SynapticStackPrivacy Policy

Privacy Policy

Last updated: May 24, 2026

This Privacy Policy describes how Naptic LLC (doing business as SynapticStack, referred to in this policy as "we," "us," or "our") collects, uses, and protects information across our products and services, including (a) SynapticStack, our AI-character content engine for TikTok, and (b) the managed AI agent services we operate on behalf of client businesses, which can include outbound SMS / text messaging delivered to those clients' customers (see Section 11). By using our services, you agree to the practices described below.

1. Who We Are

Naptic LLC is a Florida limited liability company located at 7901 4th St N, Suite 300, St. Petersburg, FL 33702, USA. You can reach us at jordan@synapticstack.ai.

2. Scope

This policy applies to data we process while operating our services, including (a) SynapticStack (our AI-character content engine for TikTok), (b) the managed AI agent services we run for client businesses — which can include outbound SMS / text messaging on the client's behalf (see Section 11) — our website at synapticstack.ai, and our integrations with third-party platforms such as TikTok and Twilio. Sections 3 through 10 below address our TikTok-integration practices specifically; Section 11 addresses our managed-service SMS practices.

3. Information We Collect

In connection with our TikTok integration, we collect and process only the data required to publish AI-generated content to SynapticStack-owned TikTok accounts:

  • OAuth credentials. When an authorized SynapticStack operator connects a TikTok account to the Service, TikTok provides us with an access token and refresh token. These tokens authorize the Service to act on behalf of that specific TikTok account within the requested scopes.
  • Basic account information. Through theuser.info.basic scope, we receive the connected account's open ID, display name, and avatar URL.
  • Content metadata. For each post the Service publishes, we store the source video file, caption, AI-generation disclosure flag, the publish ID returned by TikTok, and the resulting post status.
  • Operational logs. Standard application logs (timestamps, request IDs, error messages) used to operate and debug the service.

We do not collect personal information about TikTok viewers, followers, commenters, or any other third-party end users, and we do not request scopes that would expose such data.

4. Scopes We Request

The Service requests only the TikTok scopes necessary to publish content:

  • user.info.basic — to identify which SynapticStack-owned account a token is associated with.
  • video.upload — to upload video files into the connected account's draft area.
  • video.publish — to publish uploaded videos as posts on the connected account.

5. AI-Generated Content Disclosure

All content the Service publishes is generated with the assistance of artificial intelligence. We mark every TikTok post with the platform's AI-generated content flag (is_aigc=true) so that viewers can identify it as AI-generated, consistent with TikTok's policies on synthetic media.

6. How We Use Information

  • To authenticate the Service with the connected TikTok account and post content on its behalf.
  • To track publish status and surface failures to internal operators.
  • To comply with TikTok's developer policies, including content disclosure requirements.
  • To operate, secure, and improve our internal tooling.

7. How We Store and Protect Information

TikTok OAuth tokens are stored in AWS Secrets Manager with encryption at rest and TLS in transit, and access is restricted to authorized SynapticStack systems and personnel. Content metadata is stored in private internal systems. We follow industry-standard practices to safeguard the information we hold, but no system is perfectly secure.

8. Sharing of Information

We do not sell personal information, and we do not share it with third parties for their own marketing. We share information only with:

  • TikTok. Content, metadata, and authenticated requests are sent to TikTok in order to publish posts on the connected account, in accordance with TikTok's Terms of Service and developer policies.
  • Infrastructure providers. Cloud services such as Amazon Web Services that host our systems and store credentials, under their respective data-processing terms.
  • Legal compliance. Where required by law, regulation, legal process, or governmental request.

9. Data Retention

We retain OAuth tokens for as long as the integration is active. If an account is disconnected — by revoking access in TikTok's settings, rotating credentials, or contacting us — we delete the associated tokens from our systems. Operational logs and content metadata are retained for the period necessary to operate and audit the service.

10. Your Choices

Because SynapticStack only connects accounts that it owns or operates, the primary control available is to revoke SynapticStack's authorization through TikTok's account settings, or to contact us directly to disconnect a specific account. Revoking authorization will immediately stop new posts from being published through the Service for that account.

11. SMS / Text Messaging — Naptic LLC as Managed Service

When Naptic LLC operates an AI agent service for a client business (for example, AER Pilates LLC at 4511 S Congress Ave, Austin, TX 78745), Naptic LLC may send outbound SMS / text messages to that client's customers on the client's behalf, and receive inbound SMS replies. This section describes how Naptic LLC handles mobile / SMS data for those managed-service engagements.

11.1 Categories of messages

Outbound SMS we may send on a client's behalf:

  • Customer care. Class, appointment, or booking reminders, confirmations, and follow-up to support inquiries.
  • Conversational follow-up. AI-agent responses to inbound questions about the client's services, schedule, location, pricing, and intro offers.
  • Re-engagement. Periodic check-ins to customers with a prior service relationship with the client (for example, dormant-customer winback).

We do not send purely promotional or mass-marketing campaigns through this channel.

11.2 Opt-in

We send SMS only to phone numbers that have provided explicit opt-in consent through one of the following mechanisms:

  • The client's booking or intake form, with a clearly labeled SMS-consent checkbox that discloses approximate message frequency and that carrier message + data rates may apply.
  • An explicit "JOIN" keyword reply to an Instagram (or other inbound channel) where SMS-consent language was presented before the keyword.
  • Verbal consent captured by client staff during an in-person interaction, logged in the client's CRM with timestamp and the capturing staff member's identity.

Mobile opt-in information collected for one client (for example, AER Pilates) is used solely to deliver messages on that client's behalf. It is never reused for another client and is never used for any other Naptic LLC product or third-party purpose.

11.3 Opt-out

You can opt out of SMS from any Naptic LLC-operated client agent at any time by replying with any of the standard opt-out keywords: STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT. You will receive a single confirmation message and no further SMS will be sent on that client's behalf. Reply START or UNSTOP to resume.

For help at any time, reply HELP to receive a brief description of the service and a contact channel.

11.4 Sharing

Mobile information (phone numbers, SMS consent records, and message data) will not be shared with third parties or affiliates for marketing or promotional purposes. We share mobile data only with:

  • Twilio Inc. and downstream telecom carriers for the purpose of message delivery.
  • The client business whose service the messages are sent on behalf of (for example, AER Pilates LLC), so the client can maintain its own customer relationship.
  • Infrastructure providers (Amazon Web Services) that host our systems, under their respective data-processing terms.
  • Legal compliance where required by law, regulation, legal process, or governmental request.

11.5 Message frequency, fees, retention

Frequency varies by service category. Typical client engagements send between 50 and 3,000 message segments per month per client, distributed across all opted-in recipients. Messaging and data rates may apply per your carrier.

We retain SMS conversation records and opt-in / opt-out evidence for the duration of the client engagement plus a reasonable audit-trail period (typically 12 months after engagement end) to comply with TCPA, state SMS-consent laws, and similar regulatory requirements. After that period, records are deleted unless an active dispute or legal hold requires longer retention.

12. Children's Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be highlighted on this page or communicated through other reasonable means.

14. Contact Us

Questions about this Privacy Policy or our data practices? Reach us at:

Naptic LLC
7901 4th St N, Suite 300
St. Petersburg, FL 33702
USA
jordan@synapticstack.ai