Privacy Policy

1. Introduction

SYNQ ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automotive marketplace automation service, including our website, dashboard, and desktop application (collectively, the "Service").

By using our Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you register, we collect your email address, password (stored in hashed form), and dealership name.
• Business Information: Dealership name, address, phone number, website URL, and inventory source URLs.
• Payment Information: If you subscribe to a paid plan, payment processing is handled by our third-party payment processor (Stripe). We do not store your full credit card number.
• Communications: Any correspondence you send to us via email or support channels.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken within the dashboard, and timestamps.
• Device Information: Browser type, operating system, device identifiers, and IP address.
• Log Data: Server logs including access times, error logs, and referring URLs.

2.3 Information from Third Parties

• Your Website/Inventory: We scrape publicly available vehicle inventory data from your dealership website as directed by you.
• Facebook: When you connect your Facebook account via our desktop app, we interact with Facebook Marketplace on your behalf. Your Facebook credentials are stored locally on your device and are never transmitted to our servers.

3. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Sync your vehicle inventory from your website
• Create and manage listings on Facebook Marketplace on your behalf
• Send administrative notifications, updates, and security alerts
• Respond to customer service requests and support needs
• Monitor and analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

4. Data Storage and Security

4.1 Where Data is Stored

• Cloud Data: Account information, inventory data, job records, and analytics are stored in Supabase (PostgreSQL) with servers located in the United States.
• Local Data: Facebook session data and browser automation data are stored locally on your device and are never transmitted to our servers.

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Row-level security policies in our database
• Secure authentication via Supabase Auth
• Regular security assessments and updates
• Access controls limiting employee access to data

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: We work with third-party vendors who assist in operating our Service (e.g., Supabase for database, Vercel for hosting, Stripe for payments). These providers are bound by confidentiality obligations.
• Legal Requirements: We may disclose information if required by law, court order, or government request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• With Your Consent: We may share information with your explicit consent for purposes not covered by this policy.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a portable format.
• Objection: Object to certain processing of your personal data.

To exercise these rights, please contact us at privacy@autosynq.io. We will respond within 30 days of receiving your request.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion:

• Account data is deleted within 30 days
• Inventory and listing data is deleted within 30 days
• Anonymized analytics data may be retained indefinitely for service improvement
• Certain data may be retained longer if required by law or for legitimate business purposes (e.g., billing records)

8. Cookies and Tracking

We use essential cookies to maintain your session and remember your preferences. We may also use analytics cookies to understand how the Service is used. You can control cookies through your browser settings, but disabling cookies may affect Service functionality.

9. Third-Party Links

Our Service may contain links to third-party websites (e.g., Facebook Marketplace). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it is used
• Right to request deletion of personal information
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your rights

12. International Data Transfers

If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: