Legal

Privacy Policy.

How SyncHq collects, uses, and protects your data - in plain language.

Return_Home
EffectiveJuly 1, 2025
Last updatedJune 2026
Version1.2

1. Introduction

The short version: We collect what we need to run the Services, we do not sell your personal data, and we only share it with the sub-processors listed in section 4. You can export or delete your data at any time by writing to privacy@synchq.in.

SyncHq ("SyncHq", "we", "our", "us") provides a project-management and client-collaboration platform built for agencies, studios, and professional service teams. The Services - synchq.in, our hosted web applications, the organization dashboard, the client portal, and any related APIs - help teams run projects, manage tasks and sprints, collaborate with their clients, capture work through AI-assisted intake, and handle billing.

This Privacy Policy explains what personal data we collect when you use the Services, why we collect it, who we share it with, how long we keep it, and the choices and rights you have. It applies to everyone who interacts with SyncHq: account owners, team members, invited clients, and visitors to our website.

Where we act as a "data controller" we decide how and why your personal data is processed - this is typically the case for account, billing, and usage data. Where you upload project and client content into your workspace, we act as a "data processor" handling that content on your behalf and under your instructions. This document uses defined terms consistent with our Terms of Service at /terms.

2. Data we collect

Account data. When you create an account or are invited to a workspace, we collect your name, work email, a hashed password, and optional profile details such as a job title, avatar, and timezone. If you sign in with a third-party provider, we receive your profile email and display name from that provider.

Organization and workspace data. For each organization we store its name, branding, team membership, roles and permissions, and configuration settings.

Project and client data. This is the content you and your team create inside SyncHq: projects, sub-projects, tasks, sprints, comments, files and documents, knowledge-base pages, client portal records, and the contact details of clients you invite. We process this content on your behalf to operate the Services.

Intake data. When you use AI-assisted client intake, we collect the conversation transcript, the answers your clients provide, and any documents or links they share, so we can structure that information into projects and scopes.

Billing data. When you subscribe to a paid plan we collect your billing contact, plan, and transaction history. Card and payment-instrument details are handled directly by our payment processors - we do not store full card numbers on our servers.

Usage and device data. We log how the Services are used: pages and features accessed, actions taken, approximate location derived from IP address, browser and device type, and diagnostic information such as error stack traces and request latency. We use this to keep the Services reliable and secure, not to build advertising profiles.

Cookies and similar technologies. We use a small set of first-party cookies described in section 9. We do not use third-party advertising or cross-site tracking cookies.

3. How we use data

  • To provide and operate the Services - authenticating you, rendering your workspace, and storing the projects, tasks, and client records you create.
  • To run AI-assisted intake and other AI features, by sending the relevant input to our model provider strictly to generate your result in the moment.
  • To manage subscriptions, process payments, issue invoices, and prevent payment fraud through our payment processors.
  • To send transactional messages such as receipts, password resets, invitations, security alerts, and important changes to the Services.
  • To provide support, respond to your requests, and investigate issues you report.
  • To keep the Services secure - detecting, preventing, and responding to abuse, fraud, and unauthorized access.
  • To improve the Services by diagnosing errors, measuring feature usage in aggregate, and prioritizing what to build.
  • To comply with our legal obligations and enforce our Terms of Service.

Our legal bases for processing (where the GDPR or similar laws apply) are: performance of our contract with you, our legitimate interests in operating and improving the Services securely, your consent where we ask for it, and compliance with legal obligations.

4. Sub-processors and sharing

We do not sell your personal data, and we do not share it for advertising. We rely on a focused set of sub-processors who process data on our behalf under contractual data-protection commitments:

  • Neon (PostgreSQL) - primary application database hosting (US / EU regions).
  • Cloudflare - CDN, DDoS protection, edge delivery, and hosting infrastructure (global).
  • Cloudflare R2 - storage of uploaded documents and files.
  • Cloudinary - image upload, processing, and delivery.
  • Resend - transactional email delivery.
  • Stripe and Dodo Payments - subscription billing and payment processing.
  • OpenAI - powering AI-assisted intake and other AI features; content is sent only to generate your result.

