Privacy Policy
Last Updated: December 22, 2025
Table of Contents
1. Important Information and Who We Are
Raian Pollock dba Sync-o ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website or use our Atlassian Marketplace application ("App") and tell you about your privacy rights and how the law protects you.
Controller
Raian Pollock dba Sync-o is the controller and responsible for your personal data.
Contact Details
If you have any questions about this privacy policy or our privacy practices, please contact our Data Protection Officer (DPO) in the following ways:
- Entity Name: Raian Pollock dba Sync-o
- Email address: privacy@sync-o.io
- Postal address: C Industria, 12, Bajos 08037 Barcelona Spain
Jurisdiction
This policy is governed by the laws of Spain and applicable EU regulations (GDPR).
2. The Data We Collect About You
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data: includes first name, last name, username or similar identifier.
- Contact Data: includes email address and telephone number.
- Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this App.
- Usage Data: includes information about how you use our App (e.g., number of documents processed, API usage metrics).
2.1 Detailed Data Breakdown
To be fully transparent, here is exactly what we process:
Information You Provide
- Configuration Settings: AI provider selection, confidence thresholds, and notification preferences.
- Credentials: API keys for "Bring Your Own Model" (BYOM) providers (stored encrypted).
- Account Information: Atlassian site URL (tenant identifier) and User account IDs.
Information We Process Automatically
- Jira Ticket Data: Key, title, description, status, comments, and reporter/assignee metadata.
- Confluence Page Data: Page IDs, titles, differences (diffs), and content required for context retrieval.
- License Information: We access your Atlassian subscription status (edition type, user count) to determine feature availability. This data is not stored beyond the session.
- Processing Metadata: Confidence scores, timestamps, and error logs.
2.2 Information We Do NOT Collect
- No Model Training Data: We do not use your data to train our own AI models.
- No Tracking Cookies: We do not use advertising cookies or third-party tracking pixels in the App.
- Exclusions: We do not collect payment information (handled by Atlassian) or precise location data.
3. How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- To provide the Service (updating your Confluence pages based on Jira tickets).
- To manage our relationship with you (support, billing).
- To improve our App and services.
3.1 AI Processing & Sub-processors
Sync-o acts as an intermediary (Data Processor) between your Atlassian data and the AI models:
- Data Transmission: Ticket and page content is sent securely to the AI provider you have selected (Gemini, OpenAI, or Anthropic).
- BYOM (Bring Your Own Model): If you provide your own API key, you have a direct relationship with that AI provider; Sync-o merely facilitates the transmission.
- Retention: Sync-o is designed to be ephemeral regarding content. We do not persist the body of your tickets or pages in our long-term database; we only store the vectors (mathematical representations) or metadata needed to perform the sync.
3.2 Infrastructure & Sub-processors
| Provider | Purpose | Region |
|---|---|---|
| Amazon Web Services (AWS) | Hosting, database (DynamoDB), compute (Lambda) | eu-west-1 (Ireland) |
| Google Cloud Platform (GCP) | Vector embeddings, search | europe-west1 (Belgium) |
| AI Providers | Google Gemini, OpenAI, or Anthropic | Varies (per your configuration) |
4. International Transfers
We process data within the European Economic Area (EEA). However, when you use third-party AI providers (like OpenAI or Anthropic) via BYOM, data may be processed in the US under their respective Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs).
5. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. Access to your personal data is limited to those employees, agents, contractors and other third parties who have a business need to know.
Security Controls
- Encryption: AES-256 for data at rest (including API keys via AWS KMS) and TLS 1.3 for data in transit.
- Access Control: Strict least-privilege IAM policies; no Sync-o employee can access customer ticket content (body text) generally.
6. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
- Configuration: Retained while the App is installed.
- Logs: System logs are retained for 90 days.
- Deletion: We automatically delete end user data upon uninstallation. All configuration data and encrypted keys are deleted within 30 days.
7. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to receive a copy of the personal data we hold about you and the right to make a complaint at any time to the relevant supervisory authority.
To exercise these rights, please contact us at privacy@sync-o.io.