SyncO Privacy Policy
This Privacy Policy explains what data SyncO collects, why we collect it, how we use it, and your choices. It applies to the SyncO mobile app and legal pages hosted at legal.sync0.dev.
1. Who We Are
SyncO is provided by Downlabs ("we", "us", "our"). Support contact: support@sync0.dev.
2. Data We Collect
2.1 Account and profile data
- Name, email address, and login details (email/password or Google sign-in).
- Profile details such as avatar and emoji.
2.2 User content and activity
- Chat prompts and assistant responses.
- Voice inputs and transcriptions when you use Voice Mode.
- Image generation prompts and generated image links/content.
- Deep research queries, research summaries, and linked sources.
- Connected-app automation requests and tool execution payloads.
2.3 Subscription and purchase data
- Google Play subscription product ID, purchase token, renewal status, and period timestamps.
2.4 Device and app data
- App usage counters (daily limits), app state history, and local preferences.
- Advertising identifiers and ad interaction signals via mobile ads SDKs (where enabled).
2.5 Data from connected services
- If you connect third-party apps through Composio, we process tool metadata, connection state, and request/response payloads necessary to perform your commands.
3. Why We Use Data
- To create and secure your account and profile.
- To provide core AI features (chat, voice, image generation, deep research, automation).
- To sync app state and usage limits across sessions/devices.
- To process and validate subscriptions and entitlements.
- To deliver in-app ads for free-tier monetization.
- To send local reminders when you grant notification permission.
- To prevent abuse, detect fraud, and protect service integrity.
4. Third-Party Processors We Use and Why
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Authentication, database, and storage backend | Account/profile data, app state, usage records, avatar files, subscription status |
| Google Play Billing | Subscription purchase and entitlement management | Product IDs, purchase token, renewal and transaction status |
| Google Mobile Ads | Ad serving and monetization for free tier | Ad identifiers, device/network signals, ad interactions |
| Groq or OpenAI-compatible endpoint (BYOK optional) | LLM responses, voice transcription, text-to-speech | Prompts, conversation context, voice input/output text |
| MiniMax | Image generation | Image prompts and generation parameters |
| Exa | Web search and deep research retrieval | Research queries and source retrieval requests |
| Composio | Connected app actions and MCP tool routing | Action requests, toolkit connection state, tool inputs/outputs |
5. Permissions We Request and Why
- Microphone (RECORD_AUDIO): for voice prompts and transcription.
- Photos/Media access: to select profile images and save generated images.
- Notifications (POST_NOTIFICATIONS): for local reminder notifications.
- Foreground service/audio: to keep voice/audio tasks running reliably.
- Advertising ID (where applicable): ad delivery and fraud prevention in ads.
6. BYOK (Bring Your Own Key)
If you enable BYOK, your custom provider keys and model settings are stored locally on your device and used to route requests to your selected providers. You are responsible for your own provider account terms, billing, and data handling for those requests.
7. Data Sharing
We do not sell personal data. We share data only with service providers listed above to operate app features, billing, ads, and security.
8. Data Retention
- Account and profile data: retained while your account is active.
- App history/state: retained to provide continuity unless deleted.
- Subscription records: retained for accounting, fraud prevention, and entitlement audits.
9. Your Choices and Rights
- Update profile details in-app.
- Disconnect connected apps in Settings.
- Manage or cancel subscriptions in Google Play.
- Disable notifications in device settings.
- Request access, correction, or deletion by emailing support.
10. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect data in transit and at rest. No method of transmission or storage is 100% secure.
11. Children
SyncO is not directed to children under 13 (or the minimum age in your country). Do not use the service if you are below the applicable age.
12. International Processing
Your data may be processed in countries where our providers operate. By using SyncO, you acknowledge that cross-border transfers may occur.
13. Policy Updates
We may update this Privacy Policy from time to time. The "Last updated" date reflects the latest version.
14. Contact
For privacy requests or questions, contact: support@sync0.dev