Privacy Policy

Symphoria AI ("Symphoria," "we," "us," or "our") operates the intelligence investigation platform at app.symphoria.ai and the website at www.symphoria.ai. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

Our constitution argues that memory preservation and information integrity are democratic necessities. We hold ourselves to the same standard: protecting the integrity and confidentiality of the information entrusted to us by our users is a constitutional obligation, not a commercial convenience.

1. Information We Collect

Account Information

When you create a Symphoria account, we collect your name, email address, organization name, and billing information necessary to provide the service.

Investigation Data

In the course of using Symphoria, you may upload documents, create case files, generate hypotheses, and produce analytical outputs. This investigation data belongs to you. We process it solely to provide you with the service and do not access, review, or use it for any other purpose.

Usage Data

We collect anonymized, aggregated information about how the platform is used — such as feature adoption, session duration, and error rates — to improve reliability and performance. This data cannot be traced back to individual investigations or users.

Technical Data

When you access our services, we automatically collect standard technical information: IP address, browser type, device information, and operating system. This data is used exclusively for security, fraud prevention, and service stability.

2. How We Use Your Information

• Service delivery. To operate the Symphoria platform, process your investigations, run AI-powered analyses, and deliver results to you.
• Security and integrity. To protect the platform from unauthorized access, detect anomalies, and maintain the integrity of your data.
• Service improvement. To improve platform reliability and performance using anonymized, aggregated usage data that cannot identify you or your investigations.
• Communication. To send you essential service notifications, security alerts, and, with your consent, product updates.
• Legal compliance. To comply with applicable laws, regulations, or valid legal processes.

3. Data Confidentiality and Sharing

There are only two ways your investigation data becomes accessible to anyone other than you:

1. You publish an investigation. Symphoria includes a publish feature that allows you to make an investigation publicly available. Published investigations contribute to our federated learning system (see Section 4 below). Publishing is always a deliberate, explicit action on your part — it never happens automatically.
2. You share via a private link. You may generate a shareable link to grant access to specific people. Only individuals who have the link can view the shared investigation. We do not index, display, or make link-shared investigations discoverable to anyone else.

Outside of these two user-initiated actions, your data remains strictly confidential. We do not access your investigation content for marketing, advertising, profiling, or any purpose beyond delivering the service you have requested.

Service Providers

We work with a limited number of infrastructure providers (hosting, payment processing) who may process certain data on our behalf under strict contractual obligations of confidentiality and data protection. These providers never have access to the substance of your investigations.

Legal Requirements

We may disclose information if required by law, subpoena, or court order. In such cases, we will notify you to the extent legally permitted and will challenge overbroad or unjustified requests.

4. Federated Learning and AI

Symphoria uses AI to power investigation analysis, entity resolution, and pattern detection. Our approach to AI training reflects the same principles that animate our constitution: collective intelligence without compromising individual sovereignty.

Your private investigations are never used to train our models. Only investigations that you have explicitly published via the publish feature contribute to our federated learning system. This is a deliberate architectural choice: the learning system improves only from knowledge that users have consciously chosen to make available.

Federated learning allows the platform to recognize patterns — shell company structures, sanctions evasion techniques, beneficial ownership obfuscation — that no single investigation could reveal. When PE Firm A publishes findings about Company X, and Law Firm B publishes findings about Company Y, the system can surface structural patterns that neither would see alone. This collective intelligence is built exclusively from published contributions.

If you deploy Symphoria's on-premise model, you may choose to opt into federated learning to improve the model for all users, or keep your deployment fully isolated. This choice is yours.

5. Data Retention

We retain your investigation data for as long as your account is active or as needed to provide you with the service. You may export or delete your data at any time through the platform.

Upon account termination, we will delete your investigation data within 30 days, except where retention is required by law or necessary to resolve disputes. Anonymized, aggregated data that cannot identify you or your investigations may be retained indefinitely for service improvement.

Published investigations, having been made public by your explicit choice, remain available as part of the federated learning corpus unless you unpublish them. Shared links become inactive upon deletion of the underlying investigation.

6. Security

We implement rigorous security measures to protect your data, including:

• Encryption in transit (TLS) and at rest (AES-256)
• Role-based access controls with audit logging
• Regular security assessments and penetration testing
• Air-gapped deployment options for classified environments
• Full data sovereignty for on-premise customers — nothing leaves your network

No system is perfectly secure. If we become aware of a security breach affecting your data, we will notify you promptly and take all reasonable steps to mitigate the impact.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Request correction of inaccurate or incomplete data.
• Deletion. Request deletion of your personal data and investigation files.
• Data portability. Export your data in a structured, machine-readable format.
• Objection. Object to processing of your data for specific purposes.
• Restriction. Request that we limit processing of your data in certain circumstances.
• Withdraw consent. Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at alisher@symphoria.ai. We will respond within 30 days.

8. International Data Transfers

Symphoria operates across jurisdictions. If your data is transferred outside your country of residence, we ensure appropriate safeguards are in place, including standard contractual clauses and equivalent protections. On-premise deployments eliminate cross-border transfers entirely.

9. Cookies and Tracking

Our website uses essential cookies required for the site to function. We use anonymized analytics to understand aggregate usage patterns. We do not use advertising cookies, tracking pixels, or any third-party tools that profile your behavior across the web.

10. Children's Privacy

Symphoria is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a prominent notice on our platform at least 30 days before they take effect. Your continued use of Symphoria after such notice constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or our data practices, contact us:

Symphoria AI
Email: alisher@symphoria.ai