Privacy Policy

At SynapseScope Inc. (“SynapseScope”, “we”, “our”, or “us”), we believe that data privacy and transparency form the foundation of trustworthy partnerships. This Privacy & Cookies Policy explains how we collect, use, disclose, and safeguard personal information when you interact with our websites and software platforms, including www.synapsescope.com and app.synapsescope.com (collectively, the “Platform”).

SynapseScope operates with enterprise-grade data protection standards and complies with applicable privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada.

Our commitment extends beyond regulatory compliance — we design our data practices to respect the individuals whose information we process, minimize unnecessary data collection, and give users meaningful control over their personal information.

By using our websites or Platform, you acknowledge that you have read and understood this Policy. If you do not agree with the terms described here, please discontinue use of the Platform.

This Privacy & Cookies Policy applies to all personal information collected, used, or disclosed by SynapseScope Inc. through our digital properties and related services, including:

• Website: www.synapsescope.com (the "Website"), which provides product, marketing, and informational content;
• Platform: app.synapsescope.com (the "Platform"), where registered users access our products and services such as skill analysis, leadership assessments, and workforce analytics;
• Associated Interactions: Our communications with you via email, chat, or other digital channels, participation in assessments, demos, or surveys, and interactions with our customer success or technical-support teams.

This Policy covers how SynapseScope handles personal information belonging to:

• Visitors to our public Website;
• Authorized users of our Platform;
• Business customers, prospects, and partners; and
• Individuals whose information may be processed as part of the services we deliver to our enterprise clients.

It does not apply to information processed by third-party websites or applications that are not controlled by SynapseScope, even if they are linked from our Website or Platform. Those parties are responsible for their own privacy practices.

If SynapseScope acts as a data processor or service provider on behalf of a client (for example when analyzing leadership assessment results within a client organization), our handling of that information is governed by our Data Processing Agreement (DPA) with the client, rather than this Policy.

SynapseScope collects only the information necessary to deliver, secure, and enhance our services. The type of information we collect depends on how you interact with our Website, Platform, or related communications.

A. Information You Provide Directly

These are details you intentionally share with us—for example:

• Account and Registration Data – name, business email, company, job title, and login credentials when creating an account or requesting a demo.
• Assessment, Behavioral, and Skill Profile Data – responses you submit in leadership or behavioral assessments, and any skill information generated through our extraction tools. This may include structured outputs such as a Skill Profile, Leadership Persona, or Competency Map created from the data you choose to provide. These profiles contain job-related skills and behavioral indicators only – they do not include personal identifiers.
• Communications and Support Requests – information you provide when contacting us by email, chat, or web forms.
• Billing and Transaction Details – payment method, billing contact, and related records for paid services.

B. Information Collected Automatically

When you visit or use the Platform, certain technical data is gathered automatically through cookies and similar technologies, including:

• Device and Browser Data – IP address, browser type, device ID, operating system, and time zone.
• Usage and Interaction Data – pages visited, features used, clicks, session duration, and navigation patterns.
• Performance and Security Logs – login timestamps and system events used for authentication and intrusion prevention.

This information helps us maintain reliability, detect security issues, and improve performance.

C. Information Obtained from Third Parties

We may receive limited business-related data from:

• Enterprise clients who authorize employees to complete assessments or skills analyses.
• Service providers for authentication, analytics, or payment processing.
• Public professional sources (e.g., LinkedIn profiles or business directories) used solely for legitimate B2B communication.

We do not purchase or sell consumer data lists.

C-1. Optional Document Uploads and Incidental Personal Information

Our Platform enables users to upload documents—such as résumés, job descriptions, or learning and development materials—for the purpose of extracting skill-related information only.

• SynapseScope does not intentionally collect or require personally identifiable information (PII) through these uploads.
• Uploaded documents are processed automatically and temporarily to extract skills; data results are detached from the original file once processing is complete.
• Users are responsible for ensuring that documents they upload do not include unnecessary personal or confidential data.

If a user informs us that they have accidentally uploaded personal information, we will take prompt action to delete it from our systems. Because SynapseScope does not review or inspect uploaded content manually, we would otherwise not be aware that personal data has been included.

Any incidental personal data is processed only to perform the requested skill extraction; under SynapseScope’s legitimate interest in providing the service; and is deleted or anonymized immediately after processing. We do not retain, analyze, or share such data for any other purpose.

D. Sensitive Information

SynapseScope does not intentionally collect sensitive information such as health data, racial or ethnic origin, religious beliefs, or government identifiers.

