Legal

Privacy Policy

Last updated: May 14, 2026

Overview

SyncAgent ("we", "our", "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our platform and services.

Our Core Privacy Principle

🔒 Your database credentials are never stored.

Unlike traditional platforms, SyncAgent does not store your database connection strings on our servers. They are passed through the SDK at runtime, used to process your request, and immediately discarded. We have zero access to your database credentials at rest.

Information We Collect

Account Information

When you register, we collect your name, email address, and a hashed version of your password. We never store passwords in plain text.

Project Configuration

We store your project name, database type (e.g. MongoDB, PostgreSQL), allowed operations, and permission settings. We do not store your database connection string or any of your database contents.

Schema Cache

To improve performance, we temporarily cache your database schema (table/collection names and field types). This cache contains structure only — never actual data from your database.

Usage Data

We track API request counts per project for billing and rate limiting. We do not log the content of your queries or the data returned from your database.

How We Use Your Information

  • To provide and maintain the SyncAgent service
  • To authenticate your identity and secure your account
  • To track usage for billing and enforce rate limits
  • To improve our service and fix bugs
  • To communicate important service updates

Data We Never Collect

  • Your database connection strings (used at runtime only)
  • The actual data stored in your database
  • Query results returned to your users
  • Chat message content or conversation history

Third-Party Services

We use OpenAI's API to power the AI agent. When a user sends a message, the query (along with your database schema) is sent to OpenAI for processing. OpenAI's data usage policies apply to this interaction. We recommend reviewing OpenAI's Privacy Policy for details.

Data Security

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), hashed API keys, and httpOnly authentication cookies. Your data is stored in encrypted databases with access controls.

Data Retention & Deletion

You can delete your projects at any time from the dashboard. When a project is deleted, all associated data including API keys, schema cache, and usage records are permanently removed. To delete your account entirely, contact us at support@syncagent.dev.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Contact

If you have questions about this privacy policy or our data practices, contact us at support@syncagent.dev.