Privacy Policy

Effective: June 13, 2025  ·  Synchro Labs LLC  ·  support@datacrop.dev

1. Who We Are

Synchro Labs LLC (“Synchro Labs,” “we,” “us,” or “our”) is a limited liability company organized under the laws of New York and is the data controller for personal information collected through the DataCrop platform (datacrop.dev). We are committed to protecting the privacy of our users and handling personal data responsibly and in compliance with applicable law.

Privacy inquiries: support@datacrop.dev

2. Information We Collect

Account Data

When you register for DataCrop, we collect your email address and, if provided, your name. This information is required to create and maintain your account and to communicate with you about the Service.

Billing Data

Subscription payments are processed by Stripe, Inc. We do not store your full payment card number on our servers. Stripe provides us with billing confirmation, last four digits of your card, card brand, expiration date, and subscription status. Stripe’s handling of your payment data is governed by Stripe’s own privacy policy.

API Usage Data

We log metadata about API requests made using your account, including the endpoint accessed, request timestamp, HTTP response status, and your account identifier. This data is used for rate limit enforcement, usage-based billing verification, and detection of unauthorized or abusive activity.

Technical Data

When you access our website, we may collect your IP address, browser type, operating system, and referring URL. This data helps us diagnose technical issues and understand aggregate usage patterns.

Support Communications

If you contact us by email or other means, we retain those communications for the purpose of resolving your inquiry and for our legal and compliance records.

3. How We Use Your Information

We use the data described above to:

  • Provide, operate, and improve the DataCrop Service
  • Authenticate your identity and manage your account
  • Process subscription payments and manage billing through Stripe
  • Send transactional emails, including payment receipts, renewal reminders (7 days before annual renewals), and account notifications
  • Enforce our Terms of Service and Acceptable Use Policy
  • Monitor API usage to enforce rate limits and detect abuse
  • Respond to support requests and communications from you
  • Comply with legal obligations and respond to lawful requests from authorities

We do not use your personal data for advertising, behavioral profiling, or sale to third parties.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), our legal basis for processing your personal data is:

  • Contract performance: Processing of account and billing data is necessary to fulfill our contract with you (the Terms of Service).
  • Legitimate interests: We process API usage logs and technical data to maintain the security and integrity of the Service and to prevent abuse.
  • Legal obligation: We retain certain records as required by applicable law or regulation.
  • Consent: Where required by law, we will obtain your explicit consent before any processing not covered above.

5. Third-Party Service Providers

We share your data only with the following processors, each engaged under data processing agreements and obligated to handle your data securely and only for the purposes we specify:

ProviderPurposeLocation
Stripe, Inc.Payment processing and billingUnited States
Supabase, Inc.Database hosting and authenticationUnited States
Vercel, Inc.Application hosting and deliveryUnited States
ResendTransactional email deliveryUnited States

We do not sell, rent, or otherwise share your personal data with any other third party except as required by law or to protect our legal rights.

6. Data Retention

We retain your account and billing data for as long as your account remains active. Following account deletion, personal data is retained for ninety (90) days to allow for resolution of any outstanding issues, after which it is permanently deleted from our systems. API usage logs may be retained for up to twelve (12) months for security, audit, and compliance purposes, after which they are deleted or anonymized.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal data. All data transmitted between your devices and our Service is encrypted using TLS. Data stored in our database infrastructure (managed by Supabase) is encrypted at rest. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights

Access and Portability

You may request a copy of the personal data we hold about you by contacting us at support@datacrop.dev. We will respond within thirty (30) days.

Correction

You may update your account email and other profile information through the account settings page.

Deletion

You may permanently delete your account through account settings. This will delete your profile, API key, and associated data, subject to our retention obligations under applicable law.

Objection and Restriction

You may object to or request restriction of certain processing activities, including processing based on legitimate interests. Contact us to exercise these rights.

Withdrawal of Consent

Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and its amendments:

  • The right to know what personal information we collect, use, and disclose (see this Policy)
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information — we do not sell your personal information
  • The right to non-discrimination for exercising your privacy rights
  • The right to correct inaccurate personal information

To exercise your California rights, contact support@datacrop.dev.

10. International Data Transfers

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with data transfer restrictions, your personal data is transferred to and processed in the United States. We rely on Standard Contractual Clauses approved by the European Commission, and where applicable, adequacy decisions, to ensure your data is afforded appropriate protection during transfer.

11. Cookies

DataCrop uses only strictly necessary cookies required for session authentication and maintaining your logged-in state. We do not use advertising cookies, third-party tracking cookies, or analytics cookies that identify you personally. Because these cookies are essential to the functioning of the Service, they cannot be disabled without disrupting your access.

12. Children’s Privacy

DataCrop is not directed at individuals under the age of thirteen (13) and we do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at support@datacrop.dev and we will promptly delete it.

13. New York SHIELD Act

As a New York–based business that collects personal data of New York residents, we comply with the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act. We maintain reasonable administrative, technical, and physical safeguards appropriate to the nature and scope of personal data we handle.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email at least thirty (30) days before they take effect. The effective date at the top of this page will reflect the date of the most recent revision.

15. Contact

For privacy-related questions, requests, or complaints: support@datacrop.dev
Synchro Labs LLC · New York, NY