Privacy Policy

1. Collection of Personal Information

We receive and store any information you knowingly provide to us when you create an account, make a purchase, or fill any forms on the Website. When required, this information may include the following:

• Account details (such as display name, unique user ID, and authentication credentials managed by Google Sign-In)
• Contact information (such as email address, phone number)
• Basic personal information (such as name, country of residence)
• Business information (such as business name, type of service, operating hours)
• End-client data entered into the platform by business users (such as client names, phone numbers, appointment history, and service records)

By using the Services, business users agree to the Data Processing Terms incorporated by reference.

2. Use and Processing of Collected Information

We act as a data controller when we determine the purposes and means of processing your Personal Information. We act as a data processor when business users submit their clients’ Personal Information through the Services — in those cases, the business user is the data controller and Syncta processes the data only on their behalf and according to their instructions.

Legal Basis for Processing

Depending on the context of the processing activity and the jurisdiction in which you are located, Syncta relies on one or more of the following legal bases when processing your Personal Information:

• Performance of a contract. Processing is necessary to perform our obligations under the Terms and Conditions you accepted when subscribing to the Services, including account provisioning, subscription management, appointment scheduling, WhatsApp message delivery, and billing through our designated merchant of record.
• Consent. Where required by applicable law, we process certain Personal Information on the basis of your freely given, specific, informed, and unambiguous consent. This applies in particular to the use of non-essential cookies and tracking technologies (see Section 12), marketing communications, and any processing activity for which consent is the appropriate legal basis under the data protection laws of your jurisdiction. You may withdraw your consent at any time by contacting us at info@syncta.app or by using the relevant opt-out mechanism. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
• Legitimate interests. We may process Personal Information where necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Legitimate interests include maintaining platform security and integrity, preventing fraud and abuse, improving and optimizing the Services, conducting internal analytics, and enforcing our Terms and Conditions. Where we rely on legitimate interests, we conduct a balancing assessment to ensure your rights are adequately protected.
• Legal obligation. We process Personal Information where necessary to comply with applicable laws, regulations, court orders, or government requests, including tax and financial reporting obligations, anti-money-laundering requirements, and data protection authority inquiries.

Information we collect may be used for the following purposes:

• Create and manage user accounts
• Fulfill and manage orders and subscriptions
• Deliver and operate the Services, including WhatsApp automation features
• Improve products and Services
• Respond to inquiries and provide support
• Protect from abuse and malicious users
• Comply with legal obligations and respond to legal requests

3. WhatsApp and Meta Data Processing

Syncta integrates with the WhatsApp Business API, operated by Meta Platforms, Inc. (“Meta”). By connecting your WhatsApp Business account to Syncta, you acknowledge and agree to the following:

• Syncta transmits booking confirmations, appointment reminders, cancellation notices, and other automated messages through Meta’s WhatsApp Business API infrastructure on your behalf.
• Meta acts as an independent data processor for messages sent through WhatsApp. Meta’s processing of data through WhatsApp is governed by Meta’s own Privacy Policy and WhatsApp Business Terms of Service, which are separate from this Policy.
• Message content, phone numbers, and related communication metadata are processed by Meta’s systems and are subject to Meta’s data retention and usage practices.
• Syncta does not control Meta’s data handling practices. Users are encouraged to review Meta’s WhatsApp Business API Privacy Policy at https://www.whatsapp.com/legal/business-policy/.
• WhatsApp Business API service availability is subject to Meta’s operational decisions. Syncta is not liable for service interruptions, policy changes, or feature restrictions imposed by Meta that affect the functionality of Syncta’s WhatsApp-based features.
• The client must comply with following: opt in, marketing laws and spam laws.

