Privacy Policy

Syncaut ("Syncaut," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you visit our website at syncaut.com and use our platform and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this policy. If you do not agree with its terms, please discontinue use of the Service immediately.

This Privacy Policy applies to all users of the Service worldwide. Where applicable law imposes additional requirements — including the General Data Protection Regulation (GDPR) for users in the European Economic Area, the UK GDPR for users in the United Kingdom, and the California Consumer Privacy Act (CCPA) for California residents — we comply with those additional obligations as described in the relevant sections below.

We collect the following categories of information:

Information you provide directly:

• Account information: name, email address, username, and password when you register for an account.
• Payment information: billing address and payment method details. We do not store your full payment card details — these are processed directly by our payment processor, Polar (polar.sh), and subject to their privacy policy.
• Communications: information you provide when you contact us for support, send us feedback, or otherwise communicate with us.
• Profile information: any additional information you choose to add to your account profile.

Information collected automatically:

• Usage data: pages visited, features used, workflows created and executed, timestamps, and interactions with the Service.
• Device and technical data: IP address, browser type and version, operating system, device identifiers, time zone, and referring URLs.
• Cookies and tracking technologies: as described in our Cookie Policy.
• Log data: server logs including error reports, access logs, and diagnostic data.

Information from third parties:

• OAuth providers: if you register or log in using Google or another OAuth provider, we receive your name and email address from that provider.
• Third-party integrations: when you connect third-party services to the Service (e.g., Shopify, Klaviyo, Slack), we receive data necessary to facilitate those integrations.

When you connect your Google account to Syncaut, we request access to specific Google services to provide workflow automation and data synchronization features. This section describes how we access, use, store, and share Google user data.

Google Services We Access:

• Google Drive: We access your Google Drive files in read-only mode to enable you to sync, reference, and use your Drive files within automated workflows.
• Google Sheets: We access your Google Sheets spreadsheets to read, edit, create, and delete spreadsheets as part of your workflow automations and data synchronization tasks.

How We Use Google User Data:

• Workflow automation: To execute the automated workflows you create, which may include reading data from Google Sheets, creating new spreadsheets, updating existing data, or accessing files from Google Drive.
• Data synchronization: To synchronize data between your Google account and other third-party services you connect to Syncaut.
• File operations: To perform file operations you configure in your workflows, such as downloading Drive files, reading spreadsheet data, or creating new spreadsheets.
• Service functionality: To provide the core features of the Service that you have explicitly requested and configured.

How We Store Google User Data:

• Google user data is stored securely using industry-standard encryption both in transit (TLS) and at rest.
• We store only the minimal data necessary to provide the Service functionality you have requested.
• Access tokens and refresh tokens for your Google account are encrypted and stored securely in our database.
• File content from Google Drive or Google Sheets may be temporarily cached during workflow execution but is not permanently stored unless explicitly configured in your workflow settings.

How We Share Google User Data:

• We do not sell, rent, or share your Google user data with third parties for marketing purposes.
• Google user data may be shared only in the following circumstances:
  • With your explicit instruction: When you configure a workflow to transfer data from Google services to another connected service (e.g., syncing Google Sheets data to Shopify).
  • With service providers: We use trusted third-party cloud infrastructure providers (including hosting and database services) who are contractually bound to maintain the security and confidentiality of your data.
  • Legal compliance: If required by law, regulation, legal process, or governmental request.

Data Retention and Deletion:

• We retain Google user data only for as long as your account is active and you maintain the Google service connection.
• You may revoke Syncaut's access to your Google account at any time through your Google Account settings or through your Syncaut account settings.
• Upon disconnecting your Google account or deleting your Syncaut account, we will delete all associated Google user data within ninety (90) days, except where retention is required for legal or regulatory compliance.
• Temporary workflow execution data is deleted immediately upon completion of the workflow or within twenty-four (24) hours, whichever is sooner.

Your Control Over Google Data:

• You have full control over which Google services Syncaut can access.
• You can review and revoke access permissions at any time through your Syncaut account settings or your Google Account permissions page at myaccount.google.com/permissions.
• You can delete specific workflow data or your entire account at any time through your account settings.

Limited Use Disclosure:

Syncaut's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

We use the information we collect for the following purposes:

• Providing the Service: to operate, maintain, and improve the Service; to create and manage your account; and to process your subscription and transactions.
• Communications: to send you transactional emails (account confirmation, password reset, billing receipts, service notifications) and, with your consent, marketing communications.
• Support: to respond to your enquiries, troubleshoot problems, and provide technical assistance.
• Security: to detect, prevent, and investigate fraud, abuse, security incidents, and other potentially harmful or illegal activities.
• Analytics and improvement: to understand how users interact with the Service and to improve its functionality, performance, and user experience.
• Legal compliance: to comply with applicable law, regulation, legal process, or enforceable governmental requests.
• Enforcement: to enforce our Terms of Service and other agreements.

We process your personal data on the following legal bases (where GDPR or UK GDPR applies): (a) performance of a contract (providing the Service you have requested); (b) compliance with a legal obligation; (c) our legitimate interests (security, fraud prevention, service improvement), where those interests are not overridden by your rights; and (d) your consent, where required.

We do not sell your personal data to third parties. We may share your information in the following circumstances:

• Service providers: we engage third-party vendors to assist in providing the Service, including cloud hosting providers, payment processors, email delivery providers, analytics services, and customer support tools. These vendors are bound by contractual obligations to process data only as directed by us and to maintain appropriate security measures.
• Third-party integrations: when you connect a third-party service to your account, we share the data necessary to facilitate that integration with the relevant third party.
• Business transfers: in the event of a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
• Legal requirements: we may disclose your information where required by law, regulation, court order, or other legal process, or where we believe disclosure is necessary to protect our rights, property, or safety, or that of others.
• With your consent: we may share your information for any other purpose with your explicit consent.

We retain your personal data for as long as your account is active or as needed to provide the Service. We also retain data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Upon account deletion, we will delete or anonymise your personal data within ninety (90) days, except where we are required to retain certain data for legal, regulatory, or legitimate business purposes (such as financial records, which we may retain for up to seven (7) years).

We implement and maintain appropriate technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption of data in transit using TLS, access controls, and regular security assessments.

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.

Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your own.

Where we transfer personal data from the European Economic Area or the United Kingdom to countries that have not been deemed to provide an adequate level of protection, we rely on appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or UK International Data Transfer Agreements, to ensure your data is protected.

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access: the right to request a copy of the personal data we hold about you.
• Rectification: the right to request correction of inaccurate or incomplete personal data.
• Erasure: the right to request deletion of your personal data, subject to certain exceptions.
• Restriction: the right to request that we restrict processing of your personal data in certain circumstances.
• Portability: the right to receive your personal data in a structured, machine-readable format.
• Objection: the right to object to processing of your personal data based on our legitimate interests.
• Withdrawal of consent: where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior processing.
• Non-discrimination (California residents): the right not to receive discriminatory treatment for exercising your CCPA rights.

To exercise any of these rights, please submit a request to [email protected]. We will respond within thirty (30) days, or within the timeframe required by applicable law. We may require verification of your identity before processing your request.

If you are located in the EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority.

The Service is not directed to children under the age of eighteen (18). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us at [email protected] and we will take steps to delete such information.

The Service may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through the Service.

With your consent, we may send you marketing communications about our products, features, and promotions. You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected]. Opting out of marketing communications does not affect your receipt of transactional or service-related emails.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. We may also notify you by email. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: [email protected]
• Support: [email protected]