OnSync Privacy Policy

Overview

This Privacy Policy describes how OnSync, Inc. (a Wyoming corporation located at 30 N Gould St, STE R, Sheridan, WY 82801, USA) collects, uses, discloses, and protects information when providing our messaging automation platform and related services (“Services”). OnSync acts as a data controller for information we collect about you directly (for example, when you visit our website, create an account, or receive marketing communications) and as a data processor for the workspace data and WhatsApp content you upload to the Services on behalf of your organization. We process data worldwide but store and safeguard it in the United States using industry-standard security and cross-border transfer mechanisms.

Please review this notice carefully. If you do not agree with the practices described below, do not use the Services. Capitalized terms not defined here have the meaning supplied in our Terms of Service.

Information We Collect

Account & Contact Data

Name, business profile, role, email addresses, phone numbers, authentication credentials, support requests, survey responses, and preferences collected when you register, log in, or interact with us.

Workspace & Messaging Data

Customer contact lists, WhatsApp Business conversations, message templates, attachments, automation rules, and other information you and your teammates choose to import to the Services. Your organization controls this data and instructs our processing through the platform settings and agreements.

Usage & Technical Data

Device identifiers, browser type, IP address, log files, performance diagnostics, cookies, SDK data, and analytics about how you navigate the Services or marketing properties. See our Cookie Notice for additional details.

Payment & Commercial Data

Subscription tier, order history, invoices, tax identifiers, and limited payment instrument data processed on our behalf by Stripe and other PCI-compliant providers.

How & Why We Use Information

We process data only when we have a lawful basis under applicable data-protection laws:

Provide, secure, and customize the Services – to perform our contract with you, including routing WhatsApp messages, administering workspaces, enabling integrations, and providing technical support.
Billing and account management – to process payments, send renewal notices, measure seat usage, and recover past due amounts as necessary to fulfill the subscription and comply with tax obligations.
Product improvement and analytics – to analyze usage trends, develop new features, and ensure quality under our legitimate interests and, where required, your consent.
Marketing and communications – to send onboarding tips, product updates, and promotional offers. You may opt out at any time. We rely on consent or legitimate interest depending on your jurisdiction.
Compliance and safety – to meet regulatory requirements, honor law-enforcement requests, prevent fraud or abuse, and enforce our agreements. These activities rely on legitimate interests or legal obligations.

How We Share Information

We do not sell personal information. We share it only with:

Service providers & subprocessors – including Meta/WhatsApp Business Platform, AWS, Google Cloud, Stripe, Clerk, Intercom/Zendesk, analytics, and security partners that act on our documented instructions through data-processing agreements.
Authorized workspace users and integrations – individuals in your organization who you invite to the workspace and systems you connect via API/webhooks.
Professional advisors & corporate transactions – lawyers, auditors, insurers, or a successor entity in the event of a merger, acquisition, or asset sale with appropriate safeguards.
Legal and compliance – when required by law, subpoena, or to protect the rights, property, or safety of OnSync, our customers, or others.

Security

We apply administrative, technical, and physical safeguards designed to keep data secure, including least-privilege access controls, encryption in transit and at rest, vulnerability management, employee background checks and training, third-party monitoring, and redundant hosting environments within audited data centers. We regularly review our controls and will notify you of any breach as required by law and our agreements.

Data Retention & Deletion

We retain personal information for as long as it is needed to deliver the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods include:

Active workspaces: data is retained while the subscription remains in good standing.
Messaging content and configuration data: deletable immediately by workspace admins and permanently purged from production systems within 30 days of account closure.
Audit logs, security telemetry, and fraud-prevention records: retained up to 12 months unless longer retention is required to investigate incidents.
Billing and tax records: stored up to 7 years or as required by applicable law.

When you request deletion we remove or anonymize data from active systems and cycle encrypted backups within approximately 35 days. Submit a request through our Data Deletion Request page or email privacy@onsync.com. We may retain limited information when necessary for legal compliance, billing, or to honor opt-out preferences.

International Transfers & Subprocessors

We primarily store data in the United States. When transferring personal information from the European Economic Area (EEA), United Kingdom, Switzerland, or other regions with data-transfer restrictions, we rely on Standard Contractual Clauses (and the UK Addendum where applicable), transfer impact assessments, and supplementary safeguards such as encryption and access controls. We maintain a list of subprocessors and provide a Data Processing Addendum (DPA) upon request by contacting privacy@onsync.com.

Your Rights & Choices

Depending on your location, you may have the right to access, correct, update, export, restrict, object to, or delete your personal information, and to withdraw consent or opt out of marketing. To exercise any right, submit a request via privacy@onsync.com. We verify identity before responding and will complete requests within the timelines set by law.

If you receive marketing emails, use the “unsubscribe” link or adjust preferences in your workspace profile. For cookies or tracking technologies, manage choices in your browser or through the banners and controls described in our cookie notice.

Region-Specific Information

EEA, UK, and Swiss Individuals

You may contact our Data Protection Officer at privacy@onsync.com and have the right to lodge a complaint with your local supervisory authority. When we act as a processor, please direct requests to your organization so we can support them under our DPA.

California & Other U.S. State Privacy Laws

We honor applicable rights under the CCPA/CPRA, CPA, CTDPA, VCDPA, and similar statutes, including the right to know, correct, delete, and opt out of “selling” or “sharing” personal information and targeted advertising.

We do not sell personal information for money, but we use analytics and advertising partners that may be considered “sharing.” You may opt out by enabling a recognized opt-out preference signal or emailing privacy@onsync.com.
Authorized agents may submit requests on your behalf. Appeal instructions will be provided if we deny a request.

Children's Data

The Services are designed for business users and are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child provided information to us, contact us so we can remove it.

Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will post the revised notice with an updated “last updated” date and notify you through email or in-product alerts when material changes occur.

Contact

Reach out with any privacy questions, complaints, or DPA requests:

Email: privacy@onsync.com
Phone: +1 (307) 278-0647 (voicemail monitored for privacy requests)
Mail: OnSync, Inc., 30 N Gould St, STE R, Sheridan, WY 82801, USA