This Privacy Policy explains what personal and accounting data BookSyncer processes, why, and how we protect it. We are committed to the principles of the EU General Data Protection Regulation (GDPR).
1. Who we are
BookSyncer ("we", "us") is the data controller for account and website data, and a data processor for the accounting data you sync through the Service. For questions, contact hello@booksyncer.com.
2. What we process
- Account data: your name, email, company details and billing information.
- Connection data: your Stripe account identifier and an encrypted e-conomic agreement grant token.
- Accounting data: the Stripe events we sync (invoices, payments, fees, refunds, payouts) and the entries we create in e-conomic, including customer names, amounts, and VAT numbers.
- Usage data: logs and metrics needed to operate and secure the Service.
3. Why we process it
We process this data to provide the Service (performing the contract with you), to secure and improve it (our legitimate interest), and to meet legal obligations. We do not sell your data, and we do not use your accounting data to train AI models.
4. Where it is hosted
Your data is hosted in the European Union. We use Cloudflare for application hosting and edge infrastructure, and a Supabase Postgres database located in the EU (eu-west-1) for stored data. Data is encrypted in transit and at rest; sensitive credentials such as e-conomic grant tokens are additionally encrypted at the application level.
5. Sub-processors
We rely on a small set of sub-processors to run the Service, including Cloudflare (hosting, email) and Supabase (database), and we integrate with Stripe and e-conomic on your instruction. A current list is available on request and is covered by our Data Processing Agreement.
6. Retention
We keep your data for as long as your account is active and as needed to provide the Service. You can request deletion of your account and associated data, subject to any legal retention requirements.
7. Your rights
Under the GDPR you have the right to access, correct, delete, restrict and port your personal data, and to object to certain processing. To exercise these rights, contact hello@booksyncer.com.
8. Security
We use read-only access to Stripe, encrypt credentials, host in the EU, and follow least-privilege access internally. No system is perfectly secure, but we design the Service to minimize the data we hold and the access we require.
9. Changes
We may update this policy; material changes will be communicated where required.
10. Contact
Privacy questions: hello@booksyncer.com. See also our Data Processing Agreement.