4. Business Users and End-Client Data

Syncta is a B2B platform. Business users (such as barbershops, salons, clinics, and other service businesses) use Syncta to manage their own clients’ data. In this context:

• Business users are the data controllers of their clients’ Personal Information and are solely responsible for how that data is collected, used, and processed.
• Syncta acts as a data processor on behalf of business users and processes end-client data only as instructed by the business user through use of the platform.
• Business users represent and warrant that they have the legal right to upload, use, and process the Personal Information of their end-clients within Syncta’s platform, and that they have obtained all necessary consents or have a valid legal basis for doing so.
• Syncta does not sell, share, or use end-client data for any purpose other than providing the Services to the business user.
• Upon termination of a business user’s account, end-client data will be retained for the period necessary to comply with legal obligations and then deleted in accordance with our data retention policy.

5. Payment Processing

Syncta uses an authorized Merchant of Record (“MoR”) for all payment processing. This means our Merchant of Record — not Syncta — is the legal seller of record for all transactions conducted through the Website. As a result:

• All payment transactions, invoicing, tax collection, and refund processing are handled by our Merchant of Record on Syncta’s behalf.
• When you purchase a Syncta subscription, you are entering into a transaction with our Merchant of Record as the merchant. The Merchant of Record’s own Terms of Service and Privacy Policy govern the payment relationship.
• Syncta does not store your credit card details or full payment account information. This data is collected and stored solely by our Merchant of Record.
• Our Merchant of Record adheres to PCI DSS security standards. All sensitive payment data is transmitted over SSL-secured, encrypted channels.
• Refunds and billing disputes are processed through our Merchant of Record in accordance with the Merchant of Record’s refund policy, which applies to all Syncta subscriptions.

We encourage you to review our Merchant of Record’s Privacy Policy, available on their website.

6. Managing Your Information

You may delete certain Personal Information we hold about you. If you would like to delete your Personal Information or permanently delete your account, you can do so by contacting us at info@syncta.app. Please note that we may retain certain information as required by law or for legitimate business purposes for the period set out in Section 7 below.

7. Retention of Information

We retain your Personal Information for the following periods, unless a longer retention period is required or permitted by applicable law:

• WhatsApp Platform Data (including message logs, templates, WhatsApp Business Account connection records, and chat histories): deleted within 30 days of account closure, consistent with Meta’s Platform Terms and WhatsApp Business Policy.
• Business account profile data (such as business name, contact email, display name, and subscription metadata): retained for the duration of your active subscription and for up to 24 months following account closure to support reactivation.
• Transaction and billing records: retained for a minimum of 5 years to comply with tax and financial reporting obligations.
• End-client data entered by business users: retained for the duration of the business user’s active subscription and deleted within 90 days of account closure, unless the business user requests earlier deletion.
• Support and communications data: retained for up to 24 months from the date of the interaction.

Once the applicable retention period expires, Personal Information will be securely deleted or anonymized.

8. Disclosure of Information

We may share your information with trusted service providers who assist in the operation of our Services, including:

• Our authorized Merchant of Record — payment processing and merchant of record services
• Meta / WhatsApp — message delivery via WhatsApp Business API
• Hosting and cloud infrastructure providers (including Google Cloud and Cloudflare for media storage of files shared through WhatsApp conversations)
• Analytics and monitoring tools used to maintain and improve the Services

We will not sell your Personal Information to third parties. We may disclose Personal Information if required by law, court order, or government authority, or if necessary to protect the rights, safety, or property of Syncta, our users, or the public.

In the event of a business transition such as a merger, acquisition, or asset sale, user account data may be transferred as part of the transaction. We will notify affected users in advance where required by law.

9. Transfer of Information

Syncta operates primarily in Latin America and processes data through cloud infrastructure that may be located in multiple jurisdictions. By using our Services, you consent to the transfer of your Personal Information to servers located outside your country of residence. We take appropriate safeguards to ensure that such transfers comply with applicable data protection laws.

