synthrek

Privacy disclosure resources for indie app launches.

A public library of matrix rows, source notes, and cautious explainers for founders who need to align their stack with app-store and privacy-policy disclosures.

Disclosure matrix

Vendor-by-vendor rows across Apple, Google, GDPR, and cookie-review surfaces.

Open →

Source ledger

Primary platform, regulator, and vendor sources used by Synthrek’s educational content.

Open →

Preview request

A static page explaining what to send if you want a source-cited stack preview.

Open →

Surfaces

Start with the form you need to answer.

App Store surface

Apple Privacy Details

Map your stack to the privacy labels and data categories Apple asks about before an app goes live.

Play Console surface

Google Data Safety

Translate the same stack into Google Play Data Safety answers without letting them drift from your hosted policy.

EU disclosure surface

GDPR Processor Notes

Keep a plain-language list of processors, regions, source links, and open review questions for small apps.

Consent surface

Cookie Banner Checks

Flag analytics, fraud-prevention, auth, and bot-management cookies before they become launch-week surprises.

Latest explainers

Written as launch checks.

how-to confidence medium

Apple Privacy Manifest files explained for indie iOS developers in 2026

What goes inside a PrivacyInfo.xcprivacy file, why Apple now expects one for many SDKs, and how a solo iOS developer can map their stack to the four required arrays without guessing.
template confidence medium

Google Play Data Safety form for solo devs: a row-by-row example

An example walkthrough of Google Play's Data safety section for an indie app that uses Stripe, Supabase, PostHog, and Resend — with the categories Google's documentation defines and cautious wording where the docs leave room for judgement.
checklist confidence medium

What disclosures Stripe, PostHog, Supabase, and OpenAI typically require in your privacy policy (with example wording)

A vendor-by-vendor walk-through of which data Stripe, PostHog, Supabase, and OpenAI handle, the processor entries each vendor's own docs ask you to include, and example wording you can adapt for your own privacy policy.
risk confidence medium

GDPR processor list for tiny apps: who you have to name, where, and why

What GDPR Article 13 and 14 actually require when you disclose processors in your privacy policy, with an example processor list for an indie app and cautious wording where the regulation leaves judgement to the controller.
mistakes confidence medium

Privacy policy templates that get apps rejected from the App Store (and what to do instead)

Patterns we see repeatedly in App Store privacy rejections — fields that are blank in the App Privacy Details form, inconsistent disclosures between the policy and the form, and SDK manifests that aren't ratified — with cautious wording on how to recover.
decision confidence low

Cookie banner vs no cookie banner: when an indie app actually needs one in 2026

A decision-tree walkthrough of when an indie SaaS that uses PostHog, Stripe, Supabase, or Google Analytics typically needs a cookie consent banner, with cautious wording where local guidance varies.