Privacy Policy
Effective Date: February 8, 2026 | Version 1.0
1. Introduction
DECISYN™ ("Company," "we," "us," or "our") operates the SyncHQ Pro™ service management platform (the "Service" or "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service.
This Privacy Policy is designed to comply with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
2. Information We Collect
2.1. Information You Provide Directly
- Account Information: Name, email address, phone number, company name, password (stored in hashed form)
- Business Information: Company address, tax ID, business type, industry
- Customer Data: Names, email addresses, phone numbers, physical addresses, and service history (entered by you as part of your business operations)
- Financial Data: Invoice amounts, estimate amounts, payment records, line items
- Job Data: Job descriptions, schedules, locations, GPS coordinates, photos, checklists, time entries
- Communication Data: Messages, notes, SMS content, email templates
- Staff Data: Employee names, roles, skills, certifications, availability, hourly rates
2.2. Information Collected Automatically
When you access our Service, we automatically collect certain information, including:
- Device Information: Browser type, operating system, device type, screen resolution
- Usage Information: Pages visited, features used, click patterns, session duration, frequency of use
- Log Data: IP address, access times, referring URLs, error logs
- Location Data: GPS coordinates when using route optimization features (with your consent)
- Cookie Data: As described in our Cookie Policy
- Performance Data: Page load times, API response times, error rates
2.3. Information from Third Parties
We may receive information about you from the following third-party sources:
- Google Maps: Geocoding results, route data, distance calculations
- Stripe: Payment processing status (we do not store full credit card numbers)
- QuickBooks Online: Financial synchronization data
- OpenAI: AI-processed responses (we do not send personally identifiable information to OpenAI)
3. How We Use Your Information
3.1. Service Delivery
- Providing, maintaining, and operating the Service
- Processing and managing your account
- Enabling features you use (scheduling, invoicing, booking, route optimization, etc.)
- Sending transactional notifications (job assignments, payment confirmations, etc.)
3.2. Service Improvement
- Analyzing usage patterns to improve user experience
- Identifying and fixing bugs, errors, and performance issues
- Developing new features and functionality
- Conducting A/B testing and user research
3.3. AI and Machine Learning
- Powering AI voice commands and natural language processing
- Generating smart scheduling recommendations
- Optimizing route suggestions
- Improving AI accuracy through anonymized usage patterns
3.4. Analytics and Aggregation
We may use anonymized and aggregated data for any lawful purpose, including: creating industry benchmarks, publishing reports, improving our products, developing new services, and marketing. Aggregated data cannot identify any individual user.
3.5. Communication
- Sending service-related announcements and updates
- Responding to your inquiries and support requests
- Sending product updates, tips, and best practices (you may opt out at any time)
3.6. Security and Compliance
- Detecting, preventing, and addressing fraud, security threats, and technical issues
- Enforcing our Terms of Service
- Complying with legal obligations
4. Legal Basis for Processing
4.1. Under Indian Law (DPDPA 2023)
As a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDPA), we process your personal data based on the following legal bases:
| Purpose | Legal Basis (DPDPA) |
|---|---|
| Service delivery | Consent + Contractual necessity |
| Account management | Consent + Contractual necessity |
| Security and fraud prevention | Legitimate use (Section 7) |
| Service improvement | Legitimate use (Section 7) |
| Analytics and aggregated data | Legitimate use (anonymized data) |
| AI/ML improvement (anonymized) | Legitimate use (anonymized data) |
| Marketing communications | Explicit consent (opt-in) |
| Legal compliance | Compliance with Indian law |
We also comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("IT Rules 2011").
4.2. Under GDPR (EEA/UK Users)
If you are in the European Economic Area (EEA), UK, or other jurisdictions that require a legal basis for processing personal data, we process your data based on:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Service delivery | Performance of contract |
| Account management | Performance of contract |
| Security and fraud prevention | Legitimate interest |
| Service improvement | Legitimate interest |
| Analytics and aggregated data | Legitimate interest |
| AI/ML improvement (anonymized) | Legitimate interest |
| Marketing communications | Consent (opt-in) |
| Legal compliance | Legal obligation |
5. How We Share Your Information
5.1. We Do NOT Sell Your Personal Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
5.2. Service Providers
We share information with trusted third-party service providers who assist us in operating the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Microsoft Azure | Cloud hosting | All service data (encrypted) |
| Google Maps Platform | Geocoding, route optimization | Addresses, coordinates |
| OpenAI | AI features | Anonymized prompts (no PII) |
| Stripe | Payment processing (international) | Payment amounts, transaction IDs |
| Razorpay | Payment processing (India) | Payment amounts, transaction IDs, UPI handles |
| Twilio | SMS notifications | Phone numbers, message content |
| QuickBooks Online | Accounting sync | Financial records |
| Application Insights | Performance monitoring | Usage telemetry (anonymized) |
All service providers are contractually obligated to protect your data and use it only for the specified purposes.
5.3. Legal Requirements
We may disclose your information if required by law, subpoena, court order, or government request, or when we believe in good faith that disclosure is necessary to:
- Comply with applicable law or legal process
- Protect our rights, property, or safety
- Prevent fraud or address security issues
- Protect the rights, property, or safety of other users or the public
5.4. Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change via email or prominent notice on the Service.
5.5. With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
6. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Duration of account + 30 days | Service delivery |
| Business/job data | Duration of account + 90 days | Business records |
| Financial records | 7 years after creation | Tax and legal compliance |
| Communication logs | 2 years | Service improvement |
| Server logs | 90 days | Security and debugging |
| Analytics data | 26 months | Service improvement |
| Cookie consent records | 3 years | Compliance evidence |
| Anonymized/aggregated data | Indefinitely | No expiration (non-personal) |
After the retention period, data will be securely deleted or anonymized.
7. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data transmitted via TLS 1.2+ (HTTPS)
- Encryption at Rest: Database encryption using AES-256
- Authentication: Secure httpOnly session cookies (SameSite=Strict, Secure flag, inaccessible to client-side JavaScript)
- Password Security: Bcrypt hashing with salt rounds
- Access Controls: Role-based access control (RBAC) with granular permissions
- Rate Limiting: Protection against brute-force attacks
- Security Headers: Helmet.js for HTTP security headers
- Input Validation: Server-side input sanitization and validation
- Infrastructure: Microsoft Azure cloud with enterprise-grade security certifications
HOWEVER, NO METHOD OF ELECTRONIC TRANSMISSION OR STORAGE IS 100% SECURE. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. You use the Service at your own risk.
8. Your Rights
8.1. All Users
Regardless of your location, you have the right to:
- Access your personal data stored in the Service
- Correct inaccurate or incomplete data
- Delete your account and associated data
- Export your data in a portable format
- Opt out of non-essential communications
8.2. GDPR Rights (EEA/UK Users)
If you are in the EEA or UK, you additionally have the right to:
- Data Portability: Receive your data in a structured, machine-readable format
- Restrict Processing: Request limitation of processing in certain circumstances
- Object to Processing: Object to processing based on legitimate interest
- Withdraw Consent: Withdraw consent at any time (without affecting prior lawful processing)
- Lodge a Complaint: File a complaint with your local data protection authority
8.3. CCPA Rights (California Residents)
If you are a California resident, you have the right to:
- Know what personal information is collected, used, and shared
- Delete your personal information (subject to certain exceptions)
- Opt-Out of the sale of personal information (we do not sell personal data)
- Non-Discrimination: We will not discriminate against you for exercising your rights
8.4. DPDPA Rights (Indian Residents)
If you are an Indian resident, under the Digital Personal Data Protection Act, 2023, you have the right to:
- Right to Access (Section 11): Obtain a summary of your personal data being processed and the processing activities
- Right to Correction and Erasure (Section 12): Request correction of inaccurate or misleading data, completion of incomplete data, updating of outdated data, and erasure of data no longer necessary for the purpose it was collected
- Right of Grievance Redressal (Section 13): File a grievance with us and receive a response within the prescribed time period
- Right to Nominate (Section 14): Nominate another individual to exercise your rights in the event of your death or incapacity
- Withdraw Consent: You may withdraw your consent for processing at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal
8.5. PIPEDA Rights (Canadian Residents)
If you are a Canadian resident, you have the right to:
- Access your personal information held by us
- Challenge the accuracy and completeness of your information
- Withdraw Consent to the collection, use, or disclosure of your information
8.6. How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@servicesynchq.com
- In-App: Settings > Privacy > Data Rights
We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.
9. Grievance Officer
In compliance with the Information Technology Act, 2000 and the IT Rules 2011, our Grievance Officer can be contacted at:
- Email: grievance@servicesynchq.com
- Response Time: Within 30 days of receiving the grievance
You may also file a complaint with the Data Protection Board of India if you are not satisfied with our response.
For EEA/UK users: You have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.
10. Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly.
11. International Data Transfers
Your data is primarily processed and stored in India (Azure Central India) and may also be processed in the United States (Azure US East) and the European Union (Azure EU West) for redundancy and performance purposes.
11.1. Transfers from India
For transfers of personal data outside India, we comply with the Digital Personal Data Protection Act, 2023 (Section 16). Data may be transferred to countries or territories notified by the Central Government of India as permissible. We implement appropriate technical and organizational safeguards for all cross-border data transfers.
11.2. Transfers from the EEA/UK
For transfers from the EEA/UK, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Azure's compliance certifications (SOC 2, ISO 27001, GDPR)
11.3. Data Localization
We store primary copies of Indian users' personal data on servers located in India (Azure Central India region) where feasible. Certain processing activities may require temporary transfer to other regions for technical reasons.
12. Compliance with Indian Law
12.1. Information Technology Act, 2000: We comply with the IT Act 2000 and its rules, including the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, regarding the collection, storage, and processing of sensitive personal data.
12.2. Digital Personal Data Protection Act, 2023: As a Data Fiduciary, we comply with all obligations under the DPDPA 2023, including obtaining valid consent, providing notice before data collection, implementing reasonable security safeguards, and honoring Data Principal rights.
12.3. Sensitive Personal Data (IT Rules 2011): Under the IT Rules 2011, sensitive personal data includes passwords, financial information, health data, biometric data, and sexual orientation. We collect sensitive personal data (passwords, financial records) only with explicit consent and implement body corporate-level security practices as prescribed.
12.4. Intermediary Guidelines: We comply with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, as applicable.
13. Cookies and Tracking Technologies
We use cookies and similar technologies as described in our Cookie Policy. You can manage your cookie preferences through the cookie consent banner on our website.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on the Service
- Sending an email notification to your registered email address
- Displaying a prominent notice in the Service
Your continued use of the Service after changes constitutes acceptance of the revised Privacy Policy.
15. Contact Us
For questions or concerns about this Privacy Policy or our data practices, please contact us:
DECISYN - Privacy & Compliance Team
Email: privacy@servicesynchq.com
- Privacy: privacy@servicesynchq.com
- Grievance Officer: grievance@servicesynchq.com
- Legal: legal@servicesynchq.com
- Support: support@servicesynchq.com
See also: Terms of Service | Cookie Policy | Acceptable Use Policy