Sync Camera — Privacy Policy
This Privacy Policy explains how Silmaril Software Private Limited ("Silmaril", "we", "us") handles your personal information when you use Sync Camera — our mobile applications for iOS and Android, and the related guest experience at join.sync.camera (together, the "Service").
This policy is designed to satisfy the privacy disclosure requirements of the Apple App Store, the Google Play Store, the GDPR (European Union and United Kingdom), the Digital Personal Data Protection Act 2023 (India), and the CCPA/CPRA (California).
If you have any questions about this policy or about the data we hold, contact us at support@sync.camera.
1. Who we are
Silmaril Software Private Limited
Hyderabad, Telangana, India
Contact: support@sync.camera
We are the data controller for the personal information described in this policy.
2. What we collect
We collect only the data needed to make Sync Camera work. We do not sell data, do not run third-party advertising, and do not integrate analytics SDKs that track you across other apps or websites.
Information you give us
- Account identifier. When you sign in with Sign in with Apple or Google Sign-In, we receive your name and email address from the identity provider. If you choose to use the app without signing in, we create an anonymous account identified only by a randomly generated ID.
- Profile information. Display name and an optional avatar image you set in the app.
- Photos and videos you capture or upload to an event.
- Event content you create — event names, end times, invite codes, "moment" titles, participant lists.
- Purchase tokens. When you buy a SyncPass through the App Store or Google Play, we receive a verification token from Apple or Google. We never see your card or bank details.
Information collected automatically
- Device push token. Apple Push Notification service (APNs) token on iOS or Firebase Cloud Messaging (FCM) token on Android, used to deliver event notifications you opted into.
- Crash and error diagnostics. When the app crashes, we record a stack trace and basic device metadata (model, OS version, app version) via a third-party crash reporting service. These reports do not contain photos, event content, or contact information.
Information we do NOT collect
- We do not access your contacts, calendar, location, microphone, health data, or files outside the app's own storage.
- We do not collect advertising identifiers (IDFA, AAID).
- We do not embed third-party advertising or marketing SDKs.
- We do not perform cross-app or cross-site tracking.
3. How we use what we collect
| Purpose | Data used |
|---|---|
| Authenticate you and identify you across devices | Account identifier, name, email |
| Show you events you're part of | Profile, event content |
| Store and deliver photos to event participants | Photos, videos, event membership |
| Send you push notifications about your events | Device push token |
| Process SyncPass purchases | Purchase token |
| Diagnose crashes and bugs | Crash reports, device metadata |
| Enforce per-tier limits (storage, participant count) | Account identifier, purchase records |
We never use your data to build behavioral profiles, personalize advertising, or sell to data brokers.
4. Categories of third parties we use
We share your personal information only with the categories of service providers described below, only for the purposes shown, and only the data necessary for that purpose. We do not share data with advertisers, marketing partners, data brokers, or analytics companies.
| Category | Purpose | Data they receive |
|---|---|---|
| Cloud infrastructure provider | Hosts our database, authentication backend, edge functions, and stores the photos and videos uploaded to events | Account identifiers, profile, event content, photos, videos, push tokens |
| Identity providers — Apple, Google | Sign in with Apple (iOS) and Google Sign-In (Android), and the verification of those identities | Your Apple/Google account identifier and the email address and name returned by those services |
| Push notification services — Apple Push Notification service (APNs), Firebase Cloud Messaging (FCM) | Deliver in-event notifications you have opted into | Device push token, notification payload |
| In-app purchase processors — Apple App Store, Google Play | Process and verify SyncPass purchases | Purchase verification token (we never see card or bank details) |
| Crash and error diagnostics provider | Diagnose stability problems and bugs | Stack traces, device model, OS version, app version (no photos, no event content, no contact information) |
We name Apple and Google specifically because their identity, push, and purchase services are intrinsic to features the Service offers on each platform. We use other providers (for cloud hosting, storage, and crash reporting) within the categories above and may change them from time to time without updating this policy, as long as the new provider performs the same role with equivalent privacy and security commitments.
Other event participants
When you publish a photo into a shared event, that photo and your display name are made visible to other participants of that specific event. This is the core function of the Service. People in other events cannot see them.
