Back
In plain language

Privacy and terms

Who is responsible for your data

Syncry is the data controller for the personal data you put into the app. We are a small team building Syncry for couples. You can reach us at any time at support@syncry.app, and that is the address to use for any privacy question or to exercise your rights. Syncry serves families in the United Kingdom and the European Union, so this policy is written to meet UK GDPR (with the Data Protection Act 2018) and EU GDPR.

ICO registration number: Registration pending

What we store

Your account email, the names and details you typed into your family, the entries you wrote in the Book, the moods you logged, the tasks and bags you filled in, the photos you uploaded, and (when you set one up) your Anthropic API key in encrypted form. After birth, also any baby-care logs you record. Everything is stored on Supabase in private buckets and tables.

Health and other sensitive data

Much of what Syncry holds is special-category data under GDPR: pregnancy details, your baby's health and care logs, and the moods you record can reveal information about physical and mental health. We process this special-category data only on the basis of your explicit consent, which you give by choosing to enter it. You can withdraw that consent at any time by deleting the entries or your family (see Export and delete); withdrawing does not affect processing that already happened.

Why we are allowed to use it

For ordinary personal data (your email, the names and settings you choose), our lawful basis is performing the contract you enter when you use Syncry, plus our legitimate interest in keeping the service secure and working. For special-category data (health, pregnancy, baby, mood) the basis is your explicit consent. We never use your data for advertising, profiling, or automated decisions that affect you.

Who can see it

Only you and the partner you invited. Database row-level security enforces it: every query is scoped to your family id. Photos use signed URLs that expire in one hour. Nobody from Syncry can read your data; we did not build admin tools that bypass these rules.

About Iris

Iris uses your own Anthropic API key (BYOK). Each call sends the context Iris needs (your names, week, recent entries) to Anthropic; Anthropic does not store these messages between calls. On our side, the key sits encrypted in your family row, and we only decrypt it server-side when Iris needs to speak. You can remove the key any time in Settings.

Push notifications

We store one row per browser/device you enable push on, with the public subscription endpoint that the browser issued. Notifications are sent only to your partner inside your family (mood shared, task done, bag ready, book voice). We never push marketing.

Tracking

No third-party analytics, no advertising trackers, no fingerprinting. Vercel (our host) logs request metadata so we can see when a page errors; that log is short-lived and not joined to your account data.

Who processes the data

Syncry runs on a small set of trusted providers. Supabase stores the database, files, and authentication. Vercel hosts and serves the app. Anthropic powers Iris, and only when you add your own API key. Resend delivers the emails we send (verification, weekly digest). The controller also receives internal operational notifications when a new family signs up; these carry only non-personal signal (chosen role, app language, country), never your name, email, or any health information, and are delivered to a personal Google (Gmail) inbox via Resend. Your data is isolated per family by row-level security and is encrypted in transit and at rest. It is not zero-knowledge: the providers above can technically access what they host, and we can decrypt your Iris key server-side when Iris needs to speak.

Stripe (payments): when you subscribe to Syncry Plus, Stripe processes your payment and card details on its own secure systems. We never see or store your full card number.

International transfers

Some of our providers process data outside the UK and the European Economic Area, in particular Anthropic (Iris) and parts of Vercel and Resend in the United States. Where data leaves the UK or EEA, the transfer is protected by the European Commission Standard Contractual Clauses and the UK International Data Transfer Addendum (IDTA), the safeguards GDPR requires. Supabase data is hosted in the EU region.

How long we keep it

We keep your data for as long as your family is active, because the whole point of Syncry is a journey you can look back on. You can delete any entry at any time. When you delete your family, it enters a 30-day soft-delete window during which you can restore it; after 30 days an automated daily cleanup removes the family and every row attached to it, permanently. Short-lived server logs (for spotting errors) are kept briefly and are not joined to your account.

Your rights

Under UK and EU GDPR you have the right to access your data, to export it in a portable format, to correct it, to have it erased, to restrict or object to processing, and to withdraw consent at any time. Syncry is built so you can exercise most of these yourself, right now: Settings, Your data lets you export everything as JSON (and save your Book and Diary as PDFs) and delete your family. To correct details, edit them in the app. For anything you cannot do yourself, email support@syncry.app and we will respond within one month, free of charge.

Your baby's data

Syncry is used by adults. The information about your baby (health, care logs, photos, milestones) is entered by you, the parents, who hold parental responsibility for it and decide what to record and share with each other. We do not knowingly let anyone under 18 create their own Syncry account.

Export and delete

You own your data and can act on it yourself. In Settings, Your data, you can export everything your family has stored as a single JSON file (photos are referenced by their storage path, not the image bytes); your Book and Diary can also be saved as PDFs. We recommend you export first. Deleting your family does not wipe it instantly: it is scheduled for permanent removal in 30 days, and stays recoverable until then, so you can restore it anytime within that window. After 30 days a daily cleanup drops the family and every row attached to it across the database, for good. You can still email support@syncry.app if you prefer us to do it for you.

How to complain

If you think we have handled your data wrongly, please tell us first at support@syncry.app so we can put it right. You also have the right to complain to a data protection authority. In the United Kingdom that is the Information Commissioner's Office (ICO), at ico.org.uk. In the European Union you can contact the authority in your country of residence.

Terms in two lines

Syncry is a personal-use app built by a couple for couples. It is provided as-is, with no medical warranty: the NHS / NICE links inside are for reference, not advice. If you are worried about a symptom, call your midwife or doctor.

Contact

For anything about your data or this policy, including any request to exercise your rights, email support@syncry.app. Signed-in users can also reach us from Settings, Contact us.

Where our guidance comes from

Syncry is free while in early access. No payments are taken and there is nothing to cancel. Subscription and refund terms would apply only if paid plans are introduced later.

Last updated: 2026-06-22