Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your email address, a password (which is stored only in irreversibly hashed form), and your organization and display name. If you register using a third-party authentication provider such as Google or Microsoft, we collect the email address associated with that account.

Platform Integrations

When you connect a third-party platform to your Syncello account — including Google Workspace, Microsoft, Podio, Tape, ShareFile, Slack, BatchData, QuickBooks, or Stripe — we collect and store the OAuth tokens or API keys necessary to maintain that connection, along with your platform user identifier, display name, and email address. We may also collect workspace, application, and field metadata such as names, identifiers, and structural information required to provide our services. All credentials are encrypted at rest using industry-standard encryption.

Google Workspace Data

When you connect your Google Workspace account, our AI agent may access Google services on your behalf, including Gmail, Google Drive, Google Calendar, Google Sheets, and Google Docs. Syncello accesses Google user data only when you explicitly instruct the AI agent to do so during an active session. We do not access, scan, index, or process your Google data in the background, on a schedule, or for any automated purpose. The agent may search, read, compose, or send email messages; search, view, create, or share files and folders; view, create, or modify calendar events; create, read, or write spreadsheet data; and create, read, or edit documents. We do not store the content of your emails, files, calendar events, spreadsheets, or documents on our servers. This data is accessed in real time during your AI agent session and is not retained after the session concludes.

Google user data is used solely to provide and improve user-facing features of the Service. We do not use Google user data for: targeted advertising, selling to data brokers, providing to information resellers, determining credit-worthiness, lending purposes, user advertisements, personalized advertisements, retargeted advertisements, interest-based advertisements, creating databases unrelated to the Service, or training artificial intelligence or machine learning models.

Syncello's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Content You Provide

We collect the prompts and instructions you submit to the AI agent, as well as any configuration data, automation definitions, or other content you create through the Service.

Automatically Collected Information

We automatically collect certain technical information when you use the Service, including your IP address and browser fingerprint (used for session security and abuse prevention) and usage metrics such as features accessed and AI token consumption.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve the Service. This includes authenticating your identity, establishing and managing your account, connecting to third-party platforms you authorize, and generating automation code and other outputs through our AI agent.

We use your payment information, processed exclusively through Stripe, to manage subscriptions and billing. We use your email address to send password resets, email verification messages, and important service notifications. We do not send marketing emails unless you have opted in to receive them.

We use technical information such as IP addresses, browser fingerprints, and session data to protect the security of your account through rate limiting, session validation, and audit logging. We may also analyze anonymized and aggregated usage patterns to diagnose issues, fix bugs, and improve the performance and reliability of the Service.

When you use the AI agent, your prompts and conversation context are transmitted to Anthropic (Claude) for processing. When you instruct the agent to interact with a connected platform such as Google Workspace, Microsoft, Podio, Tape, or another integration, the agent transmits the minimum data necessary to execute your request to the relevant third-party API. We do not retain the content of third-party data accessed during these interactions beyond the duration of your session.

We do not use your personal information, prompts, or any data received from third-party APIs — including Google Workspace data — to train artificial intelligence or machine learning models. Your prompts are processed by Anthropic solely to generate responses and are governed by Anthropic's data usage policies.

We do not sell, rent, or trade your personal information to third parties. We do not transfer, sell, or disclose Google user data to third parties for any purpose other than providing or improving the user-facing functionality of the Service. Specifically, Google user data is never transferred to third parties for advertising, data brokerage, information reselling, credit assessment, or lending purposes.

3. Cookies and Analytics

We use a single session cookie to maintain your authenticated session. This cookie is HTTP-only, transmitted only over secure connections, and contains no personal information.

We use Google Analytics to understand how users interact with the Service. Google Analytics collects anonymized usage data such as pages visited, session duration, and general geographic region. You may opt out of Google Analytics by using browser extensions or adjusting your browser's privacy settings.

We do not use advertising cookies, tracking pixels, or third-party behavioral tracking of any kind.

4. Third-Party Services

We share information with third-party service providers solely to the extent necessary to operate the Service. We do not sell or otherwise disclose your personal information for purposes unrelated to providing the Service.

AI Processing. Your prompts and conversation context are transmitted to Anthropic for AI code generation and agent responses. Anthropic processes this data solely to produce outputs on your behalf and does not use it to train its models under our agreement. When Google Workspace data is included in an AI agent interaction, it is transmitted to Anthropic solely to generate the response you requested. Anthropic does not retain, store, or use this data for any purpose other than generating that response. This processing is governed by our data processing agreement with Anthropic and complies with the Google API Services User Data Policy, including the Limited Use requirements.

