דלגו לתוכן

Legal

Privacy Policy

This Privacy Policy explains how SYNCA collects, uses, discloses, retains and otherwise processes information in connection with the SYNCA platform, the website synca.co.il, and the related APIs, applications and services (collectively, the "Service"). Please read it carefully. By accessing or using the Service you acknowledge that you have read and understood this Privacy Policy.

Effective: May 13, 2026 · Last updated: May 13, 2026

1. Scope & Roles

This Policy applies to (a) information SYNCA collects directly through the Service, the website, marketing channels and customer-facing interactions (where SYNCA acts as a controller), and (b) information that customers route through the Service in order to integrate their business systems (where SYNCA acts as a processor on behalf of the customer, subject to the customer agreement and any applicable Data Processing Addendum, the "DPA").

To the extent a separate written agreement between SYNCA and a customer (including a DPA or master subscription agreement) addresses the same subject matter, that agreement controls with respect to Customer Data processed in the Service. This Policy governs all other processing.

2. Who We Are

The data controller for purposes of this Policy is SYNCA, a business operating from the State of Israel, with operations in Jerusalem and Tel Aviv. You can contact us at any time at info@synca.co.il.

3. Information We Collect

3.1 Information You Provide Directly

  • Account information — your name, business email address, company name, role, password (stored hashed and salted), billing address and tax ID.
  • Payment information — processed by our PCI‑DSS compliant payment processor. SYNCA does not store full payment card numbers on its servers; we receive only tokenized references and the metadata required for billing, fraud prevention and accounting.
  • Communications — anything you send to us through support tickets, email, chat widgets, sales conversations, surveys, webinars and contact forms, including any attachments, screenshots, recordings or screen shares.
  • Marketing preferences — your subscription status for newsletters, product updates and event invitations.
  • Onboarding inputs — information you provide during implementation (such as descriptions of business workflows, mappings, sample records and credentials for the systems you wish to connect).

3.2 Customer Data Routed Through the Service

The Service connects your business systems (such as CRMs, ERPs, e‑commerce platforms, payment gateways and data warehouses) and synchronizes records between them. The data that flows through the Service in order to perform these synchronizations (the "Customer Data") may include personal information of your employees, customers, leads or end‑users.

With respect to Customer Data, SYNCA processes it solely on your documented instructions in order to provide the Service, subject to the DPA. You are responsible for ensuring that you have a valid legal basis to share Customer Data with us and to have it processed for the purposes you configure.

3.3 Information Collected Automatically

  • Device & connection data — IP address, approximate geolocation derived from IP, browser type and version, operating system, device identifiers, language and time‑zone settings, referrer and exit URLs.
  • Usage data — pages and screens viewed, features used, buttons clicked, dashboards opened, the timing and frequency of those actions, search queries you run inside the Service, and product‑telemetry events.
  • Operational logs — request and response metadata, error traces, retry counts, sync identifiers, queue latencies and other diagnostic signals. Log payloads may contain Customer Data; we treat any Customer Data found in logs in accordance with the DPA.
  • Cookies and similar technologies — see Section 13 below.

3.4 Information From Third Parties

  • Authentication providers — if you sign in via Google, Microsoft or another identity provider, we receive the profile information that you authorize them to share.
  • Enrichment and business intelligence providers — for prospective customers, we may receive firmographic information (company size, industry, technologies in use) to qualify leads.
  • Referrals and partners — if a partner introduces you to us, we may receive the contact information they share.
  • Public sources — such as your company website, public registries and professional networks.

4. How We Use Information

We process information for the following purposes:

  • Providing the Service. Authenticating you, executing the integrations and synchronizations you configure, applying retries and error handling, and maintaining the historical record of those operations.
  • Billing and accounting. Calculating usage, issuing invoices, collecting payments, preventing fraud and meeting tax and bookkeeping obligations.
  • Support. Responding to inquiries, diagnosing issues you report and following up on resolutions.
  • Service security, reliability and integrity. Monitoring for abuse, preventing unauthorized access, detecting and mitigating attacks, throttling abusive traffic and conducting incident investigations.
  • Product improvement and analytics. Understanding how the Service is used in aggregate, identifying friction points, prioritizing features, running experiments and producing aggregated and de‑identified metrics that do not identify any specific person.
  • Communications about the Service. Sending operational notices (outage notifications, security alerts, terms updates, end‑of‑life announcements) — these are not promotional and you cannot opt out of them while you have an active account.
  • Marketing and sales. Where permitted by law, sending newsletters, product updates, event invitations and offers. You can unsubscribe at any time using the link in those emails.
  • Research and benchmarking. Producing internal research and aggregated, anonymized benchmarks that do not identify you or any individual.
  • Compliance and legal. Complying with applicable laws, responding to lawful requests from authorities, enforcing our terms, defending against claims and establishing or exercising legal rights.
  • Corporate transactions. In connection with a financing, merger, acquisition, restructuring, sale of assets or due‑diligence process.

5. Legal Bases for Processing (EEA/UK)

If you are in the European Economic Area, the United Kingdom or a jurisdiction with similar laws, we rely on the following legal bases:

  • Performance of a contract — to provide the Service you have subscribed to.
  • Legitimate interests — to operate, secure, improve and market the Service, prevent fraud and abuse, and protect SYNCA's rights and assets. We balance those interests against your rights and freedoms.
  • Legal obligation — to comply with applicable laws and lawful requests.
  • Consent — where we ask for it (for example, certain cookies or specific marketing channels). You may withdraw consent at any time, without affecting prior processing.