We may also disclose data when required by law or valid legal process, to protect the rights, safety, and security of SyncHq, our users, or the public, or in connection with a merger, acquisition, or sale of assets - in which case we will require the recipient to honor this Privacy Policy.

5. AI processing

SyncHq includes AI-assisted features, most notably AI-driven client intake. Generating an AI result means sending the relevant input to an AI model provider, so we want to be clear about what that involves.

  • What is processed. When you or your client uses AI intake or another AI feature, the relevant prompt, conversation, and any attached content are sent to our AI model provider strictly to produce the result you asked for.
  • Not used to train public models. We send this content under terms that prohibit the provider from using your content to train or improve its general-purpose models, and we do not use your private workspace content to train public AI models.
  • Minimization. We send only what is needed to generate the result, and the output is stored in your workspace under your control.

This processing is consistent with our wider stance: we do not sell your data and we do not run third-party ad trackers.

6. Storage and security

Application data is stored in our managed PostgreSQL database (Neon) and uploaded files are stored in object storage (Cloudflare R2 and Cloudinary), with encryption at rest. Data in transit is protected with TLS 1.3.

We apply role-based access control following the principle of least privilege, restrict internal access to production data, maintain audit logging of sensitive actions, and keep encrypted, regularly tested backups. No method of transmission or storage is perfectly secure, but we work continuously to protect your data and to detect and respond to incidents. If a breach affects your personal data, we will notify you and any required regulator as the law requires.

7. Data retention

We retain your data for as long as your workspace is active. When you cancel, workspace data is retained for 30 days to allow recovery and export, after which it is permanently deleted. You may request immediate deletion at any time by writing to privacy@synchq.in.

  • Audit logs are retained for 90 days.
  • Transactional email and invoice records are retained for up to 12 months, or longer where tax and accounting law requires.
  • Aggregated, anonymized usage data that can no longer identify you may be retained indefinitely for analytics.

8. International transfers

SyncHq operates globally and our sub-processors may process data in the United States, the European Union, and other regions. Where personal data is transferred across borders, we rely on appropriate safeguards - such as the European Commission's Standard Contractual Clauses or an equivalent mechanism - so that your data continues to receive an adequate level of protection wherever it is processed.

9. Your rights

Depending on where you live, you may have rights under the GDPR, the UK GDPR, the CCPA/CPRA, and similar laws. These include the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data ("right to be forgotten").
  • Export your data in a portable, machine-readable format.
  • Restrict or object to certain processing.
  • Withdraw consent where processing relies on consent.
  • Not be subject to discrimination for exercising these rights.

To exercise any of these rights, email privacy@synchq.in. We respond within 30 days. Exports are provided in JSON or CSV format. Account deletion permanently removes workspace data after the retention window in section 7. If you are a client invited into a workspace, some requests may need to be directed to the organization that controls that workspace; we will help route them.

10. Cookies

We use a small number of first-party cookies that are strictly necessary to run the Services - for example, to keep you signed in and to remember your theme and interface preferences. We do not use third-party advertising cookies or cross-site trackers that follow you around the web. Any product analytics we collect are aggregated and used to improve the Services, not to profile you for advertising. You can control cookies through your browser settings, though disabling strictly necessary cookies may prevent you from signing in.

11. Children's privacy

SyncHq is a business tool intended for use by organizations and professionals. It is not directed at children, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, contact privacy@synchq.in and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through an in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version. Continued use of the Services after a change takes effect means you accept the updated policy.

13. Contact

For privacy-related questions or to exercise your rights:

  • Email: privacy@synchq.in
  • General contact: hello@synchq.in

We respond to data-related requests within 30 days.

Last_Updated: June 2026

privacy@synchq.in