PlatformIntegrationSecurityGet Started →
Legal

Privacy Policy

Effective: April 2026 · Issued by: Tanzia Group LLC · Jurisdiction: Canada (PIPEDA)

At a glance
Clinical and patient data is never processed by AI systems
We collect only what is needed to configure your pilot
Your data is not sold or shared with advertisers
Clinical data stays within your facility's sovereign pod
Contact us at privacy@synapto.health with any questions

1. Who we are

Synapto Health is a product of Tanzia Group LLC, a company incorporated in Canada. We build FHIR R4 compliance middleware that bridges hospital clinical information systems to national digital health mandates.

This policy applies to information collected through our website (synapto.health), our pilot request form, and any communications between you and Synapto Health prior to or during a pilot engagement.

This policy does not apply to clinical systems or patient data processed within a deployed Synapto Bridge instance. That data is governed by the facility's own data governance obligations and the terms of the pilot or commercial agreement.

2. What we collect

We collect information only when you proactively provide it — through our pilot request form, email correspondence, or direct communication.

CategoryExamplesPurpose
Contact informationName, work email, job titleResponding to pilot requests and communications
Organisation informationFacility name, country, system typeConfiguring and scoping the pilot engagement
Usage informationPages visited, browser typeUnderstanding site performance; no cross-site tracking
CorrespondenceEmails, messages, meeting notesManaging the pilot relationship

We do not collect payment information, government identification, or any information beyond what is necessary to evaluate and configure a pilot engagement.

3. Clinical and patient data

Unambiguous commitment

Synapto does not have access to clinical or patient data. All clinical data — lab results, radiology reports, discharge summaries, patient records — is processed entirely within the facility's own sovereign pod deployment. It does not transit through Synapto's servers, is not stored by Synapto, and is not accessible to Synapto personnel at any time.

The Synapto Bridge operates on-premise or within the facility's own cloud environment. Data only leaves the facility's perimeter at the moment of submission to the national health record infrastructure — in accordance with the applicable national digital health mandate — and only after explicit practitioner attestation.

Synapto's role is to provide the compliance pipeline. The data itself remains the facility's responsibility under their applicable data protection obligations, including Bangladesh's PDPO 2025 and India's DPDP Act for ABDM-connected deployments.

4. Our use of AI

We use AI-assisted tools internally to support software development, documentation, and operational tasks. This section is transparent about where AI is and is not used in connection with Synapto.

Where AI is used

AI tools are used by Synapto's internal team for tasks such as writing and reviewing code, drafting documentation, and internal research. These activities involve no clinical data, no patient data, and no personally identifiable information submitted through our website or pilot form.

Where AI is explicitly not used

No clinical data, patient data, or facility-level health information is processed by any AI system. The Synapto Bridge pipeline — ingest, validate, transform, release, route — operates on deterministic, rule-based logic with no AI inference layer. FHIR transformation, LOINC mapping, and ICD-10 encoding are performed by validated, version-controlled code, not by AI models.

We do not use AI to make automated decisions about individuals. We do not pass any information submitted through our pilot request form into public AI training datasets.

No training on user data. Information you provide to Synapto — including pilot request details, correspondence, and organisation information — is never used to train, fine-tune, or evaluate any AI or machine learning model, whether operated by Synapto or a third party.

Third-party AI tools. Where Synapto's internal team uses third-party AI-assisted tools for development or documentation tasks, those tools are selected and configured to operate under data processing terms that prohibit use of input data for model training. No information you have provided to Synapto is shared with third-party AI providers as input.

AI governance. Synapto maintains an internal policy governing which AI tools may be used, under what conditions, and with what data — reviewed whenever a new tool is adopted or a material change in usage occurs.

A note on synthetic data. Synapto uses synthetically generated data — artificial records created programmatically — for internal testing and development purposes. This synthetic data is not derived from, and does not contain, any real patient records, de-identified health information, or data originating from any facility.

For full details, see our Responsible AI page.

5. How we use your information

Information collected through the pilot request form and correspondence is used exclusively to:

  • Respond to your pilot request and assess fit
  • Configure and deliver the pilot engagement
  • Communicate with you about the status of your engagement
  • Comply with applicable legal obligations

We do not use your information for advertising, profiling, or any purpose unrelated to your engagement with Synapto Health.

6. Sharing and disclosure

We do not sell, rent, or share your personal information with third parties for their own purposes. Information may be shared only in the following limited circumstances:

  • Service providers: Infrastructure and communication tools used to operate the Synapto website and pilot workflow. These providers are contractually bound to process data only as directed.
  • Legal obligations: Where required by applicable law, regulation, or valid legal process.
  • Business transfer: In the event of a merger, acquisition, or asset sale, with advance notice where required by law.

7. Retention

We retain contact and correspondence information for as long as is necessary to manage the pilot relationship, plus a reasonable period thereafter — typically no longer than three years from the last substantive interaction.

You may request deletion of your information at any time by contacting us below. We will action deletion requests within 30 days, subject to any overriding legal retention obligations.

8. Your rights

Under PIPEDA (Canada) and applicable laws in the jurisdictions where we operate, you have the right to:

  • Know what personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information, subject to legal retention obligations
  • Withdraw consent for communications at any time
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, contact us at privacy@synapto.health. We will respond within 30 days.

9. Security

We apply reasonable technical and organisational safeguards to protect information held by Synapto Health. Our website is served over HTTPS. Access to contact and correspondence data is limited to personnel who require it to manage pilot engagements.

In the event of a data breach affecting your personal information, we will notify affected individuals and applicable regulators in accordance with PIPEDA and any other applicable breach notification requirements.

10. Changes to this policy

We may update this policy as our practices evolve. Material changes will be communicated by updating the effective date at the top of this page and, where appropriate, by direct notification to parties with active pilot engagements.

11. Contact us

For any questions about this policy, requests to exercise your rights, or concerns about how your information is handled:

Get in touch

Tanzia Group LLC · synapto.health · Canada

Email privacy@synapto.health