Disclosures required by law
We may disclose information if required by valid legal process (subpoena, court order, lawful regulator request), and only the minimum necessary. We will notify you of such requests unless prohibited by law.
5. Where your data is stored
- Database, authentication, and backend functions — hosted on cloud infrastructure located in the United States.
- Photos and videos — stored on a global edge-delivery network with origin storage in the United States.
- Push notification routing — Apple and Google push notification infrastructure.
- Crash diagnostics — third-party crash reporting infrastructure.
If you are located outside the United States, your information will be transferred to and processed there. We rely on our service providers' published cross-border data transfer commitments and their adherence to recognised international privacy frameworks for these transfers. If you are in the European Economic Area or the United Kingdom and would like details on the safeguards we rely on, contact us at support@sync.camera.
6. How long we keep your data
- Account data and event content — kept while your account is active. When you delete your account from inside the app, your profile, the events you own, and the photos within them are removed within 30 days. Photos in events created by other people that you participated in remain until those events are deleted by their owner.
- Push tokens — kept until you sign out, disable notifications, or uninstall the app.
- Crash reports — retained by our crash reporting provider per their published retention policy (currently 90 days).
- Purchase records — kept as long as required by tax and consumer protection law in the jurisdictions where the purchase was made.
7. Your choices in the app
- Display name and avatar — edit anytime in Settings.
- Photos — delete individual photos you uploaded; delete entire events you own.
- Push notifications — toggle off in Settings or revoke permission at the OS level.
- Anonymous account upgrade — link Apple or Google identity to your anonymous account at any time. Your existing data (events, photos, participation history) is preserved across the upgrade.
- Sign out — clears the local session and revokes the session server-side.
- Delete account — Settings → Delete Account. Permanently erases your profile, your events, and the photos in them within 30 days.
Requesting deletion after uninstalling
If you have already uninstalled Sync Camera and can no longer use the in-app deletion option, you can still request deletion of your account and data by emailing support@sync.camera with the subject line "Data deletion request" and the email address you used to sign in. We will verify your identity and erase your data within 30 days, then confirm by email.
8. Your rights
Depending on where you live, you may have the following rights under data-protection law (GDPR in the EU/UK, the Digital Personal Data Protection Act 2023 in India, CCPA/CPRA in California):
- Access — request the personal data we hold about you
- Correction — fix inaccurate data
- Deletion — ask us to delete your data ("right to be forgotten")
- Portability — receive your data in a portable format
- Object to or restrict specific uses of your data
- Withdraw consent where we relied on consent
- Lodge a complaint with the data-protection regulator in your jurisdiction (e.g. the Data Protection Board of India under the DPDP Act, or your national GDPR supervisory authority)
To exercise any of these rights, email support@sync.camera. We will respond within 30 days.
If you appear in a photo uploaded by another user but have never used the Service yourself, you can also email us with the event invite code or a description of the photo, and we will remove the image after a reasonable verification period.
9. Children
The Service is not directed to children under 13 (or under 16 in jurisdictions that set a higher age). We do not knowingly collect personal information from children below those ages. If you believe a child has created an account, contact us and we will delete it.
10. Security
- All network traffic between the app and our backend uses TLS encryption.
- Photo uploads use short-lived, presigned URLs scoped to a single object — they expire quickly and cannot be reused.
- Database access is enforced by row-level security policies that limit each user to data from events they belong to.
- Account credentials are managed by Apple, Google, or our authentication provider — we never see or store passwords.
- We retain a small audit trail of administrative actions on our infrastructure.
No service is perfectly secure. If we discover a data breach affecting you, we will notify you and the relevant regulators in line with applicable law.
11. Changes to this policy
If we make material changes to how we collect, use, or share personal information, we will update this policy and notify you in the app before the change takes effect. The "Last updated" date at the top reflects the most recent revision.
12. Contact
Silmaril Software Private Limited
Hyderabad, Telangana, India
- Email: support@sync.camera
- Web: https://join.sync.camera/privacy
If we are required to designate an EU/UK representative under Article 27 GDPR, we will list them here once appointed.