Legal

Privacy Policy

Last updated: July 2026

This Privacy Policy explains how Boroto Ltd (“Boroto”, “we”, “us” or “our”) collects, uses, shares, and protects your personal data when you use the Symponia app and website. Symponia is a space for private reflection, so we collect as little as we can and we never sell your data.

1. Who we are (data controller)

Boroto Ltd is the controller of your personal data. We are registered in England and Wales. You can reach us about anything in this policy at hello@symponia.io. Our company registration number and registered office address are set out in our published company filings and are available on request.

2. The personal data we collect

Information you give us during onboarding and use:

  • your first name and, if you choose to share it, your gender;
  • your seven animal archetypes;
  • your intake answers: the questions you answer before you begin. These are stored and used to shape how Symponia speaks to you. They are never quoted back at you;
  • your mood check-ins: a rating from 1 to 5 that you can record before and after a reflection, used to show you your own week and nothing else;
  • your resonance frequency preference;
  • the messages and reflections you write in each mode;
  • your stored reflections, but only if you turn memory on. Memory is off by default, and with it off nothing you write is stored on our servers;
  • your notification preferences and whether you opt in to occasional email updates.

Account and technical information:

  • account details needed to sign you in and keep your data secure. If you use Sign in with Apple or Sign in with Google, we receive only the identifier and email address those services provide, and we never see or store a password;
  • your subscription status and free-trial status;
  • limited technical and diagnostic information (such as app version and basic device information) used to keep the Service working and secure.

Purchase information: when you subscribe, Apple processes your payment. We receive confirmation of your subscription status from Apple, but we never receive or store your payment card details.

Some information is also stored locally on your device (for example your archetypes, preferences, and conversation history in each mode). Local data is removed when you delete the app.

Please do not share information you do not want to record, and take particular care with special category information (such as details about your health, beliefs, or sexuality). Where such information appears in what you write, we process it only to provide the Service to you, on the basis of your explicit consent, which you can withdraw by deleting the relevant content or your account.

3. How and why we use your data, and our lawful bases

Under UK and EU data protection law we must have a lawful basis for using your personal data. We rely on the following:

  • To perform our contract with you: to create and run your account, generate personalised Symponia responses, deliver your daily reflection, maintain a session during a conversation, and confirm your subscription with Apple.
  • Your consent: to send push notifications or occasional marketing emails (only if you opt in), and to process any special category information contained in what you write. You can withdraw consent at any time.
  • Our legitimate interests: to keep the Service secure and working, prevent misuse and fraud, and improve reliability, in a way that does not override your rights.
  • Legal obligation: to comply with laws that apply to us, for example around tax and responding to lawful requests.

We do not use your data for advertising or ad-targeting, and we do not sell your personal data.

4. How Symponia uses AI

To generate reflective responses, the text you send, along with your first name, gender (if provided), archetypes, and resonance frequency, is sent to Anthropic’s Claude API. This processing is under Zero Data Retention (ZDR) terms: Anthropic does not retain the content of your conversations after generating a response, and does not use it to train or improve its models.

Symponia generates content automatically, but it does not make solely automated decisions that produce legal or similarly significant effects about you. Symponia is a reflective tool, not a decision-maker.

5. Who we share data with

We share data only with the service providers who help us run Symponia, each acting under agreements that require them to protect it:

  • Anthropic: provides the Claude AI that generates responses, under Zero Data Retention terms. See anthropic.com/legal/privacy.
  • Supabase: secure database, authentication, and backend hosting for your account and conversations.
  • Apple: App Store distribution, sign-in, push notification delivery, and in-app purchase processing. Payment details are handled entirely by Apple.

We may also disclose data if required by law, to protect the safety, rights, or property of our users or others, or in connection with a business transfer, in which case we will tell you and continue to protect your data.

6. International transfers

Some of our providers (including Anthropic and Apple) process data outside the UK and EEA, including in the United States. Where data is transferred internationally, we rely on appropriate safeguards recognised under UK and EU law, such as the UK International Data Transfer Agreement or Addendum and the European Commission’s Standard Contractual Clauses, together with additional protections where needed. You can ask us for more information about these safeguards.

7. How long we keep your data

We keep your account and conversation history for as long as your account is active. When you delete your account (Profile tab, Account section, “delete account”) or ask us to erase your data, we delete it from our live systems, and it is removed from routine backups within a short period. Content sent to Anthropic is not retained by them under ZDR terms. Local data on your device is removed when you delete the app. We may keep limited information for longer only where the law requires it (for example basic transaction records).

If you ask us to delete data associated with your account, we will action your request within 30 days.

8. How we protect your data

We use technical and organisational measures to protect your data, including encryption in transit, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure, but we work to protect your information and to respond quickly if something goes wrong, including notifying you and the relevant authority where the law requires it.

9. Your rights

If you are in the UK or the EEA, you have the following rights over your personal data under the UK GDPR and the EU GDPR:

  • Access: get a copy of the personal data we hold about you;
  • Rectification: have inaccurate data corrected;
  • Erasure: have your data deleted (“right to be forgotten”);
  • Restriction: ask us to limit how we use your data;
  • Portability: receive your data in a portable, machine-readable format;
  • Objection: object to processing based on our legitimate interests;
  • Withdraw consent: at any time, where we rely on your consent, without affecting earlier processing.

To exercise any of these rights, email hello@symponia.io. We will not charge you or treat you differently for exercising your rights. If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner’s Office (ico.org.uk) or your local supervisory authority in the EEA.

10. Marketing

We only send marketing emails if you have opted in. Every marketing email includes an unsubscribe link, and you can opt out at any time by using it or by emailing hello@symponia.io. Opting out of marketing does not affect service messages that are necessary to run your account.

11. Cookies and the website

Our website uses only the cookies and local storage strictly necessary to make the site work and to remember basic preferences. We do not use advertising or cross-site tracking cookies. If we add analytics in future, we will update this policy and, where required, ask for your consent first.

12. Children

Symponia is intended for adults. It is not directed at anyone under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at hello@symponia.io and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will change the “Last updated” date above and, where changes are material, take reasonable steps to bring them to your attention. Continued use of Symponia after changes take effect means you accept the updated policy.

14. Contact

For any privacy question or request, contact our privacy team at hello@symponia.io.