Privacy Policy — Synapse by Fownd Inc.

This Privacy Policy describes how Fownd Inc. ("we," "us," or "our") collects, uses, and protects information when you use the Synapse Chrome browser extension and its companion desktop application (collectively, the "Software"). Synapse transfers clinical documentation from Notation into Electronic Medical Record (EMR) systems.

This policy supplements the Fownd Inc. General Privacy Policy, which governs our website and other services. Where this policy addresses topics specific to Synapse, it takes precedence for the Software.

Key principle: Patient health information (PHI) processed by Synapse never leaves your local device. All clinical data remains in memory on your computer and is never transmitted to Fownd servers or any third party.

1. How Synapse Works

Synapse consists of two components that work together on your local machine:

Chrome Extension — provides the user interface (side panel) and interacts with web pages you visit. It does not store or process clinical data directly.
Companion Application (Daemon) — a locally installed desktop process that handles all clinical data processing, field mapping, and EMR integration. It communicates with the extension via Chrome's Native Messaging protocol.

2. Information We Collect

2a. Information processed locally (never transmitted)

The following data is processed only on your device, held in memory only (never written to disk), and discarded when the companion application stops:

Clinical note content (SOAP notes, assessments, visit documentation)
Patient identifiers (name, MRN, date of birth)
EMR form field values during transfer
Field mapping decisions and transfer results

No PHI leaves your device. The companion application does not transmit patient health information to any server, cloud service, or third party. Clinical data exists only in local memory during an active transfer session.

2b. Information transmitted to Fownd servers

The following non-clinical data may be transmitted to Fownd infrastructure:

Data	Purpose	Destination
Authentication tokens	Verify your Fownd account identity	auth.fownd.care (Keycloak)
Structural mapping metadata	Improve field mapping accuracy (e.g., anonymized DOM selectors, canonical field IDs)	inference.fownd.co
Extension version and error diagnostics	Crash reporting and compatibility checks	Fownd infrastructure

Structural mapping metadata never contains clinical content. Inputs to our inference service use hashed selectors, canonical field identifiers, and DOM roles only. No patient names, MRNs, dates of birth, or clinical text are included.

3. Artificial Intelligence

Synapse may use AI-assisted field mapping to match clinical note fields to EMR form fields. AI processing follows these strict rules:

AI models receive only structural metadata (field labels, DOM roles, hashed selectors) — never clinical content or patient identifiers.
AI is used as a fallback when deterministic and learned mapping rules do not produce a confident match. The mapping cascade is: deterministic → learned → AI-assisted → manual.
AI service providers (Amazon Web Services) process only the structural metadata described above, subject to our data processing agreements.

4. Chrome Extension Permissions

Synapse requests the following browser permissions, each for a specific purpose:

Permission	Why it's needed
`sidePanel`	Displays the Synapse user interface alongside EMR pages
`activeTab`	Reads the current tab to detect EMR pages and inject the transfer overlay
`storage`	Saves your non-clinical preferences (settings, transfer queue state) locally in Chrome
`nativeMessaging`	Communicates with the local companion application via Chrome's secure native messaging channel
`clipboardWrite`	Copies field values to your clipboard as a fallback when direct EMR field injection is not possible
`identity`	Authenticates you with your Fownd account via single sign-on
`https:///` (all HTTPS sites)	Synapse must interact with any EMR web application your organization uses. Because EMR systems vary by provider, a broad host permission is required — similar to password managers or accessibility tools. Synapse only activates on pages you explicitly initiate a transfer on.

5. Data Retention

Clinical data (PHI): Held in memory only during active transfer sessions. Never persisted to disk, logs, or databases. Discarded when the companion application process ends.
Authentication tokens: Stored locally on your device. Refreshed periodically and revocable at any time through your Fownd account.
Mapping metadata: Structural metadata sent to Fownd servers is retained to improve mapping accuracy for your organization. It contains no clinical content.
Chrome local storage: Non-clinical preferences are stored in Chrome's extension storage on your device. You can clear this data by removing the extension.

6. When We Share Information

We do not sell your personal information or clinical data. We may share non-clinical information in these limited circumstances:

Service providers: Amazon Web Services (cloud infrastructure and AI inference), processed under data processing agreements.
Authentication: Your identity provider credentials are verified through Keycloak (self-hosted by Fownd).
Legal requirements: If required by law, regulation, or valid legal process.
Business transfers: In connection with a merger, acquisition, or sale of assets, subject to the same privacy protections.

7. Security

We implement multiple layers of protection:

All communication between the extension and companion application uses HMAC-signed JSON-RPC over Chrome's native messaging channel (no network exposure).
Clinical data is held in process memory only — never written to disk, logs, or databases.
The extension displays only redacted patient information (first initial, masked MRN/DOB).
Trace and diagnostic data is stripped of clinical content before any persistence.
Authentication uses industry-standard OAuth 2.0 with PKCE.

8. HIPAA Compliance

Synapse is designed to support HIPAA-compliant clinical workflows. Because PHI is processed exclusively on your local device and never transmitted to Fownd servers, the Software functions as a local tool under your organization's existing HIPAA controls. Fownd Inc. does not act as a Business Associate with respect to PHI processed by the companion application, as no PHI is disclosed to Fownd.

9. Children's Privacy

Synapse is a professional clinical tool and is not directed at children under 18. We do not knowingly collect personal information from minors.

10. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or port your personal information. Because clinical data processed by Synapse exists only in local memory and is never transmitted to our servers, these rights apply primarily to your Fownd account information and any structural metadata we hold.

To exercise your rights, contact us at info@fownd.care.

For comprehensive details on US state privacy rights (California, Virginia, Colorado, Connecticut, and others), please see Section 11 of our General Privacy Policy.

11. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated through the extension or the Synapse download portal. The "Last updated" date at the top indicates when this policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or Synapse's data practices:

Email: info@fownd.care
Mail: Fownd Inc., 600 N Broad St #730, Middletown, DE 19709, United States
General Privacy Policy: View on Termly