Privacy Policy

1. Information We Collect

1.1 Account Information

When you sign up, we collect your name and email address through Google or Microsoft OAuth 2.0 authentication. We do not collect or store your password.

1.2 Calendar Data

With your explicit consent via OAuth, we access your calendar data from Google Calendar and/or Microsoft Outlook. This includes:

• Event titles, times, durations, and locations
• Free/busy status for availability calculations
• Attendee information for meetings you create through Synced

We request the minimum permissions necessary. For Google, we use the calendar.events scope. For Microsoft, we use Calendars.ReadWrite. You can revoke access at any time through your Google or Microsoft account settings.

1.3 Meeting Data

When you schedule meetings through Synced, we store meeting titles, participant emails, selected time slots, and calendar event IDs to provide the scheduling service.

1.4 Usage Data

We automatically collect certain information when you use the Service, including IP address, browser type, pages visited, and features used. This data is used to improve the Service and is not linked to your calendar data.

1.5 API & MCP Data

If you use the Synced API or MCP server, we log API requests (endpoint, timestamp, response status) for debugging and rate limiting. We do not log request bodies containing calendar data.

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the scheduling Service
• Display availability heatmaps and recommend meeting times
• Send calendar invitations on your behalf
• Generate booking links showing your real-time availability
• Manage your trusted contacts and cross-company scheduling
• Send transactional emails (welcome, meeting confirmations)
• Improve, personalize, and expand the Service
• Monitor and prevent abuse of the API and platform

3. How We Share Your Information

We do not sell, rent, or trade your personal information or calendar data. We may share information in the following circumstances:

3.1 With Other Users

When you add participants to a meeting or accept a trusted contact request, those users can see your availability (free/busy status) for the purpose of scheduling. They cannot see your event details unless you create a shared meeting.

3.2 With Booking Link Visitors

When someone visits your booking link, they see available time slots but cannot see your event titles, attendees, or other calendar details.

3.3 Service Providers

We use the following third-party services to operate Synced:

• Supabase — Database and authentication (hosted on AWS)
• Vercel — Application hosting and edge functions
• Google Calendar API & Microsoft Graph API — Calendar data access
• Resend — Transactional email delivery

These providers process data on our behalf under data processing agreements and are prohibited from using your data for their own purposes.

3.4 Legal Requirements

We may disclose your information if required by law, subpoena, or government request, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.

4. Data Security

• All data is encrypted in transit using TLS 1.3
• Data at rest is encrypted using AES-256
• OAuth tokens are stored with encryption and can be revoked at any time
• Database access is protected by row-level security (RLS) policies
• API keys are hashed and never stored in plaintext
• We do not store your Google or Microsoft password — authentication is handled entirely through OAuth 2.0

While we implement industry-standard security measures, no system is 100% secure. If you discover a vulnerability, please report it to security@meetsynced.com.

5. Data Retention

We retain your account and meeting data for as long as your account is active. If you delete your account, we will delete your personal data and calendar data within 30 days. Anonymized usage analytics may be retained indefinitely.

Calendar data (events, free/busy information) is fetched in real-time and cached temporarily (up to 5 minutes) for performance. We do not maintain a permanent copy of your full calendar.

6. Your Rights

You have the right to:

• Access — Request a copy of the personal data we hold about you
• Correct — Update or correct inaccurate personal data
• Delete — Request deletion of your account and associated data
• Revoke — Disconnect your calendar at any time through the Synced app or your Google/Microsoft account settings
• Export — Request a machine-readable export of your data
• Object — Object to processing of your data for specific purposes

To exercise any of these rights, contact us at carlos@meetsynced.com.

7. Cookies

Synced uses essential cookies for authentication and session management. We do not use advertising or tracking cookies. We may use anonymous analytics (without personal identifiers) to understand how the Service is used.

8. Third-Party Links

The Service may contain links to third-party websites (e.g., Google, Microsoft, Zoom). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

9. Children's Privacy

Synced is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US. By using the Service, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective date" above. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

• Email: carlos@meetsynced.com
• Security issues: security@meetsynced.com
• Website: meetsynced.com