Sygen - Privacy Policy

Effective Date: May 24, 2026

1. Introduction

Sygen is an AI assistant with a persistent workspace and memory. The app supports two operating models, and how data is handled differs significantly between them:

  • Self-host — you run your own server (Mac or VPS), and your data lives only on your server. Time Design LLC does not see your content and collects nothing.
  • Sygen Plus (managed hosting) — under a paid subscription, we provision and operate a cloud server for you. In this case your assistant's data is hosted on our infrastructure, and the additional terms described below apply.

In every section where the models differ, we explicitly separate "If you self-host" from "If you use Sygen Plus (managed hosting)".

2. Architecture

If you self-host.

The app connects to a server that you run and control. Your conversations, files, tasks, schedules, and agent memory are stored on your server. Time Design LLC has no access to this data and receives no copies of it.

If you use Sygen Plus (managed hosting).

Under the subscription, we provision and operate a cloud server for you. Your assistant's data — conversations, files, tasks, cron schedules, and agent memory — resides on our infrastructure (not on your device). We act as the operator of that infrastructure; details about sub-processors, encryption, and deletion are in Sections 5, 9, and 11.

3. Data Stored Locally on Your Device

In both models, only the following are stored on your device:

  • authentication tokens;
  • app preferences;
  • media cache.

This data stays on your device. It is removed when you delete the app or sign out of the account/profile.

4. Network Communication

If you self-host.

The app communicates directly with your server. Time Design LLC is not an intermediary in that traffic.

If you use Sygen Plus (managed hosting).

The app communicates with a server we manage. In addition:

  • Subscription and receipt validation. Apple processes all payments; we never see your card data. To verify subscription status, we call the Apple App Store Server API: a signed transaction (original_transaction_id) is sent to Apple to check its status. Apple is the payment processor.
  • Provisioning service (provision.app.sygen.pro). To provision and return you to your server, we persist the following in a server-side registry (SQLite):
  • original_transaction_id (subscription identifier from Apple);
  • app_account_token (per-install app UUID);
  • environment (sandbox / prod);
  • mapping to your server (fqdn / container / username);
  • timestamps.

We link the subscription (original_transaction_id) to your server (fqdn) — for idempotency and to return you to your server.

The registry does not store: the StoreKit JWS (validated with Apple, then discarded), passwords or secrets, device locale (device_locale is used only transiently), or the request IP (IP is held only in memory for rate-limiting and is not written to the database).

Operational logs contain: event type, subdomain, and original_transaction_id. They do not contain JWS, passwords, secrets, or full request payloads. Log retention is no more than 30 days.

5. AI Service Providers

If you self-host.

Calls to AI providers go from your server using your own API keys. Time Design LLC is not involved in those calls.

If you use Sygen Plus (managed hosting).

Calls to AI providers (Anthropic / OpenAI / Google) go from our container, but using your own API key, which you configure. Your prompt data transits our container to the provider you chose. These providers act as sub-processors for the managed model (see Section 11).

6. Permissions

The app requests only the permissions needed for its features (for example, media access for sending files and managing the cache). The app does not collect data beyond what is described in this policy.

7. Tracking and Analytics

  • No tracking and no analytics.
  • No advertising identifiers.
  • No precise geolocation.
  • No collection of contacts.
  • No data is shared with third parties for advertising or tracking purposes.

8. Children's Privacy

The app is not directed at children under 13.

9. Data Retention and Deletion

If you self-host.

Data retention and deletion are entirely under your control — the data is on your server.

If you use Sygen Plus (managed hosting):

  • In-app server deletion (local). Deleting a managed server in the iOS app only forgets the local profile — the container is not torn down. While the subscription is active, you can redeploy ("Deploy cloud server") and get the same server with your data intact.
  • Subscription cancellation (auto-renew off, period still active). Nothing changes until the paid period ends.
  • Expired (period ended, not renewed). The container is suspended immediately (data intact) and deleted after 30 days if not resubscribed.
  • Refund / revoke. The container is suspended immediately and deleted after 7 days.
  • After deprovision. Data is kept in an encrypted archive for 14 days (an error-recovery window), then erased permanently.
  • Right to erasure (GDPR). Via a support request (email timedesign.software@gmail.com), we deprovision and immediately purge the archive — full erasure, with no 14-day window.

Encryption (managed hosting). Data is encrypted at rest (LUKS/AES, full-disk encryption of the server). Encrypted backups are retained 14–30 days.

Hosting location (managed hosting). Hosting is provided by Hetzner Online GmbH, data center in Helsinki, Finland (EU).

10. Changes to This Policy

We may update this policy. Material changes will be reflected in the update date at the top of this document and, where appropriate, communicated to users.

11. Sub-processors (managed hosting)

For the Sygen Plus model, we engage the following sub-processors:

  • Apple — payment processing and subscription receipt validation.
  • Hetzner Online GmbH (Finland, EU) — hosting.
  • AI providers (Anthropic / OpenAI / Google) — processing of your prompts, run on your own key.

12. Contact

For questions about this Privacy Policy or data-handling practices, please contact:

Company: Time Design LLC
Email: timedesign.software@gmail.com
Address: Chervonoi Kalyny Ave, Kyiv, 02064, Ukraine