Privacy Policy

SyncPlay ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application and website (collectively, the "Service").

Please read this Privacy Policy carefully. If you disagree with its terms, please stop using the Service. This policy applies to all users of SyncPlay, including both free and paid users.

We take privacy seriously, especially given the intimate nature of our Service. Your relationship data is yours — we are just here to help you nurture it.

We collect the following categories of information:

**A. Information You Provide Directly** • Account information: name, email address, date of birth, gender, profile photo. • Partner information: partner's name and shared profile data. • User Content: messages, journal entries, photos, memories, custom questions, and other content you create within the app. • Communications: messages you send to our support team. • Payment information: processed securely by third-party payment providers (we do not store card details).

**B. Information Collected Automatically** • Device information: device type, operating system, app version, unique device identifiers. • Usage data: features used, screens visited, time spent in-app, crash reports. • Location data: only if you explicitly enable location sharing; precise location is shared only with your connected partner. • Push notification tokens: to deliver notifications to your device.

**C. Information from Third Parties** • If you sign in with Google or Apple, we receive your name, email, and profile photo from those services, subject to their respective privacy policies.

We use your information to:

• Provide, maintain, and improve the Service. • Create and manage your account. • Enable partner connections and communication features. • Send your daily questions and app notifications. • Process in-app purchases and subscriptions. • Provide customer support and respond to your enquiries. • Analyse usage patterns to improve features and user experience. • Detect and prevent fraud, abuse, and security incidents. • Comply with legal obligations. • Send important service updates and communications.

We do not use your personal data for advertising or sell it to third parties. Your relationship messages and journal entries are treated as strictly confidential.

We do not sell your personal information. We share information only in the following limited circumstances:

**With Your Partner** Content you choose to share within the app (messages, photos, memories, answers to questions) is visible to your connected partner. This is the core function of the Service.

**Service Providers** We work with trusted third-party vendors who assist us in operating the Service: • Cloud hosting and storage (e.g., AWS, Firebase) • Analytics (to understand app usage — data is anonymised) • Push notification providers • Payment processors (e.g., Apple Pay, Google Pay)

All service providers are bound by data processing agreements and may only use your data to provide services on our behalf.

**Legal Requirements** We may disclose your information if required by law, court order, or governmental authority. We will notify you of such requests where legally permitted.

**Business Transfers** In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

**With Your Consent** We will share your information for any other purpose with your explicit consent.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS 1.3. • Stored data is encrypted at rest using AES-256 encryption. • Messages are processed with end-to-end privacy protections. • Access to production data is restricted to authorised personnel only. • We conduct regular security audits and vulnerability assessments. • The app supports biometric authentication and PIN lock for device-level security.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach, we will notify affected users as required by law.

We retain your personal information for as long as your account is active or as needed to provide the Service.

**Account Data:** Retained until you delete your account, plus a 30-day grace period for account recovery.

**Messages & Content:** Chat messages and shared content are retained while both partners are connected. Upon disconnection, you may choose to delete shared content.

**Journal Entries:** Private journal entries are retained until you delete them or your account.

**Analytics Data:** Anonymous usage data may be retained for up to 2 years for trend analysis.

**Legal Obligations:** Some data may be retained longer if required by applicable law.

When you delete your account, we will delete or anonymise your personal information within 30 days, except where retention is required by law.

Depending on your location, you may have the following rights regarding your personal data:

**Right to Access:** Request a copy of the personal data we hold about you.

**Right to Correction:** Request correction of inaccurate or incomplete data.

**Right to Deletion:** Request deletion of your personal data, subject to legal obligations.

**Right to Portability:** Request your data in a machine-readable format.

**Right to Restriction:** Request that we limit how we process your data.

**Right to Object:** Object to certain types of processing, including direct marketing.

**Withdraw Consent:** Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at privacy@syncplays.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

SyncPlay is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13 without parental consent, we will promptly delete that information.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us at privacy@syncplays.com.

Users between 13 and 17 years of age should use the Service only with parental consent and supervision.

SyncPlay operates globally. Your information may be transferred to and processed in countries other than your country of residence, where data protection laws may differ.

When we transfer personal data internationally, we ensure appropriate safeguards are in place, including: • Standard Contractual Clauses approved by relevant authorities. • Adequacy decisions for countries with equivalent data protection standards.

By using the Service, you acknowledge that your information may be transferred to and processed in other countries.

Our website uses cookies and similar tracking technologies to improve your experience.

**Essential Cookies:** Required for the website to function. Cannot be disabled.

**Analytics Cookies:** Help us understand how visitors interact with our website (anonymised). You may opt out.

**Preference Cookies:** Remember your settings and preferences. Optional.

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

The SyncPlay mobile app does not use browser cookies but may use device-level identifiers for analytics, which can be reset from your device settings.

The Service may contain links to third-party websites or integrate with third-party services (such as Google Sign-In, Apple Sign-In). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

Third-party integrations we use: • Google Firebase (backend, notifications, analytics) • Apple Sign-In (optional authentication) • Google Sign-In (optional authentication) • Sentry (crash reporting — anonymised)

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Sending a push notification or in-app message. • Sending an email to your registered address. • Displaying a prominent notice on our website. • Updating the "Last Updated" date below.

We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

Email: privacy@syncplays.com Data Protection: dpo@syncplays.com General Support: support@syncplays.com

Postal Address: SyncPlay Privacy Team [Company Address] [City, Country]

We are committed to resolving privacy concerns promptly. We aim to respond to all enquiries within 10 business days. For urgent data deletion requests, we aim to respond within 72 hours.