Legal

Account Information

When you create a Cynosure account, we collect information such as your name (or chosen username), email address, and password. If you link an existing public identity or profile (for example, a social media account or public profile you claim on Cynosure), we may record identifiers or profile links associated with that identity.

Contact Information

If you provide additional contact details (for example, a mailing address to receive a welcome gift or a phone number for account verification), we will collect those. We only ask for such information when it's necessary for a specific purpose (e.g., shipping a physical item to you).

Trust and Relationship Data

The core of Cynosure is capturing trust expressions and relationship actions. This means we collect data about how you interact with others on the platform: who you mark as trusted or distrusted, endorsements or testimonials you give, context notes you add about relationships, and any "trust actions" you perform. This data may also include timestamps and relational context (e.g., X trusted Y on a certain date, and what context/tag they provided if any).

Profile Content

If you create a profile or add information to an identity you steward on Cynosure, we collect that content. This can include a bio, profile picture, links to your social profiles or personal website, and any other details you choose to share to give context about an identity.

Usage Data

Like most online services, we collect certain information automatically about how you use Cynosure. This includes technical data such as your IP address, browser type, device type, operating system, and pages or features you access. We also log actions like when you log in, connections you form, or posts you make, to maintain an audit trail for security and network integrity. This usage data helps us troubleshoot issues and understand aggregate user activity (e.g., which features are most popular).

Cookies and Session Data

We use cookies (small text files stored on your device) to manage sessions and security (see our Cookie Policy for details). These cookies may collect device identifiers and session tokens. Importantly, we do not use cookies for third-party tracking or advertising — only for essential functions like keeping you logged in and remembering your site preferences.

Payment Information

If you make a purchase on Cynosure (such as buying participation credits or subscribing to a membership plan), you will provide payment details. We do not store your full credit card numbers on our servers. Payments are handled through our payment processor (e.g., Stripe), which will collect your payment card information securely. We receive confirmation of payment and basic details like the amount and your name/email, but not sensitive card data. We may keep a record of your purchases and transaction IDs for accounting and to manage refunds or customer inquiries.

To Provide and Operate the Service

We use your information to create and maintain your account, allow you to connect with others, record trust relationships, and display the trust network. For example, your username and profile info help identify you to other users, and trust actions you perform are recorded to build the network's relational history.

To Communicate With You

We may use your email address or other contact info to send important notices about your account or the Service. This includes verification emails, password reset messages, receipts for purchases, updates about important changes or security alerts. We may also send newsletters or community updates if you opt in, but you can unsubscribe from those non-essential communications at any time.

To Facilitate Payments and Transactions

If you make purchases, we use necessary personal data to process payments (through our payment processor) and to keep a record of your transactions. For instance, if you buy credits, we and our payment partner use your account and payment info to authorize and complete the charge. We also use cookies to remember your context during a payment (so that after returning from the payment gateway, you land in the right place).

To Ensure Trust and Safety

We are committed to keeping Cynosure a secure and trustworthy space. We may use personal data (like account and usage information) to monitor for fraudulent activity, security breaches, or violations of our Terms. For example, IP addresses or device info may be used to detect if someone is creating multiple fake accounts or if an account is accessed from an unusual location. Trust and relationship data may also be analyzed to prevent manipulation (like detecting spam accounts that repeatedly give false trust ratings).

To Improve and Develop Our Services

We analyze aggregated usage data and feedback to understand how the platform is performing and where improvements are needed. For instance, we might look at overall metrics (e.g. number of trust connections made per day, or user retention rates) to gauge the "network health." We do not use this data to profile individual users for marketing; rather, it's used internally to make Cynosure work better for the community as a whole. In line with our mission, any analytics we perform are aimed at understanding trust dynamics and system performance, not exploiting user behavior. We do not do behavioral advertising or sell analysis of your activity.

To Maintain Historical Trust Context

Uniquely, Cynosure retains a historical record of trust relationships as part of its core purpose. This means that even if you withdraw from the platform, the trust expressions you contributed remain as part of an anonymized historical context. We use data retention (described below) to ensure the network's memory remains intact without exposing personal identifiers. The reason is to prevent distortion of the communal truth: for example, if in 2025 user A trusted user B and later both leave, the fact that "A trusted B in 2025" may still be relevant context for remaining or future users analyzing the network's evolution. We use this data only in a contextual, aggregated manner once personal data is removed.