10. Region-Specific Notices

10.1 Panama — Ley 81 de Protección de Datos Personales (2019)

Redwood Strategic Holdings, S.A. is incorporated in Panama. Accordingly, Syncta complies with Panama’s Law 81 of March 26, 2019 on the Protection of Personal Data, which came into full effect in 2021. Under this law, residents of Panama have the following rights:

• Right of access: You may request confirmation of whether we hold your Personal Information and obtain a copy of it.
• Right to rectification: You may request correction of inaccurate, incomplete, or outdated Personal Information.
• Right to cancellation (deletion): You may request deletion of your Personal Information where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
• Right to opposition: You may object to the processing of your Personal Information in certain circumstances, including for direct marketing purposes.
• Right to data portability: Where technically feasible, and upon written request to info@syncta.app, you may request that your Personal Information be provided in a structured, commonly used format within a reasonable timeframe.

To exercise any of these rights, please contact us at info@syncta.app. We will respond within the timeframes prescribed by Law 81. If your concerns are not adequately resolved, you may escalate to the Autoridad Nacional de Transparencia y Acceso a la Información (ANTAI), the competent supervisory authority in Panama, at https://www.antai.gob.pa.

10.2 Costa Rica — Ley de Protección de la Persona frente al Tratamiento de sus Datos Personales (Law 8968)

For users resident in Costa Rica, we are committed to complying with the principles established under Law 8968. Your rights include access, rectification, cancellation, and opposition to the processing of your Personal Information. If you believe your rights have not been adequately addressed, you may contact the Agencia de Protección de Datos de los Habitantes (PRODHAB) at https://www.prodhab.go.cr.

10.3 Colombia — Ley 1581 de Protección de Datos Personales

For users resident in Colombia, we comply with the principles established under Law 1581 of 2012 and its regulatory decrees. Your rights include the right to know, update, rectify, and request deletion of your Personal Information, as well as the right to revoke your consent for processing. If you have unresolved concerns, you may contact the Superintendencia de Industria y Comercio (SIC) at https://www.sic.gov.co.

10.4 Mexico — Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP)

For users resident in Mexico, we comply with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP). Your rights under this law include access, rectification, cancellation, and opposition (collectively known as ARCO rights). To exercise your ARCO rights, please contact us at info@syncta.app. If your concerns are not resolved, you may contact the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) at https://home.inai.org.mx.

10.5 Brazil — Lei Geral de Proteção de Dados (LGPD)

If you are a resident of Brazil, you have the following rights under the LGPD:

• Right to know and access: Confirmation and access to your Personal Information.
• Right to correct: Correction of inaccurate or outdated data.
• Right to anonymize and block: Anonymization or blocking of unnecessary or non-compliant data.
• Right to data portability: Upon written request to info@syncta.app, transfer of your data in a commonly used format within a reasonable timeframe.
• Right to delete: Deletion of data processed based on consent.
• Right to information about third parties: Information about third parties with whom we share your data.
• Right to withdraw consent: Withdrawal of consent for data processing at any time.
• Right to review automated decisions: Review of decisions made solely by automated processing.

If you have unresolved concerns regarding our handling of your data under the LGPD, you may contact the Autoridade Nacional de Proteção de Dados (ANPD) at https://www.gov.br/anpd.

10.6 Other Regions

For users in countries not specifically listed above, we are committed to protecting your Personal Information in accordance with internationally recognized privacy principles. Your rights may include the right to access, correct, delete, and restrict processing, subject to applicable local laws. Data portability requests may be submitted to info@syncta.app and will be fulfilled where technically feasible within a reasonable timeframe.

11. How to Exercise Your Rights

To exercise any of the rights described in this Policy, please contact us at info@syncta.app. We may ask you to verify your identity before processing your request. We will respond within the timeframes required by applicable data protection laws.

12. Cookies and Tracking Technologies

The Website and Services use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activity, device characteristics, and usage patterns.

What Are Cookies

Cookies are small text files placed on your device by a website or application. They allow the website to recognize your device and store information about your preferences or past actions. Web beacons (also known as tracking pixels) are small transparent image files embedded in web pages or emails that record whether a page or email has been viewed.

