Privacy Policy

Syncaut ("Syncaut," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you visit our website at syncaut.com and use our platform and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this policy. If you do not agree with its terms, please discontinue use of the Service immediately.

This Privacy Policy applies to all users of the Service worldwide. Where applicable law imposes additional requirements — including the General Data Protection Regulation (GDPR) for users in the European Economic Area, the UK GDPR for users in the United Kingdom, and the California Consumer Privacy Act (CCPA) for California residents — we comply with those additional obligations as described in the relevant sections below.

We collect the following categories of information:

Information you provide directly:

• Account information: name, email address, username, and password when you register for an account.
• Payment information: billing address and payment method details. We do not store your full payment card details — these are processed directly by our payment processor, Polar (polar.sh), and subject to their privacy policy.
• Communications: information you provide when you contact us for support, send us feedback, or otherwise communicate with us.
• Profile information: any additional information you choose to add to your account profile.

Information collected automatically:

• Usage data: pages visited, features used, workflows created and executed, timestamps, and interactions with the Service.
• Device and technical data: IP address, browser type and version, operating system, device identifiers, time zone, and referring URLs.
• Cookies and tracking technologies: as described in our Cookie Policy.
• Log data: server logs including error reports, access logs, and diagnostic data.

Information from third parties:

• OAuth providers: if you register or log in using Google or another OAuth provider, we receive your name and email address from that provider.
• Third-party integrations: when you connect third-party services to the Service (e.g., Shopify, Klaviyo, Slack), we receive data necessary to facilitate those integrations.

We use the information we collect for the following purposes:

• Providing the Service: to operate, maintain, and improve the Service; to create and manage your account; and to process your subscription and transactions.
• Communications: to send you transactional emails (account confirmation, password reset, billing receipts, service notifications) and, with your consent, marketing communications.
• Support: to respond to your enquiries, troubleshoot problems, and provide technical assistance.
• Security: to detect, prevent, and investigate fraud, abuse, security incidents, and other potentially harmful or illegal activities.
• Analytics and improvement: to understand how users interact with the Service and to improve its functionality, performance, and user experience.
• Legal compliance: to comply with applicable law, regulation, legal process, or enforceable governmental requests.
• Enforcement: to enforce our Terms of Service and other agreements.

We process your personal data on the following legal bases (where GDPR or UK GDPR applies): (a) performance of a contract (providing the Service you have requested); (b) compliance with a legal obligation; (c) our legitimate interests (security, fraud prevention, service improvement), where those interests are not overridden by your rights; and (d) your consent, where required.

We do not sell your personal data to third parties. We may share your information in the following circumstances:

• Service providers: we engage third-party vendors to assist in providing the Service, including cloud hosting providers, payment processors, email delivery providers, analytics services, and customer support tools. These vendors are bound by contractual obligations to process data only as directed by us and to maintain appropriate security measures.
• Third-party integrations: when you connect a third-party service to your account, we share the data necessary to facilitate that integration with the relevant third party.
• Business transfers: in the event of a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
• Legal requirements: we may disclose your information where required by law, regulation, court order, or other legal process, or where we believe disclosure is necessary to protect our rights, property, or safety, or that of others.
• With your consent: we may share your information for any other purpose with your explicit consent.

We retain your personal data for as long as your account is active or as needed to provide the Service. We also retain data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Upon account deletion, we will delete or anonymise your personal data within ninety (90) days, except where we are required to retain certain data for legal, regulatory, or legitimate business purposes (such as financial records, which we may retain for up to seven (7) years).

We implement and maintain appropriate technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption of data in transit using TLS, access controls, and regular security assessments.

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.

Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your own.

Where we transfer personal data from the European Economic Area or the United Kingdom to countries that have not been deemed to provide an adequate level of protection, we rely on appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or UK International Data Transfer Agreements, to ensure your data is protected.

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access: the right to request a copy of the personal data we hold about you.
• Rectification: the right to request correction of inaccurate or incomplete personal data.
• Erasure: the right to request deletion of your personal data, subject to certain exceptions.
• Restriction: the right to request that we restrict processing of your personal data in certain circumstances.
• Portability: the right to receive your personal data in a structured, machine-readable format.
• Objection: the right to object to processing of your personal data based on our legitimate interests.
• Withdrawal of consent: where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior processing.
• Non-discrimination (California residents): the right not to receive discriminatory treatment for exercising your CCPA rights.

To exercise any of these rights, please submit a request to [email protected]. We will respond within thirty (30) days, or within the timeframe required by applicable law. We may require verification of your identity before processing your request.

If you are located in the EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority.

The Service is not directed to children under the age of eighteen (18). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us at [email protected] and we will take steps to delete such information.

The Service may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through the Service.

With your consent, we may send you marketing communications about our products, features, and promotions. You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected]. Opting out of marketing communications does not affect your receipt of transactional or service-related emails.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. We may also notify you by email. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: [email protected]
• Support: [email protected]