Last updated: July 30, 2025 | Region: EU (Stockholm)

Privacy Policy

Last updated: July 30, 2025

This Privacy Policy describes our policies and procedures on the collection, use and disclosure of your information when you use the Service and explains your privacy rights and how the law protects you. We use your Personal Data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

Words with initial capital letters have meanings defined under the following conditions. The following definitions shall have the same meaning whether they appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for you to access our Service or parts of our Service.
Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Company (referred to as either "the Company", "we", "us" or "our") refers to Nordic Partners AS (Org. nr. 927 055 775), Kartheia 5, 4626 Kristiansand S, Norway.
Cookies are small files that are placed on your device by a website, containing details of your browsing history among its uses.
Country refers to: Norway.
Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
Service refers to the Website and the associated web application.
Service Provider means any natural or legal person who processes the data on behalf of the Company.
Third-party Integration refers to any external service you connect to the Service (e.g., Google, Microsoft 365/Outlook, WhatsApp) to enable features such as contact, calendar, or email synchronization.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website refers to SoftSync, accessible from https://softsync.ai.
You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

Email address
First and last name
Phone number
Address, State/Province, ZIP/Postal code, City
Workspace and team information

Usage Data

Usage Data is collected automatically when using the Service (e.g., IP address, browser type, pages visited, time and date of visit, time spent on pages, device identifiers).

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to operate our Service and understand usage.

Necessary / Essential Cookies – for authentication, security, and core functionality.
Cookies Policy / Notice Acceptance Cookies – to record consent choices.
Functionality Cookies – to remember preferences (e.g., language, time zone).
Analytics Cookies – if you consent, to help us analyze usage (see "Google Analytics").

For more information, see our Cookies Policy or the Cookies section of this Privacy Policy.

Information from Third-party Integrations

You may connect Third-party Integrations such as Google, Microsoft 365/Outlook, or WhatsApp. If you connect Gmail, Outlook, or WhatsApp, we create a profile for each contact in your account(s). You can then choose whether to enrich specific contacts (opt-in; never automatic). The data elements imported depend on the provider and your permissions, and typically include identifiers such as name, email, phone, organization, and profile photo. Features that rely on message content (if any) are clearly disclosed and require additional consent.

Google User Data

When you connect your Google Account to the Service, we request only the minimum scopes necessary for the features you choose. Our use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

Scopes We Request and Why

https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile – authenticate you and display account details.
https://www.googleapis.com/auth/contacts.readonly – read Google Contacts to create/update profiles in your SoftSync workspace.
https://www.googleapis.com/auth/gmail.metadata (or gmail.readonly if required by a feature) – read Gmail headers/labels to show interactions on contact timelines. We do not store email bodies by default.
https://www.googleapis.com/auth/gmail.send – send emails you initiate from the Service via your Gmail account.
https://www.googleapis.com/auth/calendar.readonly – read Calendar events to display meetings alongside contacts.

Limited Use commitments

We use Google user data only to provide or improve user-facing features in SoftSync.
We do not use Google data for advertising or to build advertising profiles.
We do not sell Google user data.
We do not allow human access to Google user data except (a) with your explicit consent; (b) for security/abuse investigations; or (c) to comply with applicable law.
We do not use Google user data to train generalized AI/ML models.

Enrichment of Google-sourced contacts (opt-in)

Enrichment applies only when you choose it for specific contacts (individually or in bulk). When you run enrichment on Google-sourced contacts, we share only the minimum identifiers (e.g., name, email, company) with our enrichment processors, solely to return attributes into your workspace. Providers act on our instructions; they may not use your data for their own purposes. If you do not run enrichment, no Google-sourced data is sent to enrichment providers.

Storage, Security, and Retention of Google Data

OAuth tokens are stored encrypted and rotated; we revoke within 24 hours of disconnect.
Contacts (Google-sourced fields you choose to sync) are stored to power your workspace; cache refreshed; deletions propagate within 24 hours.
Gmail headers/IDs/labels (no bodies by default): retained up to 7 days for timeline rendering and troubleshooting.
Calendar event IDs/timestamps: retained up to 30 days for timeline rendering.
After you disconnect Google or delete your Account, Google-derived data we persist is deleted from active systems within 7 days (unless longer retention is required by law or to defend legal claims). Backups purge within 7 days; security logs within 14 days.

