Privacy Policy

We collect information you provide when you sign up, use the dashboard, upload evidence, and manage compliance data.

We use your data to provide the service, improve the product, and communicate with you. We do not sell your personal information. We retain your data for as long as your account is active and as needed for legal or operational purposes.

You may request access to or deletion of your data by contacting us at the address below. Evidence and compliance data are accessed only by authenticated users in your workspace.

Subprocessors

We use the following categories of service providers to operate the product. Their privacy policies govern how they process data on our behalf:

• Authentication — Clerk (user accounts and sessions).
• Payments — Stripe (billing and subscriptions), when you purchase a paid plan.
• Infrastructure — Your deployment host, managed PostgreSQL, and (when configured) S3-compatible object storage for evidence files and generated reports.
• Error monitoring — Sentry (optional), when `SENTRY_DSN` / `NEXT_PUBLIC_SENTRY_DSN` are configured, for aggregated crash diagnostics — not for uploading raw evidence content by default.
• AI / ML — Organization owners control whether third-party cloud LLMs may run (`allowCloudLLM`). When disabled, the product prefers self-hosted inference (`OLLAMA_BASE_URL`) or deterministic/heuristic fallbacks. When enabled and API keys are present, classification text may be sent to OpenAI or Anthropic under their terms.

Contact

Privacy and data requests: hello@syncbridge.co.uk