Back to Home

Privacy Policy

Last Updated: January 26, 2025

1. Introduction

Welcome to AiSync.Team ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered collaboration platform and services (collectively, the "Services").

This Privacy Policy applies to all users worldwide and complies with applicable data protection laws, including:

  • General Data Protection Regulation (GDPR) - European Union and United Kingdom
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Digital Personal Data Protection Act (DPDPA) - India
  • Other applicable international data protection regulations

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Full name, email address, and username
  • Password (encrypted and securely stored via our authentication provider)
  • Profile picture and bio
  • Phone number (optional, for two-factor authentication)

Workspace and Communication Data:

  • Messages, files, and content you create, send, or share within channels and threads
  • Workspace names, descriptions, and settings
  • Channel names and configurations
  • Comments, reactions, and other engagement data
  • Email invitations sent to workspace members

Payment Information:

  • Billing details (processed by third-party payment processors)
  • We do not store complete credit card information on our servers

2.2 Information Collected Automatically

Usage and Technical Data:

  • Device information (type, operating system, browser type and version)
  • IP address and approximate geographic location
  • Login dates and times
  • WebSocket connection data and session information
  • Features accessed and actions performed within the Services
  • Pages viewed and links clicked
  • Performance and error logs

Cookies and Similar Technologies:

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. See our Cookie Policy for detailed information.

2.3 Information from Third Parties

  • Authentication data from Clerk (our identity provider)
  • Analytics information from service providers
  • Publicly available information if you connect third-party services

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery and Operation

  • Provide, operate, and maintain our Services
  • Enable real-time messaging and collaboration features
  • Authenticate users and manage accounts
  • Process workspace invitations and member management
  • Store and retrieve messages, files, and workspace data
  • Facilitate communication between team members

3.2 Service Improvement and Development

  • Analyze usage patterns to improve user experience
  • Develop new features and functionality
  • Conduct research and analytics
  • Test and troubleshoot technical issues

3.3 Communication and Support

  • Send transactional emails (account notifications, security alerts)
  • Respond to customer support inquiries
  • Send service announcements and updates
  • Deliver marketing communications (with your consent, where required)

3.4 Security and Compliance

  • Detect, prevent, and address fraud, security breaches, and technical issues
  • Enforce our Terms of Service and Acceptable Use Policy
  • Comply with legal obligations and regulatory requirements
  • Protect our rights, privacy, safety, or property

3.5 Legal Basis for Processing (GDPR)

For users in the EU/UK, we process your personal data based on:

  • Contract Performance: Processing necessary to provide our Services
  • Legitimate Interests: Improving our Services, security, and fraud prevention
  • Legal Obligation: Compliance with applicable laws
  • Consent: Where we have obtained your explicit consent (e.g., marketing emails)

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Within Your Workspace

Information you share in channels, threads, and messages is visible to other members of your workspace based on workspace and channel permissions.

4.2 Service Providers

We share information with trusted third-party service providers who assist us in operating our Services:

  • Clerk: Authentication and identity management
  • MongoDB Atlas: Database hosting and storage (AWS infrastructure)
  • Amazon Web Services (AWS): Cloud infrastructure and hosting
  • Email Service Providers: Transactional and marketing email delivery
  • Analytics Providers: Usage analytics and performance monitoring

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders, or legal requests)
  • Government or regulatory authorities
  • Enforcement of our Terms of Service
  • Protection of our rights, property, or safety, or that of others

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on our Services before your information is transferred.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. International Data Transfers

Our Services are operated globally, and your information may be stored and processed in the United States, European Union, India, or other countries where our service providers operate.

When we transfer personal data from the European Economic Area (EEA) or United Kingdom to countries outside these regions, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally compliant transfer mechanisms

For transfers from India, we comply with the Digital Personal Data Protection Act requirements and implement appropriate cross-border transfer safeguards.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal, regulatory, tax, or accounting requirements
  • Maintain security, prevent fraud, and resolve disputes
  • Enforce our Terms of Service

Specific retention periods:

  • Account Information: Retained while your account is active and for 90 days after account deletion
  • Messages and Content: Retained while your workspace is active; deleted when workspace is permanently deleted
  • Logs and Technical Data: Typically retained for 12-24 months for security and troubleshooting
  • Backup Data: May be retained for up to 90 days in backup systems

When data is no longer needed, we securely delete or anonymize it so that it cannot be associated with you.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

7.1 Rights for All Users

  • Access: Request access to your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Opt-out of Marketing: Unsubscribe from promotional emails via the link in each email

7.2 Additional Rights for EU/UK Users (GDPR)

  • Right to Portability: Receive your data in a structured, machine-readable format
  • Right to Restriction: Request restriction of processing in certain circumstances
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for consent-based processing
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

7.3 Additional Rights for California Residents (CCPA/CPRA)

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights
  • Right to Correct: Request correction of inaccurate personal information

7.4 Additional Rights for Indian Users (DPDPA)

  • Right to Access: Obtain information about personal data processing
  • Right to Correction: Correct inaccurate or misleading data
  • Right to Erasure: Request deletion of personal data
  • Right to Grievance Redressal: File complaints with our Data Protection Officer
  • Right to Nominate: Nominate another individual to exercise rights in case of death or incapacity

7.5 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within the timeframe required by applicable law (typically 30 days, or 45 days for Indian users under DPDPA).

8. Security

We implement industry-standard technical and organizational measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction:

  • Encryption: Data in transit is encrypted using TLS/SSL; data at rest is encrypted in our databases
  • Authentication: Secure authentication via Clerk with support for two-factor authentication (2FA)
  • Access Controls: Role-based access controls and principle of least privilege
  • Rate Limiting: Protection against abuse with 120 messages/minute per connection limit
  • Monitoring: Continuous security monitoring and logging
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Secure Infrastructure: Hosting on AWS with enterprise-grade security

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

Our Services are not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@aisync.team. We will promptly delete such information from our systems.

10. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance your experience, analyze usage, and deliver personalized content. For detailed information about our use of cookies and how to manage your preferences, please see our Cookie Policy.

11. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to these third-party services.

We encourage you to review the privacy policies of any third-party services you access through our Services. We are not responsible for the privacy practices of third parties.

12. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with applicable privacy laws.

You may contact our DPO at:

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email (if you have provided an email address)
  • Provide prominent notice within our Services
  • Obtain your consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

AiSync.Team

Email: privacy@aisync.team

Legal: legal@aisync.team

Data Protection Officer: dpo@aisync.team

Website: https://aisync.team

15. Jurisdiction-Specific Information

15.1 European Union and United Kingdom

The data controller for your personal information is AiSync.Team. Our legal basis for processing is described in Section 3.5. You have the rights described in Section 7.2, and you may lodge a complaint with your local supervisory authority.

15.2 California, United States

California residents have specific rights under the CCPA and CPRA as described in Section 7.3. We do not sell your personal information. In the preceding 12 months, we have collected the categories of personal information described in Section 2.

15.3 India

AiSync.Team acts as a Data Fiduciary under the Digital Personal Data Protection Act, 2023. Your rights as a Data Principal are described in Section 7.4. You may file grievances with our Data Protection Officer at dpo@aisync.team.

If you have any questions about this document, please contact us at legal@aisync.team