← Back to home

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect the following categories of information:

  • Account information: Email address, name, and password when you sign up.
  • Stripe data via OAuth: Subscription, customer, and revenue data we access with your authorization to sync to HubSpot.
  • HubSpot data via OAuth: Contact and company records we read and update to keep MRR and revenue information current.
  • Usage data: Logs of sync activity, API usage, and how you interact with the Service.

2. How We Use Your Information

We use your information to provide and improve the Service, including syncing data between Stripe and HubSpot, supporting your account, detecting and preventing fraud, and complying with legal obligations. We may use aggregated, anonymized data for analytics and product improvement. We do not sell your personal data.

3. Data Storage and Security

Your data is stored on Supabase and other infrastructure we control. OAuth tokens for Stripe and HubSpot are encrypted at rest using AES-256-GCM. We use industry-standard encryption in transit (TLS). Access to production data is restricted and logged. We regularly review our security practices and respond promptly to any identified vulnerabilities.

4. Third-Party Services

We rely on the following third-party services:

  • Stripe: Payment processing and the source of subscription data we sync.
  • HubSpot: The destination for synced MRR and revenue data.
  • Supabase: Database and authentication infrastructure.
  • Vercel: Hosting and deployment.

Each provider has its own privacy policy. We select vendors with strong data protection practices and contractual commitments to safeguard your data.

5. Data Retention

We retain your account data and sync history for as long as your account is active. After account deletion, we delete or anonymize personal data within a reasonable period, except where we must retain it for legal, regulatory, or security purposes. Backups may retain data for a limited time before being purged.

6. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data.
  • Delete: Request deletion of your personal data.
  • Export: Receive your data in a portable format.

To exercise these rights, contact us at support@syncfy.ai. You can also delete your account and disconnect OAuth integrations from within the Service.

7. Cookies and Tracking

We use cookies and similar technologies for authentication, session management, and analytics. We use Google Tag Manager to manage analytics and marketing tags. You can control cookies through your browser settings; disabling certain cookies may affect Service functionality.

8. Children's Privacy

The Service is not intended for users under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

9. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will post changes on this page and update the "Last updated" date. For material changes, we may notify you by email or through the Service. Continued use after changes constitutes acceptance.

10. Contact

For privacy-related questions or requests, contact us at support@syncfy.ai.