If sensitive data is inadvertently provided, it is treated as incidental and removed in accordance with this Policy.

E. Aggregated or De-identified Data

We may create aggregated or de-identified data derived from personal information—for example, anonymized leadership-assessment or skill-profile metrics.

This information cannot identify individuals and may be used for analytics, research, or product improvement.

We implement industry-standard physical, technical, and administrative safeguards to protect personal data from unauthorized access, disclosure, alteration, or loss.

SynapseScope uses the information we collect only for legitimate business and operational purposes that are consistent with this Policy and applicable privacy laws. We never sell personal information, use it for unrelated marketing, or share it with third parties except as described below.

A. To Provide and Operate Our Platform

We process account, assessment, and skill-profile data to:

• Create and maintain user accounts and authenticate logins.
• Deliver the requested assessments, analytics, and skill-extraction results.
• Generate dashboards, leadership personas, and skill-readiness insights that the user or client organization has requested.
• Maintain platform functionality, security, and uptime.

B. To Enhance User Experience and Improve Our Services

We analyze aggregated or de-identified usage and feedback data to:

• Understand how features are used and where users encounter friction.
• Train and refine our models for skill categorization, leadership assessment scoring, and platform performance.
• Develop new products or modules aligned with user needs.

Analytics are performed on anonymized or pseudonymized data wherever feasible.

C. To Provide Customer Support and Communication

We use contact and communication data to:

• Respond to inquiries, technical-support tickets, or feature requests.
• Notify users about updates, feature releases, or service-related issues.
• Send administrative messages (e.g., password resets, system maintenance notices).

Marketing or product-education communications are sent only when you have opted in, and you may unsubscribe at any time.

D. To Ensure Security and Compliance

We process device logs, authentication records, and activity data to:

• Detect, prevent, and respond to fraud, abuse, or unauthorized access.
• Enforce Platform Terms of Use and other contractual obligations.
• Comply with legal requirements, governmental requests, or court orders where applicable.

E. To Conduct Research and Generate Insights

We may use de-identified or aggregated information to produce statistical analyses, workforce trends, or leadership-development insights.
All such outputs are anonymized and cannot identify any individual or organization unless the client explicitly authorizes named reporting under contract.

F. For Legal and Regulatory Obligations

We may retain and use limited information where necessary to:

• Meet tax, accounting, or auditing requirements.
• Respond to legal claims or protect our rights and the rights of others.
• Demonstrate compliance with privacy and data-security laws (e.g., GDPR Articles 5 & 30).

Under applicable privacy laws, including the General Data Protection Regulation (GDPR), PIPEDA, and the California Consumer Privacy Act (CCPA), SynapseScope must identify a lawful basis for each category of personal data it processes.

We rely on the following lawful bases depending on the context of the interaction:

A. Performance of a Contract

We process information when it is necessary to perform a contract or to take steps at your request before entering into a contract.

This includes:

• Creating and managing Platform user accounts.
• Delivering skill analyses, leadership assessments, and related outputs.
• Providing customer support or technical assistance.

When your organization (our client) subscribes to SynapseScope, our data processing is governed by the relevant Service Agreement and Data Processing Agreement (DPA).

B. Consent

We rely on your consent when:

• You choose to receive marketing or product-update communications.
• You consent to the use of optional cookies (functional, analytics, or marketing).

You may voluntarily upload documents or respond to optional surveys.

You can withdraw your consent at any time by adjusting your cookie preferences or contacting us directly at privacy@synapsescope.com. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

C. Legitimate Interests

We process information based on our legitimate interest in:

• Providing and improving our services for clients and users.
• Analyzing aggregated Platform usage to enhance features and user experience.
• Securing our systems and preventing misuse or fraud.
• Handling incidental personal data (e.g., if a user uploads a document containing PII by mistake) to perform the requested service, followed by deletion or anonymization.

Whenever we rely on legitimate interests, we balance those interests against your privacy rights to ensure proportionality and fairness.

D. Compliance with Legal Obligations

We may process certain information when necessary to:

• Meet tax, accounting, auditing, or record-keeping obligations.
• Comply with lawful requests from regulators, courts, or law-enforcement agencies.
• Maintain evidence of compliance with data-protection laws.

E. Vital Interests and Public Interest

While rare, if required by law or safety considerations, we may process information to protect the vital interests of an individual or to fulfill tasks in the public interest, such as responding to security incidents or preventing data breaches.

SynapseScope uses cookies and similar technologies to ensure secure, reliable platform performance and to improve the overall user experience.

Cookies are small text files stored on your device that help us remember your preferences, analyze usage, and deliver essential platform functionality.

