Create Next App

1. Who we are

Salync Ltd("Salync", "we", "us", or "our") operates the Salync platform available at salync.com. We are the data controller for personal data collected through our service. Our registered address is United Kingdom.

If you have any questions about this policy or how we handle your data, contact us at privacy@salync.com.

2. What data we collect

We collect the following categories of personal data:

Account data: your name, email address, and password (hashed) when you register.
Workspace data: business name, address, VAT number, and other information you enter when configuring your workspace.
Usage data: pages visited, features used, timestamps, and IP addresses for security and analytics.
Communication data: messages you send to our support team, bug reports, and feature requests.
Billing data: payment method details are processed and stored by Stripe. We only store your Stripe customer ID.
Inventory data: products, suppliers, stock levels, purchase orders, and other business data you import or create.

3. How we use your data

We use your personal data to:

Provide, maintain, and improve the Salync service.
Process payments and manage your subscription.
Send you transactional emails (low stock alerts, order updates, team invitations).
Respond to support requests and feedback.
Detect and prevent fraud, abuse, and security incidents.
Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Legal basis for processing (UK GDPR)

We process your personal data under the following legal bases:

Contract performance: processing necessary to provide the service you signed up for.
Legitimate interests: security monitoring, fraud prevention, and service improvement.
Legal obligation: compliance with tax, accounting, and regulatory requirements.
Consent: for optional communications such as the weekly digest email (you can withdraw consent at any time).

5. Cookies

We use essential cookies to maintain your login session and protect against cross-site request forgery. These cookies are necessary for the service to function and cannot be disabled.

We use analytics cookies (only with your consent) to understand how visitors use our marketing pages. You can withdraw consent at any time using the cookie preferences banner.

6. Data sharing and sub-processors

We share your data with the following third-party sub-processors:

Provider	Purpose	Location
Supabase	Database & authentication	EU (AWS Frankfurt)
Stripe	Payment processing	USA (EU transfers covered by SCC)
Resend	Transactional email delivery	USA (EU transfers covered by SCC)
Sentry	Error monitoring	USA (EU transfers covered by SCC)
Inngest	Background job processing	USA (EU transfers covered by SCC)
Vercel	Hosting & CDN	Global (EU region available)

7. Data retention

We retain your data for the following periods:

Account data: for as long as your account is active, plus 30 days after deletion to allow recovery.
Workspace data: deleted immediately upon workspace deletion (soft-deleted, then purged within 30 days).
Audit logs: 12 months from creation, then automatically purged.
Billing records: 7 years, as required by UK tax law.
Support communications: 2 years.

8. Your rights

Under UK GDPR you have the following rights:

Right to access: request a copy of your personal data.
Right to rectification: correct inaccurate data via your profile settings.
Right to erasure: request deletion of your personal data.
Right to data portability: export your data in a machine-readable format.
Right to restrict processing: ask us to limit how we use your data.
Right to object: object to processing based on legitimate interests.

To exercise any of these rights, visit Settings → Privacy & Data or email us at privacy@salync.com. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We take appropriate technical and organisational measures to protect your personal data, including encryption at rest and in transit, role-based access controls, multi-factor authentication support, and regular security reviews. Access to production systems is restricted and logged.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO within 72 hours.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the change takes effect. Continued use of Salync after the effective date constitutes acceptance of the updated policy.

Questions? Contact privacy@salync.com.

Privacy Policy