Privacy Policy

1. Introduction

Sync LLC ("Sync," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at syncgr.com, use our client portal, subscribe to our Launch platform, use our social media management tools, or engage any of our technology services.

By accessing our website or using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Personal Information

We may collect the following when you contact us, create an account, or purchase services:

• Name, email address, phone number, and mailing address
• Company name and job title
• Billing and payment information (processed securely via Stripe)
• Communication preferences

2.2 Technical Information

We automatically collect certain data when you visit our website:

• IP address, browser type and version, operating system
• Pages visited, time spent, referral URLs
• Device identifiers and screen resolution
• Cookies and similar tracking technologies (see Section 10)

2.3 Social Media Account Data

When you connect your social media accounts through our portal for scheduling and publishing, we collect and store:

• Meta Platforms (Instagram & Facebook): Your Instagram Business or Creator account profile information, Facebook Page information, access tokens, page names, profile pictures, account IDs, and publishing permissions granted through the Meta (Facebook) Login flow.
• TikTok: Your TikTok account profile information, account ID, display name, avatar, access tokens, and content posting permissions granted through the TikTok Login Kit authorization flow.

We only request the minimum permissions necessary to provide the social media management features you have opted into. We do not access your private messages, follower lists, or personal social media activity unrelated to scheduled content.

2.4 AI-Generated Content Data

When you use our AI content generation features, we may collect and process:

• Text prompts and instructions you provide for caption generation
• Image and video generation prompts and parameters
• Generated images, videos, and captions produced by AI models
• Brand voice preferences and content guidelines you configure

2.5 E-Commerce and Subscription Data

If you subscribe to our Launch website platform or purchase services, we collect:

• Subscription plan selection and billing cycle
• Payment card details (processed and stored exclusively by Stripe — we never store full card numbers)
• Transaction history and invoices
• Service configuration and website content you provide

2.6 Client Portal Data

If you access our client portal, we collect:

• Account credentials and authentication data
• Project files, media uploads, and business assets you submit
• Scheduled content calendars and publishing history
• Analytics and performance metrics for your connected accounts
• Support requests and correspondence within the portal

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, operate, and maintain our services (web development, social media management, AI content generation, e-commerce hosting)
• Schedule and publish content to your connected social media accounts on Instagram, Facebook, and TikTok
• Generate AI-powered images, videos, and captions using your prompts and brand guidelines
• Process payments and manage subscriptions through Stripe
• Communicate with you about projects, account updates, and support
• Display analytics and performance data in your portal dashboard
• Improve our services and develop new features
• Comply with legal obligations and enforce our terms
• Protect against fraud, abuse, and security threats
• Send marketing communications (only with your explicit consent)

4. Social Media Services — Meta Platforms (Instagram & Facebook)

Our social media management tools integrate with Meta Platforms through the official Meta (Facebook) Graph API and Instagram Graph API. When you authorize our application:

4.1 Data We Access

• Instagram Business/Creator account profile (name, username, profile picture, account ID)
• Facebook Pages you manage (page name, page ID, page access tokens)
• Publishing permissions to create posts, reels, stories, and carousels on your behalf
• Basic insights and engagement metrics for published content

4.2 How We Use Meta Data

• Display your connected accounts in the portal dashboard
• Schedule and publish content you create or approve to Instagram and Facebook
• Show performance metrics for your published posts
• Store access tokens securely to maintain your connection

4.3 What We Do Not Do

• We do not sell Instagram or Facebook data to third parties
• We do not use your Meta data for advertising or profiling
• We do not access private messages, follower lists, or personal timeline content
• We do not share your Meta data with other users or clients

4.4 Meta Data Retention and Deletion

Your Meta platform data (profile information, access tokens, published content metadata) is retained only while your account is active and connected. You may disconnect your Instagram or Facebook accounts at any time through your portal settings. Upon disconnection or account deletion, we delete all associated Meta data including access tokens within 30 days. You may also request immediate deletion by contacting us at info@syncgr.com.

We comply fully with the Meta Platform Terms and the Meta Developer Policies.

5. Social Media Services — TikTok

Our platform integrates with the TikTok API through the official TikTok for Developers program. When you authorize our application:

5.1 Data We Access

• TikTok account profile (display name, avatar, user ID, open ID)
• Content posting permissions to publish videos on your behalf
• Basic video performance metrics for published content

5.2 How We Use TikTok Data

• Display your connected TikTok account in the portal
• Schedule and publish video content you create or approve
• Show performance metrics for your published videos
• Store access and refresh tokens securely to maintain your connection

5.3 TikTok Data Retention and Deletion

TikTok data is retained only while your connection is active. You may disconnect your TikTok account at any time. Upon disconnection or deletion request, all TikTok-specific data including tokens is deleted within 30 days.

We comply with the TikTok API Terms of Service and TikTok Privacy Policy.

