DataSync
Sign In Get Started Free
Legal

Privacy Policy

Last updated: March 2025. This policy explains what data we collect, how we use it, and your rights.

We never sell your data
AES-256 encryption at rest & in transit
You own your data, always

1. Who We Are

DataSync ("we", "us", "our") provides an automated database backup service. This Privacy Policy describes how we collect, use, disclose, and protect information about you when you use our website, application, and services (collectively the "Service").

If you have questions about this policy, contact us at privacy@data-sync.co.uk.

2. Information We Collect

2.1 Account Information

When you register, we collect:

  • Email address (used as your login identifier)
  • Password (stored as a bcrypt hash — we never store your plaintext password)
  • Organisation name (optional, for team accounts)

2.2 Service Configuration Data

To provide the Service, we store configuration you create:

  • Agent registration tokens and agent metadata (hostname, OS, version)
  • Database connection strings (encrypted at rest using AES-256)
  • Backup job schedules, settings, and history records
  • Backup destination configurations (cloud storage credentials are encrypted at rest)

We do not receive or store the contents of your database backups. Backup files are routed directly from your agent to your configured destination — they never pass through DataSync servers.

2.3 Usage and Telemetry Data

We automatically collect limited operational data:

  • Dashboard page views and feature usage (aggregated, not per-user)
  • Backup job success/failure rates and durations
  • Agent connectivity status and version information
  • Error logs from agents (stack traces, without database content)

2.4 Billing Information

Payment processing is handled entirely by Stripe. We store only non-sensitive billing references (Stripe customer ID, subscription status, plan name). We never receive or store your full payment card number, CVV, or bank account details.

2.5 Communications

If you contact our support team, we retain those communications to help resolve issues and improve the Service.

3. How We Use Your Information

We use collected information to:

  • Provide the Service — authenticate your account, run backup jobs, send alerts
  • Billing — process payments, manage subscriptions, issue invoices
  • Support — respond to queries, investigate issues, improve reliability
  • Security — detect and prevent fraud, abuse, or unauthorised access
  • Communications — send transactional emails (backup failures, account notices)
  • Product improvement — analyse aggregated usage patterns to prioritise features
  • Legal compliance — meet applicable legal and regulatory obligations

We do not use your data for advertising, profiling, or sale to third parties.

4. Data Sharing

We share information only in the following circumstances:

4.1 Service Providers

We use trusted third-party providers under data processing agreements:

Provider Purpose Data Shared
StripePayment processingEmail, billing address
Amazon Web ServicesCloud infrastructure hostingAll service data (encrypted)
SendGrid / SMTP providerTransactional email deliveryEmail address, message content

4.2 Legal Requirements

We may disclose information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of DataSync, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify you via email and/or a prominent notice on the Service prior to such a transfer.

5. Data Security

We implement industry-standard security measures:

  • AES-256 encryption for all sensitive data at rest (connection strings, credentials)
  • TLS 1.2+ for all data in transit between agents, dashboard, and our servers
  • Passwords hashed using bcrypt with appropriate cost factor
  • JWT tokens with short expiry for API authentication
  • Regular security assessments and dependency audits
  • Principle of least privilege applied to internal system access

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to security@data-sync.co.uk.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account data — retained until you delete your account, then purged within 30 days
  • Backup job history logs — retained for 90 days (configurable on Business plan)
  • Billing records — retained for 7 years as required by financial regulations
  • Support communications — retained for 3 years to assist with recurring issues

When you cancel a paid subscription and downgrade to Free, your data is retained but subject to Free plan limits. When you delete your account, all personal data is permanently erased within 30 days.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact us at privacy@data-sync.co.uk. We will respond within 30 days. Some data may be retained for legal compliance even after an erasure request.

8. Cookies and Tracking

We use minimal cookies and local storage:

  • Authentication cookie — a secure, HttpOnly session cookie to keep you signed in
  • Theme preference — a localStorage entry for your dark/light mode choice (no server data)

We do not use third-party advertising cookies, tracking pixels, or behavioural analytics that send data to external parties. We do not use Google Analytics or similar services.

9. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

10. International Data Transfers

Our infrastructure is primarily hosted in the United States (AWS). If you access the Service from outside the US, your information may be transferred to and processed in the US or other countries. We apply appropriate safeguards for international transfers, including Standard Contractual Clauses where required by applicable law (e.g. GDPR).

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via a prominent notice in the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact Us

For privacy-related questions, requests, or complaints:

DataSync — Privacy Team
Email: privacy@data-sync.co.uk
Security disclosures: security@data-sync.co.uk
General support: support@data-sync.co.uk

If you are located in the European Economic Area and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.

Back to Home · Terms of Service · Pricing