Payment Processing. Subscription billing is handled by Stripe. We transmit your billing email address and payment method to Stripe for the purpose of processing charges, managing subscriptions, and preventing fraud. We do not store credit card numbers or other payment instrument details on our servers.

Email Delivery. Transactional emails — including password resets, email verification, and service notifications — are delivered through Resend. We share only your email address with Resend for this purpose.

Error Monitoring. We use Sentry to monitor application errors and performance. Sentry receives error logs and anonymized diagnostic context such as request identifiers and browser metadata. Sentry does not receive your email address, passwords, or the content of your prompts.

Analytics. We use Google Analytics to collect anonymized usage data as described in Section 3.

Infrastructure. The Service is hosted on Cloudflare (application hosting, content delivery, and file storage) and Neon (PostgreSQL database hosting). These providers process request data and stored application data in the course of providing their infrastructure services.

Platform Integrations. When you connect a third-party platform, we transmit OAuth tokens and API requests to that platform's servers to execute actions on your behalf. The platforms currently available for integration include Google Workspace (Gmail, Drive, Calendar, Sheets, and Docs), Microsoft, Podio, Tape, ShareFile, Slack, BatchData, QuickBooks, and Stripe. Your use of each connected platform is also governed by that platform's own terms of service and privacy policy. We store encrypted OAuth credentials for each active integration and delete them when you disconnect.

5. Data Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. All data transmitted between your browser and our servers is encrypted in transit using TLS. Sensitive credentials, including passwords and third-party OAuth tokens, are encrypted at rest. Passwords are stored using modern one-way hashing algorithms and are never stored in plaintext or reversible form.

Access to user data is restricted to authenticated sessions that are validated on every request. Sessions are bound to device fingerprints to detect and prevent session hijacking. We enforce rate limiting on authentication and API endpoints to mitigate brute-force and abuse attempts, and we maintain audit logs of security-relevant events.

Third-party API keys and OAuth tokens are stored in encrypted form and are never written to application logs or exposed through client-facing interfaces. Access tokens for connected platforms are cached for a maximum of one hour and are revoked or deleted when you disconnect an integration.

No method of electronic transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at [email protected].

6. Data Retention

We retain your account information, including your email address, display name, and organization details, for as long as your account remains active. If you delete your account, we will remove your personal data within thirty (30) days, except where retention is required by applicable law or necessary to resolve disputes or enforce our agreements.

Authenticated sessions expire after seven (7) days of inactivity. Session records are deleted upon expiration or logout.

When you disconnect a third-party integration, the associated OAuth tokens and cached access credentials are deleted promptly. Any integration metadata that is no longer required for the operation of your account is removed within thirty (30) days of disconnection.

AI agent conversations are ephemeral. Conversation state, including any third-party data accessed during a session, is automatically deleted after one hour of inactivity. We do not retain the content of your emails, files, calendar events, or other third-party data beyond the duration of your session. We may retain user-submitted prompts and error logs from third-party API interactions on a long-term basis for the purpose of diagnosing issues and improving the reliability and quality of the Service. These records do not include the content of your third-party data.

Anonymized and aggregated data that cannot be used to identify you may be retained indefinitely for the purpose of improving the Service.

7. Browser Extension

The Syncello browser extension stores conversation history locally in your browser. This data is not transmitted to or stored on our servers. Uninstalling the extension removes all locally stored data. The extension does not collect analytics, track browsing activity, or access any data outside of the Syncello interface.

8. Your Rights

You have the right to access, correct, and delete the personal information we hold about you. You may update your account information at any time through your account settings. You may disconnect any third-party integration at any time, which will revoke our access to that platform and delete the associated credentials from our systems.

You may permanently delete your account and all associated data at any time by navigating to Settings and selecting "Delete Account." This action is irreversible and will remove your personal information, organization data, team memberships, and all stored integration credentials. Data deletion will be completed within thirty (30) days of your request.

To request a copy of your personal data or to exercise any other rights available to you under applicable privacy laws, please contact us at [email protected]. We will respond to all requests within thirty (30) days.

If you are located in the European Economic Area, the United Kingdom, or California, you may have additional rights under the General Data Protection Regulation (GDPR), the UK Data Protection Act, or the California Consumer Privacy Act (CCPA), including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

9. Children's Privacy

The Service is designed for business users and is not directed at individuals under the age of thirteen (13). We do not knowingly collect personal information from children under thirteen. If you believe that a child has provided us with personal information, please contact us at [email protected] and we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you by email or through an in-app notification prior to the changes taking effect. Your continued use of the Service after the effective date of any revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the revised policy, you must discontinue use of the Service.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Syncello LLC
Email: [email protected]