Privacy Policy

Syncgrip (“we”, “us”, “our”) is operated by SoftPi OÜ, a business registered in Estonia. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website at syncgrip.com and our synchronization service (collectively, the “Service”).

This policy is written in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. If you have questions, contact us at info@syncgrip.com.

The data controller responsible for your personal data is SoftPi OÜ, Estonia. You can reach us at info@syncgrip.com.

Account data. When you register, we collect your name, email address, and authentication credentials. If you sign up via OAuth (Google), we receive the profile information you authorize.

Billing data. Payment and billing information is handled directly by our payment processors, Polar and Stripe. We receive limited billing metadata (plan, status, subscription ID) but never your full payment card details.

Sync configuration metadata. To operate your syncs, we store the configuration you create: the third-party services you connect (e.g., Airtable, Asana, Mailchimp), the field mappings you define, and structural metadata such as table, column and project identifiers (IDs). We also store the minimal record identifiers (IDs) required to track sync state.

We do not store your record content. The actual data inside your records (e.g., the text in an Airtable cell or the description of an Asana task) passes through our infrastructure only transiently during a sync operation. It is never persisted to our database.

Usage and analytics data. We collect anonymized event data about how you interact with the Service (e.g., pages visited, features used) via PostHog. This data is used solely to improve the product and does not include your record content.

Communications. If you contact us by email or book a demo, we retain that correspondence to provide support.

We process your personal data under the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR): processing necessary to deliver the Service you subscribed to, including account management and running your syncs.
• Legitimate interests (Art. 6(1)(f) GDPR): product analytics, security, fraud prevention, and service improvement.
• Legal obligation (Art. 6(1)(c) GDPR): retaining billing records as required by applicable tax law.
• Consent (Art. 6(1)(a) GDPR): marketing communications, where applicable. You may withdraw consent at any time.

• To create and manage your account
• To operate, maintain, and improve the Service
• To process payments and manage subscriptions via Polar or Stripe
• To send transactional emails (sync errors, billing notices)
• To respond to your support requests
• To detect and prevent fraud, abuse, or security incidents
• To analyze usage patterns and improve product functionality

We do not sell, rent, or trade your personal data to third parties for their own commercial purposes.

We share minimal data with the following sub-processors, each bound by data processing agreements:

We also integrate with third-party APIs (Airtable, Asana, Mailchimp) on your behalf. Your credentials for these services are stored encrypted and are used solely to perform the syncs you configure.

Sync data. When you disable a sync, its associated sync state data is purged after 30 days. If you re-enable the sync within that period, the data is restored.

Account data. Your account data (profile, configurations) is retained for as long as your account is active. Upon account termination, your data is deleted. We may retain certain records (e.g., billing history) for the period required by applicable tax law.

Analytics data. Anonymized event data is retained for up to 12 months for product analysis purposes.

If you are located in the EU/EEA, you have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: correct inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
• Right to restriction of processing: ask us to limit how we use your data in certain circumstances.
• Right to data portability: receive your data in a structured, machine-readable format.
• Right to object: object to processing based on legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, email info@syncgrip.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority (in Estonia: IMY — Integritetsskyddsmyndigheten).

Some of our sub-processors are located outside the EEA (e.g., in the United States). Where data is transferred internationally, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an equivalent level of data protection.

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These include encryption at rest and in transit, access controls, and regular security reviews. However, no transmission over the internet is completely secure, and we cannot guarantee absolute security.

We use essential cookies to maintain your session. We also use analytics cookies (via PostHog) to understand how the Service is used. You can control non-essential cookies through your browser settings.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. We recommend reviewing this page periodically.

For any questions, requests, or concerns about this Privacy Policy or your personal data, please contact us at: