Privacy Policy

Effective Date: April 9, 2026

This Privacy Policy describes how SyllaSync ("we," "us," "our," or the "Service") collects, uses, stores, and protects your personal information. By using the Service, you consent to the data practices described in this policy.

Important: This Privacy Policy applies to residents of all U.S. states, with specific provisions for Minnesota residents under the Minnesota Consumer Data Privacy Act (MCDPA) and North Dakota residents under state consumer protection laws.

1. Information We Collect

We collect information in the following categories:

1.1 Account Information

When you create an account, we collect:

Email address: Used for account identification, authentication, password reset, and service notifications
Password: Stored as a secure cryptographic hash (bcrypt with salt); we cannot access your plaintext password
Account creation timestamp: Used to track subscription trial periods
Email verification status: Whether you have verified your email address

1.2 Calendar Sync Data

When you use our browser extension to sync calendar data, we collect:

Assignment titles and descriptions: Extracted from your LMS interface
Due dates and times: Course deadline information
Course identifiers: Course names or codes associated with assignments
Last sync timestamp: When you last synced data
Calendar feed token: Unique identifier for your private .ics subscription link

Note: We do NOT access your LMS account directly. Our browser extension allows YOU to extract calendar information while logged into your LMS. We do not collect grade information, course enrollment data, student ID numbers, or other educational records.

1.3 Payment Information

Payment processing is handled by Stripe, Inc. We collect:

Stripe customer ID: Tokenized identifier linking your account to Stripe
Subscription status: Active, trialing, canceled, past_due
Subscription start and end dates
Transaction history: Dates and amounts of charges

We do NOT store your full credit card number, CVV, or raw payment details. Stripe stores this information in compliance with PCI-DSS Level 1 standards. See Stripe's Privacy Policy for details.

1.4 Usage Logs and Technical Information

We automatically collect:

IP address: Used for security, fraud prevention, and service improvements
Browser type and version
Device type and operating system
Access times and dates
Pages viewed and features used
Error logs and diagnostic data
Referrer URL (if you arrived from another website)

1.5 Communications

If you contact us via email or support channels, we retain:

Your email address and name
Message content
Support ticket history

1.6 Information We Do NOT Collect

We do not collect:

Social Security Numbers
Driver's license numbers
Government-issued ID numbers
Biometric data
Precise geolocation data
Educational institution login credentials
Student ID numbers (unless you include them in calendar descriptions)
Grade or academic performance data

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Provision

Creating and managing your account
Authenticating your identity
Generating and maintaining your private calendar subscription (.ics) feed
Processing subscription payments through Stripe
Providing customer support

2.2 Service Improvement and Development

Analyzing usage patterns to improve features
Fixing bugs and resolving technical issues
Conducting internal research and development
Testing new features

2.3 Communication

Sending account verification emails
Providing password reset functionality
Notifying you of billing issues or subscription changes
Sending service announcements (e.g., scheduled maintenance)
Responding to your support requests

2.4 Security and Fraud Prevention

Detecting and preventing unauthorized access
Monitoring for abuse and violations of our Terms of Service
Investigating security incidents
Protecting against fraudulent transactions

2.5 Legal Compliance

Complying with applicable laws and regulations
Responding to lawful requests from authorities
Enforcing our Terms of Service
Protecting our rights and property

3. Legal Basis for Processing (MCDPA and Privacy Laws)

For Minnesota residents and other applicable jurisdictions, we process your personal data based on:

Contract performance: Processing necessary to provide the Service you subscribed to
Consent: Where you have provided explicit consent (e.g., for optional communications)
Legitimate interests: For service improvement, security, and fraud prevention, balanced against your privacy rights
Legal obligation: Where required by law (e.g., tax reporting, court orders)

4. Information Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We share information only in the following limited circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

Stripe, Inc.: Payment processing and subscription billing
Hosting providers: Secure data storage and server infrastructure
Email service providers: Sending transactional emails (account verification, password reset)

These providers are contractually bound to protect your data and may only use it for the specific services they provide to us.

4.2 Legal Requirements

We may disclose information if required by law, including:

In response to valid subpoenas, court orders, or legal process
To comply with government or regulatory investigations
To protect the rights, property, or safety of SyllaSync, our users, or the public
To enforce our Terms of Service or investigate violations

4.3 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

Data Type	Retention Period
Account information	Until account deletion + 90 days
Calendar sync data	Until account deletion or data refresh
Payment transaction logs	7 years (tax and legal compliance)
Usage logs (IP address, access logs)	90 days
Support communications	3 years after last contact
Security incident logs	5 years

After the retention period ends, we securely delete or anonymize your information. Some information may be retained longer if required by law or for legitimate business purposes (e.g., dispute resolution, fraud prevention).

6. Consumer Rights (MCDPA and Other Privacy Laws)

Minnesota residents have specific rights under the Minnesota Consumer Data Privacy Act (MCDPA), effective July 31, 2025. Residents of other states may have similar rights under applicable state laws.

6.1 Right to Know (Access)

You have the right to request:

What personal data we have collected about you
The categories and sources of data collected
The purposes for which we use your data
With whom we share your data

You may request this information up to twice per 12-month period, free of charge.

6.2 Right to Correction

You have the right to request correction of inaccurate personal data we maintain about you. You can update your email address and some account settings directly through your account dashboard.

6.3 Right to Deletion

You have the right to request deletion of your personal data, subject to certain exceptions (e.g., legal compliance, fraud prevention, security purposes). To delete your account and data:

Cancel your subscription and request account deletion via your account settings; OR
Email us at js.solutions.official@outlook.com with your deletion request.

We will complete verified deletion requests within 45 days. Some information may be retained as permitted by law.

6.4 Right to Data Portability

You have the right to request a copy of your personal data in a portable, machine-readable format (JSON). We will provide this within 45 days of a verified request.

6.5 Right to Opt-Out of Sale or Targeted Advertising

WE DO NOT SELL YOUR PERSONAL DATA. We do not engage in targeted advertising. Therefore, no opt-out is necessary.

6.6 Right to Opt-Out of Profiling

We do not use your personal data for automated decision-making that produces legal or similarly significant effects. We do not engage in profiling for these purposes.

6.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. You will not be denied service, charged different prices, or provided a different level of service for exercising your rights.

6.8 How to Exercise Your Rights

To exercise any of the above rights, contact us at:

Email: js.solutions.official@outlook.com
Mailing Address: 1132 16th St N, Apt 03, Fargo, ND 58102
Subject line: "Privacy Rights Request - [Your Right]"
Include your registered email address and specific request

We will verify your identity before processing rights requests. We may request additional information to confirm your identity (e.g., email verification).

Response timeframe: We will respond to verified requests within 45 days. If we need more time, we will notify you of the extension (up to 90 days total).

6.9 Right to Appeal

If we deny your privacy rights request, you have the right to appeal. To appeal, email js.solutions.official@outlook.com with "Appeal" in the subject line within 30 days of our decision. We will respond to appeals within 45 days.

Minnesota residents may also contact the Minnesota Attorney General's Office if you believe your rights have been violated:

Website: www.ag.state.mn.us
Phone: (651) 296-3353 or (800) 657-3787

7. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction:

7.1 Technical Safeguards

Encryption in transit: HTTPS/TLS 1.2+ for all data transmitted between your browser and our servers
Encryption at rest: Database encryption for stored data
Password hashing: Bcrypt with salt for password storage
Access controls: Role-based access to systems and data
Secure token generation: Cryptographically secure tokens for authentication and calendar feeds

7.2 Organizational Safeguards

Restricted access to personal data (need-to-know basis)
Regular security training for personnel
Incident response procedures
Vendor security assessments
Regular security audits and updates

7.3 Limitations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account password.

8. Data Breach Notification

In compliance with Minnesota law (Minn. Stat. § 325E.61) and North Dakota law (NDCC § 51-30), we will notify affected individuals without unreasonable delay if we discover a data breach involving personal information that may pose a significant risk of identity theft or fraud.

8.1 Notification Method

We will notify you via:

Email to your registered address;
Notice on our website;
In-app notification (if applicable).

8.2 Notification Content

Breach notifications will include:

A description of the incident
The types of information involved
Steps we are taking to investigate and mitigate harm
Recommended actions you can take to protect yourself
Contact information for further inquiries

8.3 Timeframe

We will notify affected individuals within the timeframes required by applicable state laws (typically within 30-45 days of discovering the breach).

9. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve the Service.

9.1 Types of Cookies We Use

Essential Cookies (Required)

Session cookies: Maintain your login session while you use the Service
Authentication tokens: Verify your identity
Security cookies: Detect and prevent fraud

These cookies are necessary for the Service to function and cannot be disabled.

Functional Cookies (Optional)

Preference cookies: Remember your settings (e.g., timezone)
Language cookies: Store your language preference

9.2 Third-Party Cookies

Stripe may set cookies during the payment process. See Stripe's Cookie Policy for details.

9.3 Analytics

We do NOT currently use third-party analytics services (e.g., Google Analytics). If we implement analytics in the future, we will update this policy and provide an opt-out mechanism.

9.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service. To learn more about managing cookies, visit:

10. Do Not Track Signals

We do not currently respond to "Do Not Track" (DNT) browser signals because there is no consistent industry standard for how to interpret such signals. If a standard is established, we will reassess our approach.

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are under 18, do not use the Service or provide any personal information.

If we discover that we have collected information from a child under 18, we will delete it immediately. If you believe we may have collected information from a child, please contact us at js.solutions.official@outlook.com.

12. International Data Transfers

The Service is operated in the United States and intended for users in the United States. Your information will be processed and stored on servers located in the United States.

If you access the Service from outside the United States, you consent to the transfer of your information to the United States, where data protection laws may differ from those in your country.

13. Your California Privacy Rights

California residents are entitled to certain rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Many of these rights are similar to those described in Section 6 for Minnesota residents.

California residents may contact us at js.solutions.official@outlook.com to exercise their rights or for more information.

14. Your Nevada Privacy Rights

Nevada residents have the right to opt-out of the sale of their personal information. We do not sell your personal information. If our practices change, we will update this policy and provide Nevada residents with an opt-out mechanism as required by Nevada law (NRS 603A).

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. We will notify you of material changes by:

Updating the "Effective Date" at the top of this policy
Sending an email notification to your registered address
Posting a notice on our website or in the Service

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

Material changes: If we make changes that significantly expand how we use your personal information, we will obtain your consent where required by law.

16. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services:

Stripe: Payment processing
Learning Management Systems: Source of calendar data you choose to sync
Calendar applications: Where you subscribe to your .ics feed

We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

17. Contact Us and Privacy Questions

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Officer
Email: js.solutions.official@outlook.com
Mailing Address: 1132 16th St N, Apt 03, Fargo, ND 58102

For privacy rights requests, please include:

Subject line: "Privacy Rights Request"
Your registered email address
Specific right you wish to exercise
Any additional information needed for verification

We aim to respond to privacy inquiries within 10 business days and to formal rights requests within 45 days.

18. Minnesota-Specific Notices

For Minnesota Residents:

Under the Minnesota Consumer Data Privacy Act (MCDPA), you have the right to:

Confirm whether we are processing your personal data
Access your personal data
Correct inaccuracies in your personal data
Delete your personal data
Obtain a portable copy of your personal data
Opt out of the sale of personal data (we do not sell data)
Opt out of targeted advertising (we do not engage in targeted advertising)

You may designate an authorized agent to make a request on your behalf by providing written authorization.

19. North Dakota-Specific Notices

For North Dakota Residents:

Under North Dakota law (NDCC § 51-30), you will be notified in the event of a data breach involving your personal information. The notification will be provided within a reasonable time after discovery of the breach.

20. Accessibility

We are committed to ensuring this Privacy Policy is accessible to all users. If you need this policy in an alternative format (e.g., large print, audio), please contact us at js.solutions.official@outlook.com.

21. Acknowledgment and Consent

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN.