Privacy Policy

1. Data Controller

Synkr is the data controller for the personal data processed via the platform. For questions about this privacy policy, you can reach us at the email address at the bottom of this page.

2. What data do we collect?

We only collect data that is necessary to provide the service:

• Account data: email address, name, and (hashed) password upon registration
• Connection credentials: API keys and OAuth tokens for your connected systems, encrypted with AES-256-GCM
• Time entry data: hours, projects, clients, and descriptions that you sync through Synkr
• Usage data: which connections you have, when you sync, and error messages
• Payment data: for paid subscriptions, Mollie processes your payment. Synkr does not store bank details or credit card numbers

3. What do we use your data for?

• Providing the service: fetching, syncing, and forwarding your time entries to destination systems
• Maintaining your connections and refreshing OAuth tokens
• Communication: email verification, password reset, and service notifications
• Security: protecting against unauthorized access and abuse
• Legal obligations: compliance with tax and retention requirements

4. Legal basis

We process your data based on: (a) performance of a contract — you created an account to use our service; (b) legitimate interest — for security, fraud prevention, and improving the service; (c) legal obligation — when we are legally required to retain data.

5. Storage and security

All your data is stored within the EU (Frankfurt, Germany). The database runs on Neon PostgreSQL (Frankfurt, aws-eu-central-1), the application on Vercel (Frankfurt, fra1). Connection credentials are encrypted with AES-256-GCM. Passwords are hashed with bcrypt. All connections use HTTPS/TLS.

6. Retention periods

We retain your data as long as your account is active. When you delete your account, all your data — including time entries, connections, tokens, and credentials — is permanently deleted. No backups of deleted accounts are kept.

7. Third parties

We only share your data with parties that are strictly necessary to provide the service:

• Vercel — application hosting (Frankfurt, EU)
• Neon — database hosting (Frankfurt, EU)
• Resend — transactional email delivery (verification, password reset)
• Mollie — payment processing (only for paid subscriptions)

We never sell your data to third parties. We do not share data for advertising or marketing purposes.

8. Cookies

Synkr only uses functional cookies that are necessary for the service to function, such as session cookies for logged-in users. We do not use tracking cookies, third-party analytics, or advertising cookies.

9. Your rights

Under the GDPR, you have the following rights:

• Right of access — request what data we have about you
• Right to rectification — have incorrect data corrected
• Right to erasure — have your account and all data deleted
• Right to restriction of processing
• Right to data portability — receive your data in a common format
• Right to object — object to processing based on legitimate interest

You can submit a request via the contact address at the bottom of this page. You also have the right to file a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).

10. Changes

We may update this privacy policy from time to time. For material changes, we will notify you by email or via a notification in the application. The date at the top indicates when the policy was last updated.

11. Contact

Have questions about this privacy policy or want to exercise one of your rights? Contact us at privacy@synkr.nl.