Privacy Policy

Overview

Syqnal Inc. (“Syqnal”, “we”, “us”, “our”) operates the Syqnal platform (the “Platform”), a proof-of-work portfolio and talent system for hardware engineers. This Privacy Policy describes what personal data we collect, why we collect it, how we use and protect it, and what rights you have with respect to your data.

We are committed to minimal data collection: we collect only the data necessary to operate the Platform and provide you with its features. We do not sell your personal data to third parties, and we do not use your data for purposes beyond what is described in this Policy.

Syqnal is a US-based platform. Our primary data storage and processing occurs in the United States. If you access the Platform from outside the United States, your data may be transferred to and processed in the United States in accordance with this Policy.

Data We Collect

Account Data

When you register for an account, we collect your name, email address, username, account type (role), and optionally an institutional affiliation. If you register via GitHub OAuth, we receive your name, email address, and GitHub avatar from GitHub.

Profile Data

Profile information you choose to provide, including engineering discipline, skills, bio, avatar image, graduation year, and location (city/country — not precise GPS). Location data is optional and used for talent search and leaderboard filtering.

Project & Portfolio Data

Content you upload to the Platform, including project descriptions, schematic files, BOM component data, video files, build log entries, simulation media, 3D model files, GitHub repository links, and project annotations.

Usage Data

Information about how you use the Platform, including pages visited, features used, session duration, clicks, and navigation patterns. This data is collected via Google Analytics 4 and PostHog (see Third-Party Services below).

Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not collect or store card numbers, CVV codes, or bank account details. We store only Stripe-generated transaction IDs, amounts, and transaction status codes for record-keeping and dispute resolution purposes.

Communications Data

Emails we send you (transactional notifications, session reminders, alerts), messages you send to our support team, and in-platform notifications. We retain support communications for up to one year.

Technical Data

IP address (used for rate limiting and fraud prevention; not linked to your profile for analytics purposes), browser type, operating system, and device type (collected in aggregated, anonymized form for analytics).

How We Use Your Data

We use the data we collect for the following purposes:

• Service delivery: To operate the Platform, authenticate your account, display your portfolio, process transactions, and deliver notifications and session features.
• Identity verification: To verify institutional affiliations, role eligibility, and mentor application status.
• Talent matching: To surface student profiles to hiring managers, professors, and mentors based on search filters and saved search criteria that those parties have configured.
• Notifications and alerts: To send you activity notifications, session reminders, hiring alerts, and platform updates that you have opted into.
• Platform improvement: To understand which features are used, diagnose errors, and improve the performance and design of the Platform.
• Safety and fraud prevention: To detect and prevent abuse, fraudulent verification attempts, and violations of our Terms of Service.
• Legal compliance: To comply with applicable law, legal process, and enforceable governmental requests.

Third-Party Services

We use the following third-party services to operate the Platform. Each service is governed by its own privacy policy:

Data Sharing

We do not sell your personal data. We do not share your personal data with advertisers, data brokers, or any third party for commercial purposes.

We share your data only in the following circumstances:

• Service providers: With the third-party services listed in Section 4 above, solely to operate the Platform as described.
• Other Platform users: Profile data and portfolio content you make public (subject to your Ghost Tier settings) is visible to other Platform users, including hiring managers and professors who use the search features. You control the visibility of your content through your privacy settings.
• Portfolio exports: If you or your counselor/teacher generates a portfolio export with a share token, the recipient of that token can view the exported portfolio content.
• Legal disclosure: We may disclose your data if required by law, court order, or enforceable governmental request, or to protect the rights, property, or safety of Syqnal, our users, or the public.
• Business transfer: In connection with a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the successor entity, subject to the same privacy commitments.

We may publish aggregated, anonymized statistics about Platform usage (for example, the number of verified projects published per month or aggregate hiring trend data). These statistics cannot reasonably be used to identify individual users.

Data Retention

We retain your data according to the following schedule:

• Active accounts: Retained for the duration of your account and for 90 days following account deletion to allow for recovery requests.
• Project and portfolio data: Retained while your account is active. You may delete individual projects at any time. Verified projects that have been exported in a shared portfolio may retain a record of the export event even after project deletion.
• Application logs and error logs: Retained for 90 days.
• Database backups: Retained for 30 days.
• Transaction records: Payment transaction records are retained for 7 years for tax and legal compliance purposes, even after account deletion.
• Support communications: Retained for up to 1 year.

After the applicable retention period, data is securely deleted or anonymized. Anonymized data (from which all personal identifiers have been removed) may be retained indefinitely for aggregate analysis.

Your Rights

Depending on your location, you may have the following rights with respect to your personal data:

CCPA (California Residents)

California residents have the right to: know what personal information is collected and how it is used; delete personal information; opt out of the sale of personal information (we do not sell personal data); and non-discrimination for exercising these rights. To exercise these rights, submit a Legal & Privacy Request.

GDPR (EU/UK Residents)

If you are located in the European Union or United Kingdom, you have rights under the GDPR / UK GDPR including: access, rectification, erasure, restriction of processing, and data portability. The legal basis for processing your data is contract performance (providing the Platform services you signed up for) and legitimate interest (security, fraud prevention, and Platform improvement). You may lodge a complaint with your local data protection authority. Submit a Legal & Privacy Request to exercise your rights.

Cookies

We use cookies and similar tracking technologies to operate the Platform and analyze usage. Essential cookies are required for authentication and cannot be disabled. Analytics cookies (Google Analytics 4 and PostHog) can be declined via your cookie preferences.

For a complete list of all cookies we use, their purposes, and how to control them, please see our Cookie Policy.

Children's Privacy

The Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly.

For users between 13 and 17 years of age, some jurisdictions require verifiable parental consent before processing personal data. If you are a parent or guardian and believe your minor child has created an account without your consent, please submit a Legal & Privacy Request and we will assist with account review and deletion.

Syqnal supports COPPA (Children's Online Privacy Protection Act) compliance. If an institution deploys Syqnal for students under 13 (for example, in a secondary school context), a separate institutional data processing agreement covering COPPA compliance is required prior to deployment.

Security

We take reasonable technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction:

• All data in transit is encrypted using TLS 1.2 or higher.
• Data at rest is encrypted by our database and storage providers (Neon, Vercel).
• Sensitive fields (such as authentication tokens) are subject to additional field-level encryption within the Platform.
• Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.
• We conduct regular security reviews and dependency audits. CodeQL static analysis runs on every code change.
• Rate limiting via Upstash Redis is applied to public API endpoints to prevent brute force and enumeration attacks.

No security measure is perfect. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify affected users as required by applicable law.

To report a security vulnerability, please use our Support form with the subject “Security Vulnerability Report”. We are committed to investigating all reports promptly and responsibly.

Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision.

For material changes — those that significantly affect your rights or how we handle your personal data — we will notify you by email to the address associated with your account before the changes take effect.

Your continued use of the Platform after the effective date of an updated Privacy Policy constitutes your acceptance of the revised Policy.

Contact

For any questions, requests, or concerns about this Privacy Policy or how we handle your data, please contact us:

For our full legal terms, see our Terms of Service. For information on how we use cookies, see our Cookie Policy.