You can read everything on Syntopi.com without an account. Sign-in only unlocks saving bookmarks and posting commentary. When you do sign in, we keep your email and your name and that's effectively it. We don't run analytics, we don't track you across the web, and we never sell anything we know about you, because there is almost nothing to sell.
What we collect when you sign in
Syntopi supports two ways to sign in: Google and Sign in with Apple. Either provider hands us a small bundle of identity information. We keep the pieces we actually need and discard the rest.
From Google
We ask Google for the standard openid email profile permission set. Google then sends us:
- Your email address — we keep this.
- Your name (display name) — we keep this.
- Your Google user ID, profile picture URL, given/family name, and locale — we discard all of these immediately.
We do not ask for access to your contacts, calendar, Drive, Gmail, or anything else. If Google reports that your email isn't verified, we refuse the sign-in.
From Apple (iOS app and web)
Sign in with Apple sends us:
- Apple's stable user ID — a long random string, unique to you in this app. We keep this so we recognize you on return visits.
- Your email address — but only on your first sign-in. After that, Apple stops sending it. If you choose Apple's "Hide My Email" option, we receive a relay address (
xxx@privaterelay.appleid.com) and that's what we store. The actual email Apple is forwarding to is never visible to us. - Your name, if you choose to share it — also only on first sign-in.
We discard the is_private_email flag, the email_verified flag, and Apple's
signed authorization code. We don't make any further calls to Apple after the
initial sign-in handshake.
What we never collect
This list is the rare kind that's both true and short:
- No analytics on your reading. We don't know which passages you opened, how long you stayed, or what you searched for.
- No third-party trackers. No Google Analytics, no Meta pixel, no Segment, no Mixpanel, no PostHog.
- No IP address logged on our side. (Our hosting provider, Vercel, sees IPs at the platform layer for about 30 days as part of standard server logs. We don't read or store them.)
- No User-Agent or device fingerprint stored.
- No login timestamps beyond the moment your account was created.
- No age, gender, demographics, or location.
- No access to your contacts, calendar, photos, or microphone.
- No tracking across other apps or websites.
What ends up in our database
If you sign in, a single row is created in our users table. It contains:
- A random internal ID (a UUID we generate).
- Your email address.
- Your name, if your provider sent us one.
- The timestamp the row was created.
- An auto-generated API key, reserved for a future developer surface (not currently used to identify you anywhere).
- Apple's stable user ID, if you signed in with Apple.
When you save a passage, we add a row to a bookmarks table that points at the
passage and back at your user row. That's the only other place your activity
shows up. If you submit commentary on a passage, that goes through an editorial
review queue before it appears anywhere public.
A returning signed-in user reading 50 passages writes zero new rows. Reading is free, anonymous in effect, and never persisted. Only explicit actions (save a bookmark, post commentary) leave a trace.
Cookies
When you sign in, we set one cookie called syntopi_session. It's a short
signed token (HMAC over your user ID and a timestamp), HttpOnly, SameSite=Lax,
Secure. It expires after 90 days of inactivity. We don't set any other cookies
ourselves.
During the sign-in flow, Google's or Apple's pages may set cookies of their own on their own domains. Those are governed by Google's and Apple's privacy policies, not ours.
Third-party services we rely on
Syntopi runs on a small stack:
- Vercel hosts the site and runs the serverless API endpoints. Vercel sees HTTP requests at the edge (with IP and User-Agent) for routine logging.
- Neon Postgres stores the
users,bookmarks, and editorial-review tables described above. - Cloudflare R2 hosts the audio files used by the Listen feature. Loading audio reveals the URL of the file you're playing, not your identity.
- OpenAI generates the synthetic narration for the Listen feature. Audio is pre-baked once for each passage and served as a static MP3 — your sessions don't hit OpenAI directly.
- Anthropic powers the Quiz Me, Talk to a Tutor, and Seminar features. When you use those, the passage text and your input go to Anthropic's API to generate a response. We don't pass your name, email, or any other identifying information.
- Google and Apple, of course, when you choose them as sign-in providers.
Data retention and deletion
We keep your row in the users table — and any bookmarks tied to it — until
you tell us to delete them. There's no cron job that wipes inactive accounts;
there's no expiration; there's no profiling to keep "fresh."
We don't have a self-serve "delete my account" button yet. Until we ship one,
the manual path is to email tcohen05@gmail.com from the address you
signed up with. We'll wipe your users row, and the database cascade will
remove your bookmarks and any pending commentary at the same time. You should
hear back within a few days.
Vercel's edge logs (which include your IP address as part of normal HTTP serving) age out automatically after about 30 days. We can't purge those on demand because we don't operate the log infrastructure.
Apple's required disclosures
For the iOS App Store privacy "nutrition label," the relevant facts are:
| Data type | Linked to you | Used for tracking | Purpose |
|---|---|---|---|
| Email address | Yes | No | Sign-in identification, account contact |
| Name (display name) | Yes | No | Showing your name on commentary you choose to post |
User ID (Apple sub) |
Yes | No | Recognizing you across visits |
| Bookmarks | Yes | No | App functionality (your saved passages) |
| Diagnostics, usage, location, contacts, photos, anything else | Not collected | No | — |
We do not engage in tracking as Apple defines the term. We do not share data with data brokers, advertising networks, or analytics platforms.
Children's privacy
Syntopi is intended for adult and college-aged readers. We don't knowingly collect personal information from children under 13. If you're a parent or guardian who believes a child has signed up, email tcohen05@gmail.com and we'll remove the account.
Changes to this policy
When this page changes, we update the date at the top. Material changes (new categories of data, new third-party services) will be called out at the top of the page for at least 30 days after the change.
Reaching us
Questions, concerns, or a deletion request:
Tom Cohen · tcohen05@gmail.com
Syntopi.com is a one-person project. Email is the contact.