Privacy Policy

What personal data we collect depends largely on the interaction that takes place between you and SyncU:

• •When you use the Service. We store all content you provide, including information related to you as a customer or end-user of the Service. We gather this information directly from you or from integrations you linked (WhatsApp, Instagram, Telegram, etc.).
• •When you send us emails or messages. We may store the content of such communications, attachments, and your contact details.
• •When you submit forms or register. We collect contact details and information you complete in registration, demo request, or contact forms.
• •When you use our website. We collect certain technical data (IP address, browser, device) that may constitute personal data.
• •From third-party integrations. For example, from payment service providers confirming whether your payment was successful.

• •Account details. Name, email address, password hash, business name, linked channel pages and accounts, subscription plan, location.
• •Financial information. Last four digits of card number, billing address, and payment transaction records (processed via our payment provider; we do not store raw card data).
• •Contact & business data. Full name, job title, company name, email, phone number collected for communication and cooperation purposes.
• •Messages and conversation data. Content of messages, media, and automated flow interactions processed on your behalf via connected channels.
• •Usage data & logs. IP address, browser type, device identifiers, pages visited, timestamps, feature usage frequency.
• •Cookies and similar technologies. See Section 9 for details.
• •Customer Content (Subscriber data). Personal data you import about your own customers or subscribers. We process this only on your behalf. You are responsible for ensuring you have appropriate permission and legal basis to share this data with us.

Please do not send us sensitive personal data (e.g. health data, racial/ethnic origin, political opinions, biometric data, criminal background) on or through the Service.

• •To operate the Service. Create and maintain your account, authenticate users, process billing, send security alerts and administrative notices.
• •To provide the Service. Route messages across connected channels, execute automation flows, AI responses, and broadcast campaigns on your behalf.
• •To communicate with you. Send product updates, feature announcements, and marketing communications (with opt-out provided in every email).
• •To comply with law. Meet applicable legal obligations, accounting and tax requirements, and respond to valid government requests.
• •For compliance and safety. Enforce our Terms of Service, protect rights and safety of SyncU and its users, and deter fraudulent or illegal activity.
• •To improve the Service. Analyse anonymised usage data to improve platform features and performance. We do not use your message content to train AI models without your explicit consent.

We do not sell your data or your subscribers' data to third parties for commercial or advertising purposes.

We share data only in the following circumstances:

• •Service Providers. Trusted vendors who assist with hosting, payments, email delivery, and monitoring — under strict confidentiality agreements.
• •Channel Platforms. When you send messages via WhatsApp, Instagram, or Telegram, those messages are transmitted through Meta and Telegram APIs per their respective policies.
• •AI Providers. If you enable AI features, message content may be forwarded to your configured AI provider (OpenAI, DeepSeek, OpenRouter) for generating replies. Only the minimum context needed is sent.
• •Professional Advisors. Lawyers, accountants, and auditors where necessary in the course of professional services rendered to us.
• •Legal Requirements. If required by law, court order, or government authority — after verifying the validity of such requests.
• •Business Transfers. In the event of a merger, acquisition, or sale of assets, your data may be transferred subject to equivalent privacy commitments.

Depending on your location, you may have the following rights:

• •Access. Request a copy of the personal data we hold about you.
• •Correction. Request correction of inaccurate or incomplete data.
• •Deletion. Request deletion of your personal data.
• •Portability. Receive your data in a structured, machine-readable format.
• •Objection. Object to certain processing activities.
• •Restriction. Request restriction of processing in certain circumstances.
• •Opt-out of marketing. Unsubscribe from marketing emails at any time via the link in any email or by contacting us.

To exercise any right, email privacy@syncu.app. We will respond within 30 days.

We retain personal data for as long as your account is active or as needed to provide the Service:

• •Account and contact data is deleted within 30 days of account deletion.
• •Message and conversation history is deleted within 30 days of account deletion.
• •Billing records are retained for 7 years as required by UAE commercial law.
• •Anonymised analytics data may be retained indefinitely.

You may request data deletion at any time by emailing privacy@syncu.app.

SyncU is based in Dubai, United Arab Emirates. If you access the Service from outside the UAE, your data may be transferred to and stored on servers in the UAE or other jurisdictions where our infrastructure providers operate.

For users in the European Economic Area (EEA) or United Kingdom, we ensure appropriate safeguards are in place for cross-border data transfers in compliance with applicable data protection law (e.g. Standard Contractual Clauses).

The Service is intended for business users aged 18 and older. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@syncu.app and we will delete it promptly.

We implement industry-standard technical and organisational security measures:

• •All data encrypted in transit using TLS 1.2+
• •Passwords hashed using bcrypt with a high work factor — never stored in plaintext
• •JWT access tokens expire after 15 minutes; refresh tokens expire after 7 days
• •Strict multi-tenant data isolation enforced at the database level — tenant data never crosses accounts
• •Regular dependency updates and security reviews

No method of transmission or storage is 100% secure. If you suspect a security incident, contact us immediately at privacy@syncu.app.

For users in the EEA or UK, our legal bases for processing personal data are:

• •Contract performance — processing necessary to provide the Service you signed up for.
• •Legitimate interests — improving our platform, preventing fraud, and direct marketing to existing customers.
• •Legal obligation — complying with applicable laws and regulations.
• •Consent — where you have given explicit consent (e.g. marketing emails for new prospects).

We may update this Privacy Policy periodically. When we make material changes, we will update the Effective Date and notify you via email or an in-app notice. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

For questions, requests, or concerns regarding this Privacy Policy: