Privacy Policy

Effective Date: April 1, 2026  |  Last Updated: April 1, 2026

1. Who We Are

SINCOR is an AI business automation platform operated by Sincor, Inc. ("Company"). Our principal place of business is in the United States. For privacy inquiries, contact us at privacy@getsincor.com.

2. Information We Collect

2.1 Information You Provide

• Account & Purchase Data: Name, email address, billing address, and payment method details when you purchase a subscription or report.
• Communications: Messages you send us via email, contact forms, or support channels.
• Waitlist Signups: Email address and business information if you join our waitlist.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, session duration, and clickstream data.
• Device & Technical Data: IP address, browser type, operating system, and referral URLs.
• Cookies & Similar Technologies: We use essential cookies for authentication and session management. We do not use third-party advertising cookies without your explicit consent.

2.3 Payment Information

Payment card and PayPal transaction data is processed by PayPal (PayPal Holdings, Inc.) and/or Stripe, Inc. We do not store raw card numbers. We receive only transaction confirmations and limited payment metadata necessary to fulfill your order.

3. How We Use Your Information

We use collected information to:

• Deliver and improve our AI automation services
• Process payments and fulfill subscription orders
• Send transactional emails (receipts, delivery, account updates)
• Respond to support inquiries
• Comply with legal obligations
• Detect and prevent fraud or abuse
• Analyze usage patterns to improve product performance

We do not sell your personal data to third parties. We do not use your data to train AI models sold to third parties without your consent.

4. Legal Basis for Processing (GDPR)

If you are located in the EEA or UK, we rely on the following legal bases:

• Contract Performance: Processing necessary to fulfill your subscription or purchase.
• Legitimate Interests: Fraud prevention, platform security, and product improvement.
• Legal Obligation: Compliance with applicable law.
• Consent: Where required (e.g., optional marketing communications).

5. Data Sharing

We share data only with trusted service providers who process it on our behalf:

• PayPal: Payment processing (PayPal Privacy Policy)
• Stripe: Payment processing (Stripe Privacy Policy)
• Anthropic: AI model inference for agent functionality (Anthropic Privacy Policy)
• Railway / Hosting Provider: Cloud infrastructure and deployment
• Resend / Email Service: Transactional email delivery

All service providers are contractually required to process data only as directed and to maintain appropriate security standards. We do not share data with advertisers or data brokers.

6. Data Retention

We retain personal data only as long as necessary:

• Active accounts: For the duration of your subscription plus 90 days after cancellation.
• Payment records: 7 years for tax and accounting compliance.
• Support correspondence: 2 years from last interaction.
• Waitlist data: Until you unsubscribe or 24 months of inactivity.

You may request earlier deletion. See Section 8 (Your Rights).

7. Security

We implement industry-standard safeguards including:

• TLS/HTTPS encryption for all data in transit
• Encrypted storage for sensitive credentials
• JWT-based authentication with rate limiting
• Access controls and least-privilege principles
• Regular security reviews

No system is 100% secure. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

8. Your Rights

For All Users

• Access: Request a copy of your personal data.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your personal data (subject to legal retention requirements).
• Opt-Out: Unsubscribe from marketing communications at any time.

GDPR Rights (EEA/UK)

In addition to the above, you have the right to: data portability, restriction of processing, and to object to processing based on legitimate interests. You may also lodge a complaint with your local supervisory authority.

California Rights (CCPA/CPRA)

California residents have the right to: know what personal information we collect, delete personal information, correct inaccurate personal information, opt out of sale or sharing (we do not sell personal information), and non-discrimination for exercising these rights.

To exercise any right, email privacy@getsincor.com. We will respond within 30 days (GDPR) or 45 days (CCPA).

9. Cookies & Tracking

We use:

• Essential Cookies: Required for login sessions and security. Cannot be disabled without breaking core functionality.
• Analytics Cookies: Optional. Used to understand how users interact with our platform. You may decline these via the cookie banner.

We do not use advertising cookies or sell cookie data to third parties.

10. Children's Privacy

Our services are not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us immediately at privacy@getsincor.com.

11. International Data Transfers

We are based in the United States. If you access our services from outside the US, your data may be transferred to and processed in the US. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required by GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website. Continued use of our services after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, requests, or complaints:

• Email: privacy@getsincor.com
• Website: getsincor.com