Privacy Policy

This Privacy Policy explains how Sy-nc (“Sy-nc”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects your information when you use the Sy-nc application and website at sy-nc.app and sy-nc.co.uk (together, the “Service”). Sy-nc helps tradespeople and small businesses capture and manage customer enquiries (“leads”).

Data controller: [Legal company name, e.g. Sy-nc Ltd], [registered address]

Contact: [privacy@sy-nc.com or your support email]

ICO registration (UK): [registration number, if applicable]

1. Information we collect

We collect the following categories of information:

Account information. Your name, email address, company name, and password (passwords are handled by our authentication provider and never stored by us in readable form).

Lead and customer information. Details of enquiries you manage in Sy-nc — for example a prospective customer’s name, email, phone number, address, and a description of the work requested. You may enter this manually, import it, or it may be detected from your connected email inbox (see Section 3).

Connected account data. If you connect Google or Microsoft, we access certain data from those accounts to provide the Service (see Section 3).

Billing information. If you subscribe to a paid plan, payment is processed by Stripe. We do not store your full card details; we hold only a customer reference and subscription status.

Usage and technical information. Basic logs needed to operate and secure the Service, such as sign-in events and error logs.

2. How we use your information

We use your information only to provide and improve the Service, specifically to:

detect, organise, and manage your leads;
sync booked jobs to your connected calendar;
send transactional emails on your behalf (for example replies, quotes, team invitations, and assignment notifications);
provide AI-assisted features such as identifying which incoming emails are genuine job enquiries and drafting suggested replies (see Section 4);
process your subscription and send service-related notifications;
secure the Service and comply with our legal obligations.

We do not sell your personal information, and we do not use it for advertising.

3. Google and Microsoft user data

When you choose to connect a Google account, Sy-nc requests the following Google API scopes:

Gmail (read-only) — gmail.readonly: to scan your inbox for incoming job enquiries and import them as leads.
Gmail (compose) — gmail.compose: to create draft replies in your Gmail for you to review and send.
Google Calendar — calendar: to read your calendar and create events for jobs you book.

If you connect a Microsoft account, we access your Outlook mail and calendar for the equivalent purposes.

How we use this data. Google and Microsoft user data is used solely to provide the user-facing features described above. We access only what is needed for those features, and only while your account is connected.

Limited Use. Sy-nc’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

we use Google user data only to provide and improve the user-facing features that are prominent in the Sy-nc interface;
we do not use or transfer Google user data for serving advertising;
we do not use or transfer Google user data to train generalised or third-party artificial-intelligence or machine-learning models;
we do not allow humans to read your Google user data, except where you have given affirmative consent for specific messages, where it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or where the data has been aggregated and anonymised.

Disconnecting and revoking access. You can disconnect Google or Microsoft at any time from Settings → Privacy & Data in the app. Disconnecting revokes Sy-nc’s access and deletes the stored connection. You can also review and revoke access directly at myaccount.google.com/permissions.

4. AI processing

To identify which incoming emails are genuine job enquiries and to draft suggested replies, Sy-nc sends the relevant email content (such as the subject, sender, and a short preview) to Google’s Gemini API for processing. This is used only to provide these features in real time. This content is not used to train AI or machine-learning models, consistent with the Limited Use requirements above. [Confirm your Gemini API is on a tier where prompt content is not used for model training, e.g. the paid Gemini API or Vertex AI, and update this section to name the service used.]

5. How we share information (sub-processors)

We share information only with service providers who help us run the Service, under contracts that require them to protect it. Our key sub-processors are:

Supabase — secure database and authentication.
Vercel — application hosting.
Postmark — sending transactional email.
Stripe — subscription billing and payments.
Google — Gmail, Google Calendar, and the Gemini API (for connected Google accounts and AI features).
Microsoft — Outlook mail and calendar (for connected Microsoft accounts).
Checkatrade — if you connect a Checkatrade account to import leads.

We may also disclose information where required by law, or to protect the rights, safety, and security of Sy-nc and its users.

6. How we protect your information

We take the security of your data seriously. Measures include:

all data transmitted over encrypted HTTPS connections;
OAuth access and refresh tokens, and other connected-account credentials, are encrypted at rest using AES-256-GCM, with keys held separately from the database;
access to production systems is restricted and logged.

No method of transmission or storage is completely secure, but we work to protect your information using industry-standard safeguards.

7. Data retention and deletion

We keep your information for as long as your account is active. You can delete your data at any time:

Delete your account: in Settings → Privacy & Data, choose Delete account. This permanently deletes your account and all associated data — leads, connected-account tokens, quotes, sync logs, and settings — and revokes our access to your connected accounts. This action cannot be undone.
You may also contact us at [your support email] to request deletion.

After deletion, residual copies may persist briefly in encrypted backups before being overwritten on our providers’ standard cycles.

8. Your rights

Depending on where you live, you may have rights under data-protection law (including the UK GDPR) to access, correct, delete, restrict, or object to our processing of your personal data, and to data portability. To exercise these rights, contact us at [your support email]. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

9. Children

Sy-nc is a business tool and is not directed at children. We do not knowingly collect data from anyone under 16.

10. Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the “Last updated” date above. Material changes will be notified to you within the Service or by email.

11. Contact us

Questions about this policy or your data? Contact us at [your support email] or [registered address].