Types of Cookies We Use

• Strictly Necessary Cookies. These cookies are essential for the operation of the Website and Services. They enable core functionality such as user authentication, session management, and security features. These cookies cannot be disabled without impairing the functionality of the Services.
• Performance and Analytics Cookies. These cookies collect aggregated, anonymized information about how visitors interact with the Website and Services, including pages visited, session duration, referral sources, and error occurrences. We use this data to monitor platform performance, identify technical issues, and improve the user experience. We may use third-party analytics providers such as Google Analytics for this purpose.
• Functional Cookies. These cookies remember your preferences and settings (such as language, timezone, and display preferences) to provide a more personalized experience.
• Where the Cookies are required, users will be presented with a cookie consent banner.

Third-Party Cookies

Certain third-party services integrated with the Website may set their own cookies on your device. These include our Merchant of Record (payment processing), Meta (WhatsApp Business API and related tracking), and analytics providers. These cookies are governed by the respective third party’s privacy policy. Syncta does not control the placement or content of third-party cookies.

Your Choices

You can manage or disable cookies through your browser settings. Most browsers allow you to block or delete cookies, set preferences for specific websites, or enable “Do Not Track” signals. Please note that disabling strictly necessary cookies may impair the functionality of the Services. Where required by applicable law, we will obtain your consent before placing non-essential cookies on your device. You may also opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout.

13. Privacy of Children

We do not knowingly collect Personal Information from children under the age of 18 or under the age required by applicable law. If you are under 18, please do not submit any Personal Information through the Services. If we become aware that a child under 18 has provided us with Personal Information, we will delete that information promptly. If you believe a child has submitted information to us, please contact us at info@syncta.app.

14. Information Security

We maintain administrative, technical, and physical safeguards designed to protect your Personal Information against unauthorized access, use, modification, destruction, or disclosure. The specific technical and organizational measures we implement include the following:

• Encryption. All data transmitted between your device and Syncta’s servers is encrypted using TLS 1.2 or higher (HTTPS). Data at rest is stored on cloud infrastructure providers (Google Cloud, Cloudflare) that provide encryption at rest by default as part of their platform security.
• Access Controls. Access to the platform is managed through Google Sign-In. We encourage users to enable multi-factor authentication on their Google accounts. Internal access to production infrastructure is restricted to authorized personnel on a need-to-know basis.
• Infrastructure Security. The Services are hosted on cloud infrastructure provided by reputable third-party providers that maintain industry-recognized security certifications. We employ firewalls, intrusion detection systems, and network segmentation to protect the platform infrastructure.
• Monitoring and Logging. We use error monitoring and crash reporting tools to maintain platform stability. Cloud infrastructure providers maintain their own access logs as part of their security practices.
• Backup and Recovery. Data stored in Google Firestore benefits from automatic replication and recovery capabilities provided by Google Cloud. We rely on our cloud providers’ built-in redundancy and backup mechanisms to protect against data loss.
• Vendor Security. Third-party service providers that process Personal Information on our behalf are contractually required to maintain security standards consistent with this Policy and applicable law. We evaluate vendor security practices before engagement and periodically thereafter.

However, no method of transmission over the internet is 100% secure. While we strive to protect your Personal Information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

15. Data Breach

In the event that we become aware of a security breach that compromises the confidentiality of your Personal Information, we will take appropriate measures including investigation, remediation, and notification. Affected users will be notified via email. Where required by applicable law, we will also report the breach to the relevant data protection authority within the prescribed timeframe.

16. Changes and Amendments

We reserve the right to modify this Policy at any time. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where appropriate, notify you by email. Your continued use of the Services after the effective date of the revised Policy constitutes your acceptance of those changes.

17. Acceptance of This Policy

By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with the terms of this Policy, you must not access or use the Services.

18. Contacting Us

If you have any questions, concerns, or complaints regarding this Policy or your Personal Information, please contact us:

Redwood Strategic Holdings, S.A. (operating as Syncta)
Jurisdiction: Republic of Panama
Email: info@syncta.app
Website: https://syncta.app

We will make every reasonable effort to resolve complaints and honor your rights requests within the timeframes prescribed by applicable data protection laws. If you believe your concerns have not been adequately addressed, you may escalate to the relevant data protection authority in your region.