SyncroLog in

Privacy Policy

Last updated: May 14, 2025

1. Who we are

Syncro ("we", "our", or "us") is an event planning tool that helps users manage vendors, payments, milestones, and documents for their events. This policy explains what personal data we collect when you use our service and how we use it.

2. Data we collect

We only collect what is necessary to provide the service:

  • Account information — your name and email address, provided when you sign up with email/password or via Google OAuth.
  • Country — used solely to display the correct local currency symbol within the app.
  • Event data — events, vendors, milestones, and payments you create while using the app. This data belongs to you.
  • Uploaded documents — files (PDF, images, DOCX) you attach to vendors. Stored privately and accessible only to your account.
  • Authentication tokens — session cookies set by our auth provider (Supabase) to keep you logged in securely.

We do not collect payment card details, bank account information, or any financial data about you. Payment amounts you enter in the app are vendor payment records you create yourself — they are not processed by us.

3. How we use your data

  • To create and manage your account.
  • To provide the core features of the app (events, vendors, timeline, documents).
  • To display currency symbols appropriate to your country.
  • To authenticate you securely on each visit.
  • To respond to support requests you send us directly.

We do not use your data for advertising, profiling, or any purpose beyond operating the service.

4. Data storage and security

All data is stored in Supabase, a managed cloud database and storage platform. Data is encrypted in transit (TLS) and at rest. Row-level security policies ensure that each user can only access their own data — even at the database level.

Uploaded documents are stored in a private storage bucket. Signed URLs are required to access any file; files are not publicly accessible.

5. Third-party services

We use the following third-party services to operate Syncro:

  • Supabase — database, authentication, and file storage. Your data is processed under their privacy policy.
  • Google OAuth — optional sign-in method. We only receive your name and email from Google; no other Google account data is accessed.
  • Resend — transactional email delivery. Your email address is passed to Resend solely to send you notifications and responses to feedback you submit. Resend does not use it for any other purpose.

We do not sell, rent, or share your data with any other third parties.

6. Cookies

We use one cookie, sb-auth-token, set by Supabase to maintain your authenticated session. It is an HTTP-only, secure cookie and is cleared when you sign out. We do not use tracking, analytics, or advertising cookies, and no cookie consent banner is shown because this cookie is strictly necessary for the service to function.

7. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data via the app settings.
  • Delete your account and all associated data — contact us at the email below and we will process the deletion within 30 days.
  • Export your event data — contact us and we will provide a copy in a portable format.

8. Data retention

We retain your data for as long as your account is active. If you delete your account, all personal data and event data is permanently removed from our systems within 30 days.

9. Children

Syncro is not directed at children under 16. We do not knowingly collect data from anyone under this age. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. If changes are material, we will notify you by email or by a notice within the app before they take effect. The date at the top of this page always reflects the most recent revision.

11. Contact

Questions or requests regarding your data can be sent to [email protected].