To Comply with Legal Obligations

We may process and retain personal information as needed to comply with laws, regulations, and lawful requests by public authorities. For example, keeping transaction records for tax and accounting purposes, or responding to a court order or valid legal inquiry. We also may use data to enforce our Terms of Service or to protect our rights or the rights of other users (for instance, in investigating fraud or misuse).

Service Providers

We use third-party companies to help us run Cynosure (for example, cloud hosting providers, email delivery services, payment processors like Stripe). These providers may process personal data on our behalf as "data processors" or equivalent under law. We only share the information that is necessary for them to perform their services (e.g., our email provider gets your email address to send verification codes, our hosting provider stores our database with your account info). We contractually require these partners to protect your data and to use it only for providing services to us.

Other Users and Public Viewing

The nature of Cynosure is that some of your data will be visible to others on the platform by design. For example, if you trust another user, that user and possibly others may see that "UserA trusts UserB." Similarly, if you create a profile for an identity, the profile information (like name, bio, links) is public within the network. Content you contribute (such as trust endorsements or comments) will be visible to those who interact with that part of the network. Please only share information on Cynosure that you are comfortable being seen by others in the community.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (for example, a subpoena, court order, or government demand). We will only share what is lawfully requested and will strive to notify you of such disclosure when permitted. Additionally, if necessary, we may disclose information to enforce our Terms of Service or protect the rights, property, or safety of Cynosure, our users, or the public.

Business Transfers

If Cynosure (the organization operating the Service) is involved in a merger, acquisition, investment, or asset sale, your personal data might be transferred to the new owner as part of that deal. If that happens, we will ensure the successor is bound to respect this Privacy Policy or will notify you and obtain consent if required by law.

No Selling of Personal Data

We do not sell or rent your personal information to marketers or other third parties. We do not share your personal data with third parties for their own advertising or marketing purposes. Cynosure is funded by its community and services, not by exploiting user data. In jurisdictions like California, we also do not "sell" personal information as defined by the CCPA/CPRA.

Retention Periods

We keep your personal data only as long as necessary for the purposes described in this Policy, or as required by law. Different types of data may be kept for different lengths. If you delete your account or request deletion, we will initiate deletion of your personal data from our live systems, generally within 30 days of confirmation.

Trust Network Data

Trust expressions and relationship records are core to Cynosure's mission of preserving context. When you participate in the network (e.g., marking someone as trusted), that fact is recorded in the trust graph. If you later delete your account or remove a connection, we will not erase the historical fact that at one point the trust existed, as it is considered communal network memory. However, we will dissociate that record from your personal identity. In practice, this means we might retain a record like "An anonymous former user trusted UserB on [date]" or convert it into a general network metric without your name attached. Personal identifiers (your name, username, contact info) will be removed or irreversibly anonymized, but the existence of the trust link remains as part of historical data.

Account Deletion (Withdrawal)

You have the right to delete your account at any time. Within your account settings, you may find an option to deactivate or delete your account. If you use this or send us a deletion request, we will remove or anonymize personal data that identifies you. This includes your profile information (name, email, bio, etc.), login credentials, and any contact info. After deletion, other users will no longer see your profile in the app.

Any content you posted (like comments or endorsements) may either be removed or attributed to an "[Deleted User]" placeholder. Trust records that you were involved in will be treated per our memory principle: the record of trust/distrust itself may remain as contextual data but without your identity.

Why We Retain Some Data

The rationale for retaining de-identified trust data after account deletion is rooted in our belief that truthful context should not be erased. Erasing historical trust records could allow bad actors to escape accountability by simply deleting themselves, or it could distort the collective understanding of how trust has flowed over time. We only retain what's necessary for the integrity of the network (and in a form that does not identify you personally). All personal aspects of your data are purged.

Access and Portability

You can request a copy of the personal data we hold about you. We can provide this in a structured, commonly used format. For example, you may contact us to get an export of your profile info, trust connections, etc.

Correction

If any personal data we have is inaccurate or outdated, you have the right to ask us to correct it. Much of your basic info can be updated by you directly in your account settings (e.g., you can change your display name or email).

Deletion

As described above, you can delete your account or request deletion of your personal data. We will comply, subject to retaining any data we are required to by law or for the reasons noted (e.g., historical trust context in anonymized form).

Objection and Restriction

You have the right to object to certain data processing (for instance, you might object to us processing your data for analytics purposes). If you have an objection, let us know and we will evaluate if we can cease that processing without impacting the service.

Complaints

If you believe we have violated your privacy rights or applicable privacy laws, you have the right to complain to your local data protection authority. We encourage you to contact us first so we can address your concerns directly, but you are not obligated to do so.