1. Who is the data controller

Syncura is the controller of the personal data you provide through syncura.health. You can reach us at privacy@syncura.health.

2. What we collect

• Account data: name, email, password (hashed).
• Health data: records, conditions, medications, allergies, and documents you choose to upload.
• Billing data: handled by Stripe; we never store your card details.
• Technical data: IP address, browser type, and pages visited, used solely for security and service improvement.

3. How we use your data

We use your data only to operate the Service: to authenticate you, store and display your records, process payments, and provide support. We do not sell your data, share it with advertisers, or use it to train AI models.

4. Legal basis (GDPR)

We process your data based on your consent (Article 9(2)(a) GDPR for health data) and to perform the contract you have with us (Article 6(1)(b) GDPR).

5. How we protect it

All data is encrypted at rest with AES-256 and in transit with TLS. Access is patient-controlled: you decide who sees what, and you can revoke access at any time. Read more on our Security page.

6. Sub-processors

We rely on a small set of trusted vendors to operate the Service: hosting and database (Supabase), payments (Stripe), and transactional email. They process data on our behalf under data processing agreements.

7. Data retention

We keep your data for as long as your account is active. You can permanently delete all your data with one click from your dashboard, and we will erase it from our systems within 30 days.

8. Your rights

Under GDPR, you have the right to access, correct, export, restrict, or delete your personal data, and to lodge a complaint with your local supervisory authority. To exercise any of these rights, email privacy@syncura.health.

9. Changes to this policy

We will notify you of material changes by email or in-product notice before they take effect.