6. Disclosure of Information

SYNCA does not sell personal information. We disclose information only in the circumstances described below:

  • Sub‑processors and service providers. Cloud infrastructure (including Amazon Web Services and similar providers), database hosting, monitoring and observability, error tracking, email delivery, customer support tools, CRM, analytics, payment processing and accounting providers. These providers act on our instructions, are bound by written agreements and may only process information for the purposes we specify.
  • At your direction. When you connect a third‑party system to the Service, we share information with that system as needed to execute the integration you have configured.
  • Affiliates. With current and future SYNCA affiliates for the purposes described in this Policy, under equivalent protections.
  • Professional advisors. Lawyers, auditors, bankers and insurers under confidentiality obligations.
  • Legal and safety. When we believe disclosure is required by law, subpoena, court order or other legal process, or is necessary to enforce our terms, investigate suspected fraud, protect the safety of any person, protect against harm to our rights, property or Service, or defend against legal claims.
  • Corporate transactions. In connection with a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets or transition of service to another provider. In such an event, the recipient will be bound to honor the commitments in this Policy or you will receive prior notice.

7. International Transfers

SYNCA is based in Israel and uses sub‑processors that may be located in the European Economic Area, the United Kingdom, the United States and other jurisdictions. The European Commission has issued an adequacy decision in respect of Israel. Where we transfer personal information to other jurisdictions that have not been recognized as providing adequate protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, binding corporate rules or other lawful mechanisms.

8. Data Retention

We retain information for as long as it is needed to provide the Service, comply with our legal, accounting and tax obligations, resolve disputes and enforce our agreements. Specifically:

  • Account information — for the life of the account plus a reasonable period afterwards to allow reactivation, address billing disputes and meet legal obligations (typically up to seven (7) years for accounting records).
  • Customer Data — for the duration of the subscription, plus the grace period stated in the customer agreement (typically thirty (30) days), after which Customer Data is deleted or returned in accordance with the DPA, except where retention is required by law.
  • Operational logs and telemetry — typically retained between thirty (30) and three hundred and sixty‑five (365) days, depending on the log type and its value for security, debugging and audit.
  • Marketing data — until you unsubscribe or after a period of inactivity, whichever comes first.
  • Backups — backups containing personal information are overwritten or deleted on a rolling cycle. Deletion requests are applied to active systems promptly and to backups upon their natural rotation.

9. Security

  • Encryption in transit (TLS 1.2 or higher) and at rest (AES‑256 or equivalent).
  • Role‑based access control, the principle of least privilege, and multi‑factor authentication for SYNCA staff with access to production systems.
  • Network segmentation, hardened images, secret management and routine vulnerability scanning.
  • Continuous logging and monitoring, with an internal incident response process.
  • Annual third‑party security assessments and ongoing review of our sub‑processors.
  • Background checks and confidentiality undertakings for employees and contractors with access to personal information.

No method of transmission or storage is perfectly secure. While we apply commercially reasonable safeguards, we cannot guarantee absolute security. In the event of a personal data breach that triggers a notification obligation, we will notify the affected customers and, where required, regulators, in accordance with applicable law.

10. Your Rights

Subject to applicable law and to verification of your identity, you may have the right to:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of personal information ("right to be forgotten").
  • Object to or restrict certain processing.
  • Request a copy of your personal information in a portable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a competent data protection authority.

To exercise a right, email info@synca.co.il. We will respond within the period required by applicable law (and in any event no later than thirty (30) days from receipt of a verified request, subject to extensions permitted by law). Where you submit a request that concerns Customer Data of a SYNCA customer (and not your relationship directly with SYNCA), we will refer the request to the relevant customer, who is the controller of that data.

Certain rights are not absolute. We may decline a request that is excessive, repetitive, manifestly unfounded, prohibited by law, or in conflict with our overriding legal obligations, our legitimate interests (including the defense of legal claims), or the rights of third parties.

11. Automated Decision‑Making

The Service does not subject you to decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. To the extent the Service uses automation (for example, to detect abuse or fraud), meaningful human review is available on request.

12. Children

The Service is intended for businesses and the professionals who run them. We do not knowingly collect personal information from individuals under the age of sixteen (16). If you believe a child has provided personal information to us, please contact us and we will take steps to delete it.

13. Cookies and Similar Technologies

We use cookies, local storage, pixels and similar technologies to operate the Service, remember your preferences, measure traffic and improve performance. Categories include:

  • Strictly necessary — required for the Service to function (authentication, security, load balancing). These cannot be turned off.
  • Functional — remember your preferences and choices.
  • Analytics — help us understand usage in aggregate.
  • Marketing — measure the effectiveness of our campaigns and, where permitted by law and with your consent, deliver tailored advertising.

You can manage cookies through your browser settings. Blocking certain cookies may impair functionality. Where required by law, we present a cookie consent banner that lets you accept, reject or customize non‑essential cookies.

14. Third‑Party Links and Integrations

The Service contains links and integrations to third‑party websites and services. We do not control those third parties, are not responsible for their content or practices, and do not endorse them. When you connect a third‑party system to the Service, the information that flows to that system is also governed by the privacy policy of that third party.

15. Region‑Specific Disclosures

15.1 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), as amended. We do not "sell" personal information as defined under the CCPA. You may exercise your CCPA rights by contacting us at info@synca.co.il. We will not discriminate against you for exercising your rights.

15.2 Israel

If you are an Israeli resident, you may have rights under the Protection of Privacy Law, 5741‑1981 and the regulations promulgated thereunder, including the right to inspect and correct your information.

16. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by email or through the Service at least thirty (30) days before they take effect, except where a shorter period is required by law or appropriate for security or legal reasons. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance.

17. Contact Us

SYNCA
Jerusalem / Tel Aviv, Israel
Email: info@synca.co.il