Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use SyncSymptom, you provide us with:

• Account Information: Email address, name, password, and optional profile details
• Health Data: All information you choose to log, including:
  • Symptoms (type, severity, location, duration, notes)
  • Activities and exercise logs
  • Food and nutrition entries
  • Sleep patterns and quality
  • Mood and mental health data
  • Medications and supplements
  • Photos and attachments you upload
  • Notes and observations
• Communications: Messages you send to our support team or through Telegram integration

1.2 Automatically Collected Information

When you use our service, we automatically collect certain technical information:

• Usage Data: Features used, session duration, interaction patterns, entry timestamps
• Device Information: Device type, operating system, browser type and version, screen resolution
• Network Information: IP address, internet service provider, general geographic location (city/region level)
• Cookies and Similar Technologies: Session cookies to maintain your login, preference cookies for settings, and analytics cookies (with your consent)

1.3 Information from Third-Party Integrations

If you use optional integrations:

• Telegram: Your Telegram user ID and messages sent to our bot (not stored in Telegram, only in your SyncSymptom account)
• Calendar Services (Future): Calendar access permissions and event data (only with your explicit consent)

2. How We Use Your Information

We use your information exclusively to provide and improve our service:

2.1 Core Service Delivery

• Store and organize your health data
• Generate insights, patterns, and correlations from your tracked data
• Create reports and summaries for your healthcare providers
• Provide search and filtering capabilities
• Enable data export in various formats

2.2 Service Improvement

• Analyze aggregated, anonymized usage patterns to enhance features
• Identify and fix bugs and technical issues
• Develop new features based on user needs
• Improve user interface and experience

2.3 Communication

• Send essential service notifications and security alerts
• Respond to your support requests and questions
• Send important updates about Terms or Privacy Policy changes
• Provide optional feature announcements and tips (you can opt out)

2.4 Security and Compliance

• Detect and prevent fraud, abuse, and security threats
• Ensure system integrity and user safety
• Comply with applicable laws and legal obligations
• Enforce our Terms of Use

3. Data Security: How We Protect Your Information

We implement comprehensive, industry-leading security measures to protect your sensitive health data:

3.1 Encryption

• Data in Transit: All data transmission uses TLS 1.3 encryption (the same security banks use)
• Data at Rest: All stored data is encrypted using AES-256 encryption
• Password Security: Passwords are hashed using bcrypt with salting (we never store plain text passwords)

3.2 Access Controls

• Strict role-based access controls limit who can access what data
• Multi-factor authentication for administrative access
• All access to production data is logged and audited
• Minimal necessary access principle enforced for all staff

3.3 Infrastructure Security

• Data hosted on SOC 2 compliant, enterprise-grade cloud infrastructure
• Regular automated backups with encrypted storage
• Network segmentation and firewall protection
• Intrusion detection and prevention systems
• DDoS protection and rate limiting

3.4 Ongoing Security Practices

• Regular security audits and penetration testing
• Continuous vulnerability scanning and patching
• Employee security training and background checks
• Incident response plan with 24/7 monitoring
• Security update policy to address emerging threats promptly

3.5 Important Security Note

While we implement robust security measures, no system is 100% secure. We encourage you to:

• Use a strong, unique password for your SyncSymptom account
• Never share your account credentials
• Log out of shared or public devices
• Report any suspicious activity immediately

4. Data Sharing and Disclosure

4.1 We Never Sell Your Data

4.2 Limited, Necessary Sharing

We may share your information only in these specific, limited circumstances:

With Your Explicit Consent

• When you export reports to share with healthcare providers
• When you explicitly authorize data sharing
• When you use third-party integrations (Telegram, calendar services)

Trusted Service Providers

We work with select third-party service providers who help us operate SyncSymptom. These providers:

• Are bound by strict confidentiality agreements
• Can only access data necessary to perform their specific function
• Are prohibited from using your data for any other purpose
• Must meet our security and privacy standards

Examples include:

• Cloud hosting providers (data storage)
• Email service providers (transactional emails)
• Customer support tools (if you contact support)

Legal Requirements

We may disclose your information if required by:

• Valid court order or subpoena
• Legal process or government request
• Necessity to protect our rights, property, or safety, or that of our users or the public
• Prevention of fraud, abuse, or illegal activity

We will notify you of legal requests unless prohibited by law, and we will challenge overly broad requests.

Business Transfers

In the unlikely event of a merger, acquisition, or sale of assets:

• We will notify you via email and prominent notice on our website
• You will have the option to delete your data before the transfer
• The acquiring party will be bound by this Privacy Policy

5. Your Rights and Control Over Your Data

You have complete control over your health data. We provide you with comprehensive rights and easy-to-use tools to exercise them:

5.1 Access Your Data

You can view all your personal data at any time through your account dashboard. No requests or waiting periods required.

5.2 Export Your Data

Download your complete health data in standard, portable formats:

• PDF reports for healthcare providers
• CSV files for spreadsheet analysis
• JSON format for technical use

Take your data with you anytime, no questions asked.

5.3 Modify Your Information

Edit, update, or correct your information at any time:

• Update account details and profile
• Edit or delete individual entries
• Modify settings and preferences

5.4 Delete Your Account and Data

You have the absolute right to delete your account and all associated data at any time.

• Navigate to Account Settings → Delete Account
• Confirm deletion (this cannot be undone)
• All personal data is permanently deleted within 30 days
• Alternatively, contact us to request deletion

After deletion, your data is gone forever. We cannot recover it. Limited information may be retained only if required by law (such as transaction records for tax purposes), but all health data is permanently deleted.

5.5 Opt-Out of Communications

You can unsubscribe from:

• Marketing emails (click unsubscribe in any email)
• Feature announcements and tips
• Newsletter communications

Note: You cannot opt out of essential service communications (security alerts, critical updates, legal notices).

5.6 Additional Rights (Depending on Your Location)

Depending on where you live, you may have additional rights under laws like GDPR, CCPA, or HIPAA:

• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with supervisory authority

Contact us to exercise these rights: contact@syncsymptom.com

6. Data Retention

6.1 Active Accounts

We retain your health data for as long as your account is active and as long as necessary to provide our services. This enables:

• Long-term pattern recognition
• Historical trend analysis
• Comprehensive health tracking over months and years

6.2 Account Deletion

When you delete your account:

• All personal health data is permanently deleted within 30 days
• Backups containing your data are overwritten within 90 days
• Anonymized, aggregated analytics data may be retained (with all personal identifiers removed)
• Information required by law may be retained as legally mandated

6.3 Inactive Accounts

If you don't log in for an extended period:

• We'll send email reminders at 12 and 18 months of inactivity
• After 24 months of inactivity, we may delete your account (with 60 days advance notice)
• You can always log in to keep your account active

7. Third-Party Services and Links

7.1 Telegram Integration

If you use our Telegram bot:

• Data transmitted through Telegram is subject to Telegram's privacy policy and terms
• We securely transfer your messages to your SyncSymptom account
• We don't store your data in Telegram - it's immediately transferred to our secure servers
• You can disconnect Telegram integration anytime

7.2 Future Integrations

Upcoming features like calendar sync are optional. If you choose to use them:

• You explicitly authorize the integration
• Third-party services have their own privacy policies
• You can revoke integration access anytime
• We only access the minimum data necessary

7.3 External Links

Our blog and app may contain links to external websites. We are not responsible for the privacy practices of these sites. Please review their privacy policies.

8. Children's Privacy

SyncSymptom is not intended for children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete it.

9. International Data Transfers

SyncSymptom operates globally. Your data may be transferred to and stored in countries different from your own. When we transfer data internationally:

• We use appropriate safeguards (Standard Contractual Clauses, etc.)
• We ensure the same level of protection as in your home country
• We comply with applicable data protection laws (GDPR, etc.)

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We'll notify you via email (to the address on your account)
• We'll display a prominent notice in the app
• We'll update the "Last updated" date at the top of this policy
• You'll have the opportunity to review changes before they take effect

Continued use of the service after changes constitute acceptance. If you disagree with changes, you can delete your account.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Privacy Inquiries:

• Email: contact@syncsymptom.com
• Data Protection Officer: contact@syncsymptom.com

General Support:

• Email: contact@syncsymptom.com
• Telegram: @SyncSymptomSupport
• Instagram: @syncsymptom

Visit our Contact Page for more options.

12. Our Commitment to You

Your trust is everything to us. We built SyncSymptom because we believe everyone deserves tools to understand and improve their health - without sacrificing privacy or security.