Privacy Policy

Last updated: 15 May 2026 · Effective: 15 May 2026

1. Who we are

"SynccBoard", "we", "us" and "our" refer to the operator of the SynccBoard iOS keyboard application and accompanying services (the "Service"). If you have questions about this policy, contact us at support@syncc.in or via the Contact page.

2. What we collect

2.1 Account data

When you sign up with phone OTP, Sign in with Apple, or Google/Facebook (if enabled), we receive a stable provider identifier and, where you consent, your email, display name and phone number. We also generate a device identifier for your installation.

2.2 User content (scoped per account)

SynccBoard stores the following user content, always scoped to your authenticated user id:

• Notes you save through the keyboard's "Save as note" action — stored on our database in the user_notes table.
• Clipboard history — kept locally on your device only (App Group storage). Never uploaded.
• Stickers, image-gen outputs, document summaries, response history — kept locally on your device only.
• Preferences like theme, preferred language, keyboard feature toggles, and user bio — stored locally; selected preferences sync to the server for cross-device continuity.

2.3 Bring-Your-Own-Key (BYOK) credentials

If you choose to use your own AI provider API key, we store it encrypted (AES-256-GCM) in our database tied to your user id. Decryption happens only at the moment we forward a request to your chosen provider. You can delete any stored key from the app at any time.

2.4 AI request logs

Each AI request you trigger (correction, rephrase, smart-assist, etc.) is logged with: provider, model, prompt, result, latency, success/failure, and your user id. These logs power usage analytics and your in-app "Token utilization" stats. Prompts and results are not shared with anyone outside the Service.

2.5 Subscription and payment data

When you purchase a Basic, Lite or Pro plan via Razorpay we record: the Razorpay order id, payment id, plan code, amount, currency, status, and failure reason (if any) in the razorpay_payments table. Card numbers, UPI handles and bank details are handled exclusively by Razorpay — we never see or store them.

2.6 Telemetry & activity events

To diagnose issues and improve reliability we log activity events like sign-in, app foreground/background, theme change, and aggregated counts (e.g. characters corrected). These events are tied to your user id but do not contain the text you typed.

2.7 What we never collect

• The text you type outside features you explicitly trigger.
• Passwords, OTP codes after verification, or your contacts/photos.
• Background screen activity, microphone audio, location.

3. Why we collect it

Purpose	Data used	Legal basis
Run the Service (auth, AI proxy, notes sync)	Account data, BYOK keys, AI logs	Performance of contract
Process subscription payments	Razorpay payment metadata	Performance of contract
Detect abuse, fraud, quota overruns	AI request logs, usage quotas	Legitimate interest
Improve product reliability	Activity events, error logs	Legitimate interest
Respond to your support requests	Whatever you send us	Performance of contract

4. Who we share it with

We use a small number of processors strictly to deliver the Service. None of them are sold or rented your data.

• Razorpay — payment processing for Indian and international plans. Their privacy policy applies to transaction data they handle directly.
• AI providers you choose (Groq, OpenAI, Anthropic, Google, xAI) — receive your prompt and any model parameters when you trigger an AI request. We never share data with a provider you have not chosen.
• Apple — App Store and Sign in with Apple, governed by Apple's own privacy policies.
• Cloud hosting and database — our servers run on commercial hosting infrastructure under standard data-processing terms.

We do not sell your personal data, and we do not run third-party advertising or behavioural-tracking SDKs.

5. How long we keep it

• Account data: until you delete your account.
• Notes & subscription records: for the lifetime of your account; longer if required for tax or accounting compliance (typically 7 years for payment records under Indian law).
• AI request logs: rolling 12 months for analytics, then aggregated.
• BYOK keys: until you remove them or your account is deleted.
• Activity events: rolling 90 days.

6. Your rights

Depending on where you live, you may have the right to access, correct, export or delete your personal data, restrict or object to certain processing, and withdraw consent at any time. To exercise any of these rights, email support@syncc.in. We respond within 30 days.

Indian users have these rights under the Digital Personal Data Protection Act, 2023 (DPDP Act). EU/UK users have them under the GDPR/UK GDPR. California users have them under the CCPA.

7. Children

SynccBoard is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

8. Security

We use HTTPS everywhere, AES-256-GCM at-rest encryption for BYOK keys, JWT-based authentication with short token lifetimes, and per-user data scoping so two accounts on the same device cannot read each other's content. We continuously monitor for vulnerabilities and apply security updates. No system is perfectly secure — please report any issue you discover to support@syncc.in.

9. International transfers

Our servers may be located outside your country. By using the Service you consent to your data being processed in those regions, subject to the safeguards described in this policy.

10. Changes to this policy

We may update this policy. Material changes will be announced in-app and on this page. The "Last updated" date at the top of this page reflects the current version.

11. Contact

Questions or requests? Email support@syncc.in or use the Contact form.