B. How We Use Cookies and Similar Technologies

We use cookies and related tools to:

• Maintain secure logins and prevent unauthorized access.
• Monitor Platform stability and detect service interruptions.
• Analyze feature usage and optimize navigation flows.
• Store user preferences to enhance experience.
• Support optional analytics that inform product improvement.

We do not use cookies to collect sensitive personal data or to make automated decisions that produce legal or similarly significant effects.

C. Third-Party Cookies

Some cookies may be placed by third-party providers that deliver services on our behalf (for example, analytics, payment gateways, or cloud-hosting partners).

All third-party processing is governed by data-processing agreements requiring compliance with GDPR, PIPEDA, and CCPA standards.

D. Managing Your Cookie Preferences

You can control or disable cookies in several ways:

1. Cookie Settings Panel: Use the banner or “Cookie Settings” link in the site footer to accept, reject, or customize categories of non-essential cookies.

2. Browser Controls:Most browsers allow you to block or delete cookies through their settings.

3. Do Not Track and Global Privacy Control: Where supported, SynapseScope honors browser-based “Do Not Track” or Global Privacy Control signals as opt-out indicators for non-essential cookies.

Disabling certain cookies may affect some Platform functionality but will not limit access to essential features.

E. Updates to Cookie Practices

Our use of cookies may evolve as we introduce new features or third-party integrations. Any material changes will be reflected in this Policy, and users will be prompted to reconfirm their preferences when new categories or vendors are added.

SynapseScope does not sell, rent, or trade personal information.

We share information only with trusted parties who enable us to operate our Platform and deliver our services, and always under strict contractual and legal protections.

A. Service Providers and Sub-Processors

We engage third-party vendors that perform limited functions on our behalf, such as:

• Cloud hosting and storage (Google Cloud Platform and comparable enterprise providers).
• Data analytics and platform monitoring (to assess performance and detect issues).
• Payment processing and billing services.
• Customer-support, communication, or CRM tools.

We do not use cookies to collect sensitive personal data or to make automated decisions that produce legal or similarly significant effects.

Each provider acts as a data processor (or service provider under CCPA) and is bound by written agreements requiring them to:

• Use information only for the contracted purpose.
• Maintain appropriate technical and organizational security measures.
• Comply with applicable privacy laws, including GDPR and PIPEDA.

A current list of material sub-processors is available upon request at privacy@synapsescope.com.

B. Enterprise Clients and Authorized Administrators

When an organization purchases access to SynapseScope, we may share relevant Platform data with that organization’s authorized administrators.
This may include assessment results, aggregated team insights, or skill-profile summaries associated with their account.
Data shared in this way remains under the control of the client organization, which acts as the data controller for its workforce information.

C. Professional Advisors and Affiliates

We may disclose limited business information to our auditors, legal counsel, insurers, or affiliated entities for legitimate corporate governance, compliance, or financial-management purposes.
All such parties are bound by confidentiality obligations.

D. Legal and Regulatory Requirements

We may disclose information where required to:

• Comply with applicable laws, regulations, or valid legal processes.
• Respond to lawful requests from public or governmental authorities.
• Protect the rights, safety, or property of SynapseScope, our users, or others.

Where feasible and permitted by law, we will notify affected users or clients before disclosing information in response to such requests.

E. Business Transfers

If SynapseScope undergoes a merger, acquisition, restructuring, or sale of assets, personal information may be transferred as part of that transaction.

In such cases, we will ensure the receiving entity upholds privacy protections consistent with this Policy and will notify users of any material change in data handling.

F. Aggregated or De-identified Data

We may share aggregated or de-identified information—such as industry trend reports, anonymized leadership-assessment outcomes, or skill-taxonomy insights—with clients, partners, or research collaborators.
These datasets contain no information that can identify an individual or organization.

SynapseScope retains information only for as long as it is needed to fulfill the purposes described in this Policy or as required by law, regulation, or contractual obligation.
We apply data-minimization and proportionality principles to ensure that personal information is kept no longer than necessary and is always handled securely.

A. General Principles

• Data linked to active users or client organizations is maintained for the duration of the contractual relationship and any legally required record-keeping period.
• When a contract or account ends, SynapseScope deletes or returns all identifiable personal data upon the client’s documented instruction.
• Before deletion, we may anonymize or aggregate that data so that it can no longer reasonably identify any individual or organization. Once anonymized, the information is outside the scope of privacy legislation and may be retained indefinitely for research, benchmarking, or statistical-validation purposes.
• This approach complies with Article 89 of the GDPR and comparable provisions under PIPEDA and CCPA, which permit the continued use of de-identified data for scientific or statistical purposes under appropriate safeguards.

