SyncO Privacy Policy
This Privacy Policy explains what data SyncO collects, why we collect it, how we use it, and your choices. It applies to the SyncO mobile app and legal pages hosted at legal.sync0.dev.
1. Who We Are
SyncO is provided by Downlabs ("we", "us", "our"). Support contact: support@sync0.dev.
2. Data We Collect
2.1 Account and profile data
- Name, email address, and login details (email/password or Google sign-in).
- Profile details such as avatar and emoji.
2.2 User content and activity
- Chat prompts and assistant responses.
- Voice inputs and transcriptions when you use Voice Mode.
- Image generation prompts and generated image links/content.
- Deep research queries, research summaries, and linked sources.
- Connected-app automation requests and tool execution payloads.
2.3 Subscription and purchase data
- App Store or Google Play subscription product identifiers, transaction/purchase identifiers, renewal status, and period timestamps.
2.4 Device and app data
- App usage counters (daily limits), app state history, and local preferences.
- Advertising identifiers and ad interaction signals via mobile ads SDKs (where enabled).
2.5 Data from connected services
- If you connect third-party apps through Composio, we process tool metadata, connection state, and request/response payloads necessary to perform your commands.
3. Why We Use Data
- To create and secure your account and profile.
- To provide core AI features (chat, voice, image generation, deep research, automation).
- To sync app state and usage limits across sessions/devices.
- To process and validate subscriptions and entitlements.
- To deliver in-app ads for free-tier monetization.
- To send local reminders when you grant notification permission.
- To prevent abuse, detect fraud, and protect service integrity.
4. Third-Party Processors We Use and Why
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Authentication, database, and storage backend | Account/profile data, app state, usage records, avatar files, subscription status |
| Google Play Billing | Subscription purchase and entitlement management | Product IDs, purchase token, renewal and transaction status |
| Google Mobile Ads | Ad serving and monetization for free tier | Ad identifiers, device/network signals, ad interactions |
| Groq or OpenAI-compatible endpoint (BYOK optional) | LLM responses, voice transcription, text-to-speech | Prompts, conversation context, voice input/output text |
| MiniMax | Image generation | Image prompts and generation parameters |
| Exa | Web search and deep research retrieval | Research queries and source retrieval requests |
| Composio | Connected app actions and MCP tool routing | Action requests, toolkit connection state, tool inputs/outputs |
5. Permissions We Request and Why
- Microphone (RECORD_AUDIO): for voice prompts and transcription.
- Photos/Media access: to select profile images and save generated images.
- Notifications (POST_NOTIFICATIONS): for local reminder notifications.
- Foreground service/audio: to keep voice/audio tasks running reliably.
- Advertising ID (where applicable): ad delivery and fraud prevention in ads.
6. BYOK (Bring Your Own Key)
If you enable BYOK, your custom provider keys and model settings are stored locally on your device and used to route requests to your selected providers. You are responsible for your own provider account terms, billing, and data handling for those requests.
7. Third-Party AI Integration and Consent
Important: SyncO uses third-party AI services to provide core functionality. Before using any AI feature, you must explicitly consent to the data processing described below.
7.1 Explicit Consent Requirement
When you first attempt to use an AI-powered feature (chat, voice, image generation, or research), SyncO will display a consent screen explaining what data will be processed and by which providers. You must tap "I Understand and Agree" to proceed. You may revoke this consent at any time in Settings, which will disable AI features until consent is granted again.
7.2 Data Sent to Third-Party AI Providers
When you use AI features, the following data is transmitted to our third-party AI service providers:
- Chat and Text: Your text prompts, messages, and conversation history necessary to generate relevant responses.
- Voice: Audio recordings of your voice input for speech-to-text transcription, and text content for text-to-speech synthesis.
- Image Generation: Your image prompts and style parameters to generate AI images.
- Deep Research: Your research queries and related search terms to retrieve and synthesize information from the web.
- Tool Integrations: When using connected app features, the action context and parameters needed to execute your requested operations.
7.3 Third-Party AI Service Providers
| Provider | Services Used | Data Types Processed | Data Protection |
|---|---|---|---|
| Groq | Chat completions, speech-to-text (Whisper), text-to-speech | Text prompts, conversation context, voice recordings | SOC 2 compliant; data not used for model training |
| MiniMax | AI image generation | Image prompts, style parameters | Enterprise-grade security; content not retained beyond generation |
| Exa | Web search and deep research | Research queries, search terms | Query data not stored; results sourced from public web |
| Composio | Third-party app integrations and tool routing | Tool requests, action payloads, connection metadata | OAuth-based authentication; minimal data retention |
7.4 Data Protection Assurances
- All data transmitted to third-party AI providers is encrypted in transit using TLS 1.2 or higher.
- Our AI providers are contractually obligated to maintain industry-standard security practices.
- Your data is processed solely to provide the requested AI functionality and is not used to train provider AI models without separate explicit consent (which SyncO does not request).
- You may request deletion of any data by contacting us at support@sync0.dev.
8. Data Sharing
We do not sell personal data. We share data only with service providers listed above to operate app features, billing, ads, and security.
9. Data Retention
- Account and profile data: retained while your account is active.
- App history/state: retained to provide continuity unless deleted.
- Subscription records: retained for accounting, fraud prevention, and entitlement audits.
10. Your Choices and Rights
- Update profile details in-app.
- Disconnect connected apps in Settings.
- Manage or cancel subscriptions in Apple App Store or Google Play account settings.
- Disable notifications in device settings.
- Revoke AI data consent in Settings to disable AI features.
- Request access, correction, or deletion by emailing support.
11. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect data in transit and at rest. No method of transmission or storage is 100% secure.
12. Children
SyncO is not directed to children under 13 (or the minimum age in your country). Do not use the service if you are below the applicable age.
13. International Processing
Your data may be processed in countries where our providers operate. By using SyncO, you acknowledge that cross-border transfers may occur.
14. Policy Updates
We may update this Privacy Policy from time to time. The "Last updated" date reflects the latest version.
15. Contact
For privacy requests or questions, contact: support@sync0.dev