Privacy Policy

Your privacy matters. Here's exactly how we handle your data.

Last updated: January 26, 2026

Your Data, Your Control

Access, export, or delete your data anytime

Secure by Design

End-to-end encryption for your messages

No Data Mining

We don't sell or share your data with advertisers

Minimal Collection

We only collect what's necessary to provide the service

1. Introduction

Welcome to Sync Superapp ("Sync," "we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web platform (collectively, the "Service").

By using Sync, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and use Sync, you provide us with:

  • Account Information: Email address, username, full name, and password (stored securely using Argon2 hashing—we never store your actual password)
  • Profile Information: Profile picture (avatar) and optional phone number for contact discovery
  • Communications: Messages, media files (images, videos, documents), and voice/video call participation
  • Contact Preferences: Friend lists, blocked users, and privacy settings you configure

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

  • Device Information: Device type, operating system, and browser type (for session management)
  • Session Data: IP address (for security and fraud prevention), login timestamps, and device identifiers
  • Push Notification Tokens: Device tokens required to deliver notifications (only if you enable notifications)
  • Usage Patterns: Feature usage for improving the Service (never linked to message content)

2.3 Information We Do NOT Collect

We respect your privacy and explicitly do not:

  • Read, analyze, or mine your message content for advertising
  • Track your location (we do not request location permissions)
  • Collect contacts from your device without explicit permission
  • Use third-party analytics that track individual users
  • Sell any personal data to third parties

3. How We Use Your Information

We use your information solely to provide, maintain, and improve the Service:

3.1 Core Service Functionality

  • Account Management: Create and manage your account, authenticate your identity
  • Messaging: Deliver your messages, media, and reactions to intended recipients
  • Calls: Enable audio and video calls between users
  • Notifications: Send push notifications for new messages, calls, and friend requests
  • Contact Discovery: Help you find friends by username or phone number (based on your privacy settings)

3.2 Security & Safety

  • Detect and prevent fraud, abuse, and unauthorized access
  • Monitor for suspicious login attempts and protect your account
  • Enforce our Terms of Service and community guidelines
  • Rate limiting to prevent spam and abuse

3.3 Service Improvement

  • Diagnose technical issues and fix bugs
  • Understand aggregate usage patterns to improve features
  • Develop new features based on user needs

4. Data Storage & Security

4.1 Where We Store Your Data

  • Account & Message Data: Stored on secure servers with encryption at rest
  • Media Files: Stored in Amazon Web Services (AWS) S3 with server-side encryption
  • Backups: Encrypted backups for disaster recovery

4.2 Security Measures

  • Encryption: All data transmitted using TLS 1.3 encryption
  • Password Security: Passwords are hashed using Argon2, the industry-leading algorithm
  • Session Security: JWT tokens with short expiration, secure cookie attributes
  • Access Controls: Strict internal access controls and audit logging
  • Regular Audits: Security assessments and vulnerability testing

4.3 Data Retention

  • Account Data: Retained while your account is active
  • Messages: Stored until you delete them or delete your account
  • Session Logs: IP addresses retained for 90 days for security purposes
  • Deleted Data: Permanently removed within 30 days of deletion request

5. Third-Party Services

We use trusted third-party services to provide specific functionality. Here's exactly what we share with each:

Amazon Web Services (AWS)

Purpose: Cloud infrastructure, file storage (S3), and email delivery (SES)

Data Shared: Media files you upload, email addresses for transactional emails

Privacy Policy: aws.amazon.com/privacy

Firebase Cloud Messaging (Google)

Purpose: Push notifications for messages, calls, and friend requests

Data Shared: Device tokens, notification content (message previews can be disabled in settings)

Privacy Policy: firebase.google.com/support/privacy

LiveKit

Purpose: Real-time audio and video call infrastructure

Data Shared: Anonymous room identifiers, call participant tokens (no message content)

Privacy Policy: livekit.io/privacy

Sentry (Error Monitoring)

Purpose: Crash reporting and error tracking to improve stability

Data Shared: Error logs, stack traces, device information (no personal data or message content)

Privacy Policy: sentry.io/privacy

6. Your Privacy Rights

You have full control over your data. Here are your rights:

Right to Access

Request a copy of all personal data we hold about you

Right to Portability

Export your data in a machine-readable format

Right to Deletion

Request complete deletion of your account and data

Right to Restrict

Control how your data is processed via privacy settings

Exercise Your Rights

To access, export, or delete your data, visit your Data & Privacy settings in your account. You can also contact us at privacy@syncsuperapp.com.

7. Privacy Settings You Control

Sync provides granular privacy controls. You can configure:

  • Profile Discoverability: Control whether others can find you by username or phone number
  • Online Status: Choose whether to show your online/last seen status
  • Friend Requests: Enable or disable auto-accept for friend requests
  • Read Receipts: Control whether others see when you've read their messages
  • Notification Content: Choose whether message previews appear in notifications
  • Session Management: View and revoke active sessions on other devices

Access these settings in the app under Settings → Privacy.

8. Cookies & Local Storage

8.1 Essential Cookies

We use strictly necessary cookies for authentication and security:

  • Authentication Token: Keeps you logged in securely
  • Session Identifier: Maintains your session state
  • Security Tokens: CSRF protection and fraud prevention

These cookies are essential for the Service to function and cannot be disabled.

8.2 Functional Storage

We use browser local storage to enhance your experience:

  • User Preferences: Theme choice (light/dark mode), UI preferences
  • Cookie Consent: Your cookie preferences

8.3 No Tracking Cookies

We do not use any third-party tracking cookies, advertising cookies, or analytics that track individual users across websites.

9. Children's Privacy

Sync is not intended for users under 13 years of age (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@syncsuperapp.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by relevant authorities
  • Data processing agreements with all third-party providers
  • Encryption in transit and at rest for all transfers

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification for significant changes
  • Displaying an in-app notification when you next use the Service

We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@syncsuperapp.com

General Support: support@syncsuperapp.com

Data Protection Officer: dpo@syncsuperapp.com

We aim to respond to all privacy-related inquiries within 30 days.

13. Region-Specific Rights

For European Users (GDPR)

If you are in the European Economic Area, you have additional rights including:

  • Right to withdraw consent at any time
  • Right to lodge a complaint with your local data protection authority
  • Right to object to processing based on legitimate interests

Our legal basis for processing your data includes: contract performance, legitimate interests (security, service improvement), and your consent where required.

For California Users (CCPA)

California residents have the right to:

  • Know what personal information we collect and how it's used
  • Request deletion of personal information
  • Opt-out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights