Privacy Policy

Last updated: April 14, 2026

Syncific ("we", "our", "us") operates the website syncific.com and the web application at app.syncific.com. This policy explains how we collect, use, and protect your information.

1. Information We Collect

Account information: When you create an account, we collect your email address and license key. Payment is processed by Stripe; we do not store credit card numbers.

OAuth tokens: When you connect sources (Adobe Lightroom, Figma, Canva, Dropbox, Google Drive, OneDrive, Shutterstock) or destinations (WordPress, Shopify, HubSpot, Contentful, Webflow), we store encrypted OAuth tokens to maintain your connections. These are encrypted at rest using AES-256.

Asset metadata: We store metadata about synced assets (filenames, dimensions, timestamps, sync status) in our database. We do not store your actual image files; they pass through our servers transiently during sync.

Usage data: We log sync activity, error events, and feature usage to improve the service and provide you with dashboards.

Analytics: We use Google Analytics (GA4) to understand how visitors use our marketing site. This is only loaded if you accept cookies. No analytics tracking occurs inside the application.

2. How We Use Your Information

To provide, maintain, and improve the Syncific service
To process your subscription and billing through Stripe
To send transactional emails (license keys, password resets, sync notifications) via Brevo
To provide customer support
To detect and prevent abuse or unauthorized access

We do not sell your personal information to third parties. We do not use your data for advertising.

3. Data Processors

We use the following third-party services to operate Syncific:

Cloudflare (infrastructure, CDN, Workers, D1 database) — USA/Global
Stripe (payment processing) — USA
Brevo (transactional email) — France/EU
Google Analytics (marketing site analytics, with consent) — USA
OpenRouter (optional AI features, only when you use AI Generate or AI enrichment) — USA

4. Data Storage and Security

Your data is stored on Cloudflare's global network. OAuth credentials are encrypted using AES-256 encryption. All connections use HTTPS/TLS. We follow industry-standard security practices including JWT authentication, HMAC-signed webhooks, and encrypted credential storage.

5. Your Rights (GDPR / CCPA)

If you are in the European Economic Area, United Kingdom, or California, you have the right to:

Access your personal data
Correct inaccurate data
Delete your account and associated data
Export your data (sync map CSV export is available in the app)
Object to processing or restrict processing
Withdraw consent for analytics cookies at any time

To exercise any of these rights, email privacy@syncific.com.

6. Cookies

Our marketing site (syncific.com) uses Google Analytics cookies only with your explicit consent. You can accept or decline cookies when you first visit. The Syncific application (app.syncific.com) uses only essential cookies for authentication (JWT token in localStorage) and does not use any tracking cookies.

7. Data Retention

We retain your account data and sync history for the duration of your subscription. If you cancel, your data is retained for 30 days to allow reactivation, then permanently deleted. You can request immediate deletion at any time.

8. Children

Syncific is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice in the application. The "last updated" date at the top reflects the most recent revision.

10. Contact

For privacy-related questions or requests:

Email: privacy@syncific.com
Website: syncific.com