SyncoreDownload for Mac

Privacy Policy

Effective date: 30 Apr 2026 · Last updated: 30 Apr 2026

Syncore (“Syncore,” “we,” “us,” or “our”) provides software, websites, packs, integrations, and AI-enabled products and services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information when you visit our websites, sign up for an account, use our Services, contact us, or otherwise interact with us.

Company
Syncore Labs
Contact
contact@syncorelabs.ai

1. Scope

  • This Privacy Policy applies to personal information processed through our websites, product onboarding flows, support channels, waiting lists, billing flows, and related business operations.
  • It does not apply to third-party services, websites, or platforms that we do not control, even if our Services link to or integrate with them.
  • Where we process customer data strictly on behalf of a business customer, our role may be that of a processor or service provider, and the relevant customer agreement will govern.

2. Information We Collect

  • Account and contact information, such as name, email address, company name, role, username, password or authentication identifiers, and communications preferences.
  • Billing and transaction information, such as billing contact details, subscription plan, payment status, invoices, and limited payment metadata provided by our payment processor. We do not store full payment card details unless expressly stated otherwise.
  • Product and usage data, such as workflow selections, product interactions, feature usage, install events, error logs, device/browser data, timestamps, and approximate location derived from IP address.
  • Support and communications data, such as messages sent to support, feedback, survey responses, beta applications, and interview notes.
  • Integration and credential-related metadata, such as which third-party providers you connect, connection status, scopes granted, and configuration metadata. Where credentials are stored locally or by third parties, we may not receive the underlying secret itself.
  • Content you submit or generate through the Services, such as prompts, outputs, summaries, workflow inputs, uploaded files, or configuration text, to the extent needed to operate the Service and subject to your settings and agreements.

3. Skill Telemetry and Local Audit Log

  • When the Syncore daemon executes a skill tool call on your device, we record a telemetry event containing: an opaque call identifier, your account identifier, the skill identifier, the tool name, request status (success or error category), latency measurements, the byte size of request and response payloads, and a redacted form of arguments in which values matching common credential, key, token, or secret patterns are replaced before transmission. Full argument values, full tool outputs, and the underlying user content these tools operate on are not recorded in telemetry.
  • We separately record session-lifecycle events when an MCP session begins and ends, capturing the session identifier, your account identifier, MCP client name and version, daemon version, platform, architecture, and reason for ending.
  • Telemetry events are forwarded to a usage-analytics warehouse (currently Tinybird) over an authenticated channel. Your account identifier is pinned to the channel-bound JWT, so events cannot be recorded under another account.
  • A copy of these telemetry events is also retained on your device at `~/.syncore/audit.db` (a local SQLite file). You may delete this file at any time without affecting service operation; doing so does not retroactively delete events already received by the warehouse.

4. Sources of Information

  • Directly from you, when you create an account, request access, subscribe, install or configure the product, connect tools, contact us, or otherwise use the Services.
  • Automatically from your device or browser, through logs, cookies, pixels, SDKs, and analytics technologies.
  • From service providers, payment processors, identity providers, and third-party integrations you choose to connect.
  • From public sources, business directories, or referral partners where permitted by law.

5. How We Use Information

  • To provide, maintain, secure, and improve the Services, including authenticating users, enabling workflows, monitoring performance, troubleshooting, and developing new features.
  • To process subscriptions, usage entitlements, billing, renewals, fraud prevention, and account administration.
  • To communicate with you about the Services, support requests, product updates, security alerts, operational notices, and, where permitted, marketing communications.
  • To analyze product usage and user feedback so we can understand which packs, use cases, and features are valuable and where the product fails or needs improvement.
  • To enforce our Terms, protect the rights and safety of users and others, comply with law, and respond to lawful requests.

6. Legal Bases (where applicable)

  • We may rely on performance of a contract, legitimate interests, consent, legal obligations, and other lawful bases depending on the context and the laws that apply.
  • Where consent is required, you may withdraw it at any time, subject to legal and operational limits.

7. How We Share Information

  • With service providers who help us host, authenticate, analyze, support, secure, communicate, and bill for the Services, under contractual safeguards.
  • With third-party integrations and providers at your direction or as necessary to deliver the product features you choose to use.
  • With professional advisers, auditors, insurers, and acquirers in connection with corporate transactions or legal matters.
  • With regulators, courts, law enforcement, or other parties where required by law or necessary to protect rights, safety, and security.
  • We do not sell personal information in the ordinary sense of transferring it for money. If a law uses a broader definition of “sale” or “sharing,” review this section and local legal requirements before publication.

8. Cookies and Similar Technologies

  • We may use cookies, local storage, pixels, and similar technologies for authentication, session continuity, security, analytics, and basic product functionality.
  • You can usually control cookies through your browser settings. Disabling some cookies may affect how the Services work.
  • If you use analytics or advertising technologies that require specific notices or consent banners, update this section accordingly before launch.

9. Data Retention

  • We retain personal information for as long as needed to provide the Services, comply with legal and financial obligations, resolve disputes, enforce agreements, and support legitimate business needs.
  • Retention periods vary by data category. Account, billing, security, and audit records may be kept longer where reasonably necessary.

10. Security

  • We use administrative, technical, and organizational measures designed to protect personal information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
  • You are responsible for maintaining the confidentiality of your credentials and notifying us promptly if you believe your account or connected tools have been compromised.

11. Credential Storage Architecture

  • Credentials needed by skills (OAuth tokens for connected services such as Gmail, Slack, or GitHub, and any optional Bring-Your-Own-Key entries you provide) are stored only on your device, encrypted at rest under `~/.syncore/secrets/`, decrypted in memory only when a skill needs them, and never transmitted to or stored by Syncore servers.
  • Upstream API keys for Syncore-managed gateway integrations (for example, paid AI providers routed through our gateway) are held by Syncore in our managed infrastructure and are never exposed to your device or to any skill installed on your device.
  • Account session tokens (your Syncore login JWT) are short-lived, issued by our identity provider, stored encrypted alongside other credentials on your device, and used to authenticate your daemon to the Syncore gateway and event-ingestion endpoints.
  • Local credential storage is only as secure as the device it lives on. See the corresponding section in our Terms (“Local Device Security and Credential Storage”) for the allocation of responsibility on this point.

12. International Transfers

  • We and our vendors may process personal information in multiple countries. Where required, we use lawful transfer mechanisms and safeguards for cross-border transfers.

13. Your Rights and Choices

  • Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to certain processing of your personal information, and to withdraw consent where processing is based on consent.
  • You may also opt out of marketing emails by using the unsubscribe link or contacting us. We may still send operational or transactional communications.
  • We may need to verify your identity before acting on a request and may decline or limit requests where permitted by law.

14. Children

  • Our Services are not directed to children under 13, and in some jurisdictions under a higher age threshold. We do not knowingly collect personal information from children in violation of applicable law.

15. Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version and revise the effective date. We may also provide additional notice where appropriate.

16. Contact Us

  • For privacy questions or requests, contact: privacy@syncorelabs.ai.
  • If required by law, add your legal entity name, registered address, and any applicable data protection contact or representative.

Questions? Email privacy@syncorelabs.ai.