B. User and Organization Control

• Authorized client administrators or individual users may at any time request that their identifiable data be deleted, anonymized, or exported by contacting privacy@synapsescope.com.
• SynapseScope will act on verified and authorized requests in accordance with applicable laws and the governing service agreement.
• Where full deletion would compromise the integrity of legitimate research, statistical analyses, or reliability studies, we will instead de-identify the information and restrict it from any operational use.

C. Backups and Archival Data

Information contained in encrypted backups is retained only for disaster-recovery and business-continuity purposes.

When backups reach the end of their lifecycle, they are securely overwritten or destroyed.

Anonymized datasets used for research are stored separately from production systems and cannot be traced back to individual users or organizations.

SynapseScope stores and processes all information on secure servers hosted by Google Cloud Platform (GCP), which complies with recognized international standards such as SOC 2, ISO 27001, and GDPR data-protection principles.

While data is hosted within Google’s cloud infrastructure, authorized SynapseScope personnel may access it remotely from other countries for legitimate operational purposes such as support or maintenance.

All such access occurs through secure, encrypted connections and is governed by strict confidentiality and data-protection obligations.

Where personal information is accessed from outside the European Economic Area or other jurisdictions with equivalent data-protection laws, SynapseScope applies Standard Contractual Clauses and other appropriate safeguards to ensure that data continues to receive the same level of protection.

We do not transfer data to unauthorized third parties, and all information remains stored within the controlled environment of Google Cloud Platform.

SynapseScope employs a layered approach to security designed to protect information against unauthorized access, disclosure, alteration, or loss.

Our controls combine technical, organizational, and administrative safeguards consistent with leading industry standards.

A. Infrastructure and Data Protection

• All data is hosted on Google Cloud Platform (GCP), which maintains certifications such as SOC 2, ISO 27001, and GDPR compliance frameworks.
• Data is protected in transit and at rest through strong encryption protocols.
• Access to production systems is restricted to authorized personnel using secure authentication and role-based permissions.

B. Organizational and Administrative Controls

• Employees and contractors are bound by confidentiality and data-protection agreements.
• Mandatory privacy and security training is provided to all team members with data-access responsibilities.
• Security policies and incident-response procedures are reviewed and updated regularly.

C. Monitoring and Incident Response

• Systems are continuously monitored for unauthorized activity and potential vulnerabilities.
• In the unlikely event of a data-security incident, SynapseScope follows a defined incident-response process, which includes prompt investigation, mitigation, and notification to affected clients and regulators as required by law.

D. Client Responsibilities

While SynapseScope maintains robust security controls, clients and users also play a role in protecting their information by:

• Safeguarding login credentials and limiting account access to authorized users.
• Promptly reporting any suspected unauthorized activity to privacy@synapsescope.com.

Our Services are not intended for children under 13. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data without proper consent, please contact us so we can delete it promptly.

SynapseScope allows users to manage their cookie preferences at any time.

Our cookie banner and settings panel give you clear options to accept, reject, or customize which categories of cookies are stored on your device.

A. Managing Cookie Preferences

• Essential cookies are always active because they are required for the website and platform to function securely.
• Functional, analytics, and marketing cookies are optional and only used with your consent.
• You can update your preferences at any time by selecting the “Cookie Settings” link in the footer of our website or within your account dashboard.

B. Browser and Device Controls

Most browsers allow you to block or delete cookies through their settings.

You may also configure browser features such as “Do Not Track” or Global Privacy Control to limit certain forms of online tracking.

Please note that disabling certain cookies may affect site functionality or limit personalized features.

C. Updates to Cookie Preferences

If SynapseScope adds new cookie categories or third-party tools in the future, users will be prompted to review and reconfirm their preferences before such cookies are activated.

SynapseScope may update this Privacy & Cookies Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

Any updates will be posted on this page with a revised “Last Updated” date at the top.

If the changes are material — for example, if we introduce new ways of processing personal data or new cookie categories — we will notify users through a notice on our website or by email before the changes take effect.

Continued use of our website or Platform after such updates will constitute acceptance of the revised Policy.

We encourage users and client administrators to review this Policy periodically to stay informed about how we protect and use personal information.

If you have any questions, concerns, or requests regarding this Privacy & Cookies Policy or SynapseScope’s data-protection practices, please contact us using the details below:

Email: privacy@synapsescope.com

Mailing Address: SynapseScope Inc., Ottawa, Ontario, Canada