6. AI Content Generation Services

We use third-party AI services to generate content on your behalf. When you use these features:

• Caption Generation: Your text prompts and brand guidelines are sent to our third-party AI text generation provider for AI-powered caption creation. The provider processes this data according to their published privacy policy.
• Image Generation: Your image prompts are sent to our third-party AI image generation provider for processing. The provider processes data according to their published privacy policy.
• Video Generation: Your video prompts and reference images may be sent to our third-party AI video generation provider for processing. Generated videos are stored securely on our infrastructure.

All generated content (images, videos, captions) is stored on our secure cloud infrastructure and delivered through our CDN. Generated content is associated with your account and is not shared with other users. You retain usage rights to all AI-generated content created through your account, subject to the terms of our Terms of Service and the applicable AI provider terms.

7. Third-Party Service Providers

We work with the following categories of service providers who may process your data on our behalf:

• Cloud Infrastructure: Enterprise-grade cloud hosting, data storage, content delivery, and compute services
• Payment Processing: Stripe — subscription billing and payment processing (PCI DSS compliant)
• Social Media Platforms: Meta Platforms (Instagram, Facebook Graph API) and TikTok (TikTok API) for social media publishing
• AI Services: Third-party providers for AI-powered text, image, and video generation
• Email Services: Third-party email delivery provider for transactional and marketing emails
• Analytics: Google Analytics for website usage data

Each provider processes data according to their own privacy policies and is contractually required to protect your information. We do not sell your data to any third party.

8. Information Sharing and Disclosure

We do not sell your personal information. We may share data only in these circumstances:

• Service Providers: With the third-party providers listed in Section 7, solely to deliver our services
• Social Media Platforms: Content you schedule is published to the platforms you have connected and authorized
• Legal Requirements: When required by law, subpoena, court order, or to protect our rights, property, or safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to equivalent privacy protections
• With Your Consent: When you explicitly authorize us to share information with a specific party

9. Data Security

We implement comprehensive security measures to protect your information:

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Social media OAuth tokens are encrypted at rest in our database
• Payment information is handled exclusively by Stripe (PCI DSS Level 1 compliant) — we never store card numbers
• Multi-factor authentication is available for portal accounts
• Access controls limit employee access to data on a need-to-know basis
• Infrastructure is hosted on enterprise-grade cloud platforms with industry-standard security configurations
• We conduct regular security reviews of our systems and code

While we strive to protect your information using commercially reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for website and portal functionality, authentication, and security
• Analytics Cookies: Google Analytics to understand website usage and improve our services
• Preference Cookies: To remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may limit website and portal functionality.

11. Your Privacy Rights

11.1 General Rights

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information (see Section 12)
• Portability: Request your data in a portable, machine-readable format
• Objection: Object to certain processing activities
• Withdraw Consent: Withdraw consent for optional data processing at any time

11.2 California Residents (CCPA/CPRA)

If you are a California resident, you additionally have the right to:

• Know what personal information is collected and how it is used
• Request deletion of personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

11.3 Social Media Platform Users

If you have connected your Instagram, Facebook, or TikTok accounts, you may:

• Disconnect any connected social media account at any time through your portal settings
• Request deletion of all social media data we store (profile data, tokens, content metadata)
• Revoke our application access directly through the respective platform settings (Instagram, Facebook, or TikTok)

To exercise any of these rights, contact us at info@syncgr.com. We will respond within 30 days.

12. Data Deletion

You may request deletion of your data by:

• Emailing info@syncgr.com with the subject "Data Deletion Request"
• Disconnecting your social media accounts through portal settings (deletes platform-specific data)
• Requesting full account deletion through your portal settings or by contacting us

Upon a verified deletion request, we will:

• Delete your personal information from our active systems within 30 days
• Revoke and delete all stored OAuth access tokens for connected social media accounts
• Remove AI-generated content associated with your account from our storage
• Delete your media files from our CDN and storage systems
• Retain only data required for legal, tax, or regulatory compliance (e.g., transaction records)

We also support automated data deletion callbacks from Meta and TikTok platforms. If you revoke our app access through your Meta or TikTok settings, we will process the deletion request and remove your data accordingly.

13. Data Retention

We retain data for the following periods:

• Active accounts: For the duration of your account or service subscription
• Social media tokens: Until you disconnect the account or your authorization expires
• AI-generated content: Until you delete it or close your account
• Transaction records: Up to 7 years for tax and regulatory compliance
• Analytics data: Aggregated and anonymized data may be retained indefinitely
• Communication records: Up to 3 years after last interaction

When data is no longer needed, we securely delete or anonymize it.

14. International Data Transfers

Our services are hosted on AWS infrastructure primarily in the United States. Your information may be transferred to and processed in the United States or other countries where our service providers operate. By using our services, you consent to this transfer. We ensure appropriate safeguards are in place through contractual obligations with our service providers.

15. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from anyone under 16. If we become aware that we have collected information from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at info@syncgr.com.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Post the updated policy on our website
• Send email notifications to registered users for material changes

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your privacy rights, contact us: