida 33327
United States

14. Delete Your Account

You can delete your Synergy account anytime from the Profile page by tapping "Delete Account." This permanently removes your profile, group memberships, sent messages, uploaded content, reports you filed, and any pre-signup placeholder record that merged into your account. Deletion completes within 30 days; routine backup snapshots are purged within 30 more days after that.

If you can't reach the in-app delete button for any reason, email us at team@synergy-community.com and we'll delete your account manually.

Read our Terms of Service →