Privacy Policy

When you join the waitlist, we collect:

• Waitlist email. The email address you submit, plus which page you signed up from. We use it only to let you know when the team and cloud features you asked about are ready.

If you create an account for our hosted team and cloud service (rolling out to waitlist members), we additionally collect:

• Account data. Email, display name, and profile picture supplied by your OAuth provider when you sign in.
• Team data. Companies you create, their members and roles, and invitations you send to teammates.
• Billing data. Your plan and subscription status. Payment details are handled by Stripe — we never see or store your card number.
• Authentication metadata. Session cookies issued at sign-in.

And to operate and secure the site itself:

• Operational logs. Request method, route, timing, status code, IP address, and user agent — used to operate, secure, and debug the Service.
• Aggregated analytics. Anonymous page visit counts, gathered through a privacy-friendly, self-hosted analytics endpoint. No cross-site tracking, no third-party advertising cookies.

• To email you when the team and cloud features you joined the waitlist for are ready. We send nothing else to that list, and you can ask to be removed at any time.
• To provide the Service and authenticate your requests.
• To manage your team, memberships, and subscription billing.
• To detect abuse, debug incidents, and enforce rate limits.
• To improve the product through aggregated, anonymised analytics.

We do not sell your data, we do not run third-party advertising networks, and we do not use your workspace content to train AI models.

We rely on a small set of infrastructure providers to run Sync:

• Fly.io — application hosting in EU regions.
• Managed Postgres — primary database for account, team, and billing data.
• Resend — delivery of the waitlist confirmation and other transactional emails.
• Stripe — subscription billing and payment processing for the hosted service.
• OAuth providers (e.g. GitHub, Google) — for sign-in to the hosted service only; no other data is exchanged with them.

Each sub-processor is bound by its own privacy and security terms.

Account, team, and billing data is stored in EU regions on managed infrastructure. Your waitlist email is kept until you ask us to remove it. Operational logs are retained for up to 30 days for debugging and security purposes. Account data is retained while your account is active and removed within 30 days of account deletion, except where we are legally required to keep it longer.

The Sync software is open source and runs locally. Your knowledge — specs, decisions, constraints, and the rest — lives as plain YAML under .sync/ in your own git repository. It is never uploaded to or stored by this website. This site only manages your account, team membership, and billing.

You can:

• Ask us to remove your email from the waitlist at any time by emailing privacy@sync.buzz.
• Access and edit your account data from Account settings.
• Manage or cancel your subscription from the billing portal.
• Request deletion of your account and associated personal data by emailing privacy@sync.buzz.

We use a small number of strictly necessary cookies for authentication and CSRF protection. We do not use third-party tracking cookies.

We use TLS for all network traffic and apply role-based access controls per company. We will notify affected users of security incidents that materially impact their data within a reasonable timeframe.

Sync is built for professional and engineering teams. It is not intended for use by children under 16, and we do not knowingly collect personal data from them.

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be announced before they take effect when reasonably possible.

Privacy questions? Reach out to privacy@sync.buzz.