Introduction
Welcome to SyncGuard ("we", "us", or "SyncGuard"). This Privacy Policy explains our data collection and usage practices for our services, including syncguard.dev and the SyncGuard platform.
This policy should be read alongside our Terms of Use. By using SyncGuard you agree to the practices described here. We may update this policy to reflect changes in the law or our services. Continued use after updates constitutes acceptance. For substantial changes we will notify you by email.
We do not knowingly collect information from people under 18. If we discover such information has been collected without verified parental consent, we will delete it promptly.
Who processes your data
SyncGuard processes your data. For questions about this policy, contact us at [email protected].
What data we collect
Account data
When you register, we collect your name, email address, and a hashed version of your password. If you sign in via Google or GitHub OAuth, we receive your name and email from that provider — we never see your OAuth password or any other data from those accounts.
Workspace and event data
We store the events you send to SyncGuard: integration keys, event types, error codes, tenant IDs, and any raw payload you include. This data is used to classify failures and group incidents. It is scoped strictly to your workspace and is never shared with other customers or used for any purpose outside of operating the service for you.
Billing data
Payments are processed by Paddle, which acts as the merchant of record. We store your Paddle customer ID and subscription ID. We do not store credit card numbers or full payment details — those remain with Paddle.
Technical information
We automatically collect basic usage logs including API request counts, error rates, and feature usage. We may also collect IP addresses, browser type, and timestamps. This data is used to operate and improve the service, diagnose issues, and prevent abuse. It is not used to identify individuals and is retained for 30 days.
Purposes and legal basis for processing
Providing the service
We process your data to create and maintain your account, deliver incident detection and alerting, notify you of changes to the platform, respond to support requests, and troubleshoot issues.
Billing and subscriptions
We process billing data to manage your subscription, process payments via Paddle, and enforce plan limits such as connection counts and history retention.
Communications
We send transactional emails such as password reset links and workspace invitations. By registering, you consent to receive these emails. We do not send marketing emails without your explicit consent.
Service improvement
We use aggregated technical information to understand how the platform is used, prioritise features, and fix bugs. This processing does not involve identifying individual users.
How we share your data
We share your data only with employees and contractors who need access to provide the service, under confidentiality obligations. We do not sell your data.
External sharing occurs only in the following circumstances:
- Sub-processors. We use third-party providers (listed below) who process data on our behalf under contractual data protection obligations.
- Legal compliance. We may disclose data when required by law, court order, or to protect the rights and safety of SyncGuard, its users, or the public. We will notify you when possible.
- Business transfers. If SyncGuard is acquired or merges with another company, your data may transfer as part of that transaction. We will notify you via email with available choices.
Sub-processors we use
- Paddle — payment processing and subscription management
- SMTP provider — transactional email delivery
- Google / GitHub — optional OAuth sign-in (name and email only)
Alert channels (Slack, PagerDuty, OpsGenie, Teams) are configured by you. When an alert fires, incident data is sent to the webhook URL or API key you provide. We are not responsible for how those services handle data once it is delivered.
Data transfers
Your data may be processed outside your country of residence. Where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
Data retention
We retain your account data for as long as your account is active. If you request deletion, we will remove your personal data within 30 days, except where retention is required by law.
Event data is retained according to your plan's history window — 30 days on Trial, 90 days on Starter, 180 days on Growth, and 365 days on Scale and Enterprise. Events older than your plan limit are automatically purged.
SyncGuard as data processor
When you use SyncGuard to monitor your customers' integrations, you act as the data controller for any personal data contained in the events you send (such as tenant IDs or payload content). SyncGuard acts as a data processor on your behalf. You are responsible for ensuring you have the appropriate legal basis to send that data to us.
California Consumer Privacy Act (CCPA)
California residents have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at [email protected].
Your rights
Right of access
You can request confirmation of whether we hold personal data about you and, if so, a copy of that data along with details of how it is used.
Right to erasure
You may request deletion of your personal data. We will comply unless we have a legitimate legal obligation to retain it.
Right to restriction
You can request that we restrict processing of your personal data in certain circumstances. Note that this may limit your ability to use the service.
How to exercise your rights
Submit requests free of charge to [email protected]. We will respond within 30 days. We may ask you to verify your identity before acting on a request.
Data security
We implement reasonable technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. Passwords are hashed with bcrypt. API keys are stored as SHA-256 hashes — we never store the raw key. All data is transmitted over HTTPS. Access to production infrastructure is restricted to authorised personnel.
No system is perfectly secure. If you become aware of a security issue, please contact us at [email protected]. If a breach occurs that is likely to affect your privacy, we will notify you as soon as reasonably possible.
Cookies
SyncGuard uses browser localStorage — not cookies — to store your authentication token and UI preferences. We do not use tracking cookies or third-party advertising cookies.
Contact
For any questions about this policy, email [email protected].