Privacy policy

Last updated: 4 May 2026 · v1.0

We tell you what we collect, where it's stored, who else sees it, and how to delete it. This page is the operational truth — written by the people who built Synchior, not a legal team. If anything here changes, the changelog at the bottom records when and why.

Who runs Synchior

Synchior is operated by Sanjok Bhatta as a sole operator. Contact: hello@synchior.com. The service is hosted in the European Union. EU and UK users are GDPR / UK-GDPR data subjects; we apply the same standards to users in other regions.

What we collect

You give us, when you sign up

Your email address (used to send sign-in links).
A display name (optional; defaults to the part of your email before the @ sign).
Your timezone (auto-detected from your device).

You give us, while using the app

The objectives and key results you set.
Action items and the kr_value updates you record against them.
Conversations with the coach and your reactions to its replies.
Optional in-app feedback (👍 / 😐 / 👎 + an optional sentence).

You opt in to share, only when you connect them

Google Calendar: we use two narrow, non-sensitive scopes — calendar.freebusy (returns only your busy intervals, never event titles or details) and calendar.app.created (lets Synchior manage events ONLY on a dedicated Synchior-owned secondary calendar). We cannot read the contents of any event in your other calendars; Google's permission model enforces this technically, not just contractually.
Push notifications: a Firebase Cloud Messaging token tied to your device, so the daily card can land on your home screen.

We collect automatically, in service of running the app

Crash reports (via Sentry, EU region). Includes device model, OS version, and a stack trace. We do not include the contents of your conversations or objectives in crash reports.
Server access logs (IP address, request path, response code, timestamp). Retained 30 days, then deleted automatically.
An audit log of security-relevant events (sign-in, sign-out, password change, export, deletion). Retained 12 months for compliance and abuse triage.

Where your data lives

Application data (objectives, KRs, conversations, etc.) is stored in a managed Postgres database hosted by Neon in the EU (eu-central-1).
AI generation uses Google Vertex AI in EU regions (europe-west1). Your prompt and the model's reply are processed by Google but not used to train Google's models — we use the data-residency Vertex tier for that reason.
Push notification tokens are held by Google Firebase (US-bound infrastructure for the FCM registration registry; the notification payloads we send are short and contain no sensitive content).
Email delivery for sign-in links uses Resend (EU region for our sender domain).
Crash reports use Sentry (DE region).
Backups are point-in-time snapshots within the same EU region as the primary database. We do not export backups outside the EU.

Who else sees it

We do not sell your data. We do not buy data about you from data brokers. We do not run advertising on Synchior, and we do not share data with advertising networks.

Subprocessors who handle your data on our behalf (each bound to written data processing agreements, GDPR-compliant):

Google Cloud (Vertex AI, Cloud Run, Cloud Storage, Secret Manager) — EU regions
Google Firebase (FCM push tokens) — US/global
Neon (managed Postgres) — EU region
Resend (email delivery) — EU region
Sentry (crash reporting) — DE region
Cloudflare (DNS + edge for synchior.com only — we do not proxy your application data through Cloudflare)

When a coach pack you've subscribed to is the source of a quote in the app, the coach receives anonymized usage signal: a count of how often their chunks were retrieved, used to compute revenue share. They do not see your identity, conversations, or objectives.

Lawful basis (GDPR Article 6)

Contract performance for everything required to run the app: storing your account, generating coach replies, delivering your daily card.
Consent for AI personalization (which uses your past conversations to improve future replies), marketing email (off by default), and any feature you opt into individually. You can withdraw each in Settings → Consents.
Legitimate interest for crash reports, server access logs, and the audit log — proportionate to running the service securely.

Your rights (GDPR Articles 15–22)

Every right is exposed as a one-tap setting in the app, plus you can email hello@synchior.com any time.

Access (Art. 15) + portability (Art. 20): Settings → Data export returns your full data as JSON. Generated on demand.
Rectification (Art. 16): edit any field directly in the app, or email us.
Erasure (Art. 17): Settings → Delete account triggers a soft-delete with a 7-day grace window, then a hard purge. Backups age out within 30 days.
Restriction (Art. 18): Settings → AI personalization off keeps your data but stops new processing for that purpose.
Objection (Art. 21) + automated-decision opt-out (Art. 22): Settings → Consents lets you opt out of any consent-based processing. The coach is AI-mediated by design, so opting out of AI personalization limits how much it knows about you turn-to-turn but does not block access to the coach itself.

We aim to respond to data-rights requests within 7 days. The legal limit is 30 days (extendable once).

How long we keep things

Account + objectives + conversations: as long as your account exists.
Coach memory summary (the distilled "what we remember about you"): until you wipe it via Settings → Coach memory, or until the account is deleted.
Daily cards: 2 years; older cards drop off the data export but the rest of your account is unaffected.
Audit log: 12 months.
Server access logs: 30 days.
Crash reports (Sentry): 90 days, then anonymized.
OAuth tokens (Google Calendar): until you disconnect, or the token is revoked.

Children

Synchior is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has used the service, email hello@synchior.com and we will delete the account.

Security

All traffic to the app and the API is HTTPS-only with managed certificates.
Passwords (when set) are hashed with scrypt. The magic-link sign-in flow uses single-use 256-bit tokens with 15-minute expiry.
Cloud-side storage is encrypted at rest by the provider's default mechanisms.
We do not store credit card or banking data. (Pricing has not shipped yet; once it does, payments are processed by Stripe and we never see card numbers.)

If you discover a security issue, email hello@synchior.com. We respond within 72 hours.

EU AI Act compliance

Synchior is an AI-mediated service. Per EU AI Act Article 50, every screen where you read AI-generated text carries an explicit AI badge. The coach will tell you when its source is a model versus a real reference. It will not impersonate a human, a clinician, a therapist, or a financial advisor.

The coach is not a high-risk AI system under Annex III: it does not make decisions about employment, education access, credit, law enforcement, or critical infrastructure. The output is advisory only.

Changes

When we change this policy, we update the "Last updated" date above and surface a banner inside the app for 14 days. Material changes (new subprocessors, new categories of data) trigger an email notification.

Changelog

v1.0 — 4 May 2026: Initial publication.