Privacy Policy

Effective: May 11, 2026 · Last updated: May 11, 2026

This Privacy Policy describes how OMNISTRATA, LLC ("Syntrix," "we," "us") collects, uses, and shares information when you use syntrix.solutions and api.syntrix.solutions (the "Service").

Information we collect

Account information. When you create an account, we collect your email address and a hashed version of your password. We never store passwords in plaintext.

Scan data. When you submit a scan, we collect: the target URL you provided, your account ID (if logged in) or IP address (if guest), the findings produced, and timestamps and scan metadata.

Usage data. Standard server logs (IP address, user agent, request paths, timestamps) for security and operational purposes.

Payment information. Payment processing is handled by Stripe. We do not store your card number; Stripe does. We receive a customer ID, the last four digits of your card, and your subscription status.

Conversations with MIRA. If you use the MIRA assistant on our website, we may log your questions and our responses to improve the assistant. Don't share confidential data with MIRA — assume MIRA conversations are not private.

We do not knowingly collect information from anyone under 16.

How we use information

• To provide the Service (run scans, return results, authenticate, bill)
• To improve checks and detect false positives or negatives
• To communicate with you about your account or service changes
• To comply with legal obligations
• To protect the Service from abuse

How we share information

We do not sell your information.

We share information with:

• Service providers we use to operate the Service (Render for hosting, Stripe for payments, Cloudflare for DNS, Netlify for static hosting, Resend for transactional email, Anthropic for MIRA)
• Law enforcement when required by valid legal process
• A successor entity in the event of a merger, acquisition, or sale of assets

Scan targets — your responsibility

When you submit a target URL, you represent that you own the target or have explicit written authorization to test it. We log scan submissions including target URL, your account ID or IP, and timestamps. If we receive an abuse report alleging unauthorized scanning, we will provide these logs to law enforcement upon valid legal process.

Data retention

• Account information: while your account is active, plus 30 days after deletion
• Scan results: 90 days, unless your plan includes longer retention
• Server logs: 90 days
• Billing records: 7 years (tax law)
• MIRA conversations: 90 days

Your rights

You may have rights to access, correct, delete, or export your personal information depending on where you live. Email chandler@syntrix.solutions and we'll respond within 30 days.

California residents: see CCPA addendum below.

EU/UK residents: our legal basis for processing is contract performance and legitimate interests (security, fraud prevention).

Security

• Passwords hashed with Argon2
• TLS in transit
• Encrypted at rest where supported by our providers
• Production access limited to authorized personnel

No system is perfectly secure. If we discover a breach affecting your information, we will notify you within 72 hours of confirming the breach.

Changes to this policy

We will post any changes here with an updated "Last updated" date. Material changes will be communicated by email at least 14 days before they take effect.

Contact

Privacy questions or general contact: chandler@syntrix.solutions

California (CCPA) addendum

California residents have the right to:

• Know what categories of personal information we collect
• Request deletion of personal information
• Opt out of any sale of personal information (we do not sell)
• Not be discriminated against for exercising these rights

To exercise these rights, email chandler@syntrix.solutions.