Revoking Access

You can revoke the Service's access to your Google Account at any time at myaccount.google.com/permissions. You may also disconnect Google from within the Service under Settings → Integrations. Revoking access may limit functionality that relies on Google data.

Microsoft User Data (Outlook/Office 365)

If you connect Microsoft 365/Outlook, we request substantially equivalent scopes (e.g., Contacts.Read, Mail.ReadBasic/Mail.Read, Mail.Send, Calendars.Read) to create contact profiles, show interactions on timelines, send emails you initiate, and display events. We apply the same use, sharing, security, and retention principles described for Google data.

Enrichment (opt-in): as with Google, enrichment runs only when you choose it for specific contacts; we share minimum identifiers with processors to return attributes.

If you connect a WhatsApp integration that you authorize, we import contact identifiers (such as name, phone number, and profile metadata that WhatsApp makes available via your integration) to create profiles. We do not process message content for contact creation. Enrichment is optional and per-contact as described above.

Use of Your Personal Data

To provide and maintain our Service, including to sync contacts and (if you choose) related interactions from connected integrations and to deliver features you request.
To manage your Account as a user of the Service.
To perform a contract for requested services.
To contact you regarding updates or security notices.
To provide you with product updates and newsletters (you can opt out at any time).
To manage your requests (support).
For business transfers as permitted by law.
For other purposes such as analytics and improving the Service.

Sharing of Your Personal Data

With Service Providers who process data on our behalf (hosting, auth, email, payments, analytics, support, bug tracking, enrichment—if you enable it).
With Affiliates, subject to this Privacy Policy.
With business partners (non-Google/Microsoft data only) to offer services, where permitted and with your consent where required. Data obtained via Google APIs or Microsoft Graph is not used for advertising and is not shared with business partners except as permitted (Service Providers acting on our behalf, legal compliance, or with your direction/consent).
With other users in your workspace, per your workspace settings.
With your consent or as otherwise required by law.

Security

We use administrative, technical, and physical safeguards appropriate to the data's sensitivity, including encryption in transit and at rest, least-privilege access controls, logging and monitoring, and vulnerability management. Production access is restricted and reviewed. Primary processing region: EU (Stockholm).

Retention of Your Personal Data

We retain Personal Data only as long as necessary to provide the Service and for legitimate business or legal purposes. Unless stated otherwise in this Policy:

Contact sync cache: 30 days (rolling).
Gmail/Outlook headers, message/thread IDs, and labels (no bodies by default): 7 days.
Calendar event IDs/timestamps: 30 days.
OAuth tokens: encrypted, rotated; revoked within 24 hours on disconnect.
Backups purge within 7 days; security logs within 14 days.

Transfer of Your Personal Data

Your information may be processed in countries other than where you reside. Our primary processing region is the EU (Stockholm). Where required, we rely on appropriate safeguards for international transfers (such as Standard Contractual Clauses) and implement technical and organizational measures to protect your Personal Data.

Delete Your Personal Data

You may delete certain information from within the Service, disconnect integrations, or request deletion of your Account by contacting us or using in-product controls. We may retain certain information where required by law or for legitimate business purposes (e.g., fraud prevention, security, or legal claims). After account deletion, Personal Data is removed from active systems within 7 days and from backups within 7 days thereafter.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement and legal requirements

The Company may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency) or to protect rights, safety, and security.

Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us and we will remove such information as required by law.

Sub-processors

We use carefully selected Service Providers ("sub-processors") to help deliver the Service. We enter into data processing agreements with them and require appropriate security and confidentiality commitments. You can contact us for the current list and to subscribe to updates.

Core sub-processors

Processor	Type of Data	Purpose	Region	Opt-out
AWS	PII, Contact data	Hosting (servers / databases / storage)	EU (Stockholm)	No
AWS Cognito	PII	Authentication and user management	EU (Stockholm)	No
SendGrid	Contact data	Transactional email	USA	Yes
Stripe	PII	Billing and payments	USA/EU	No
Linear	PII (support/bug context)	Bug tracking and issue management	USA/EU	No
Google Analytics	Usage data	Analytics (per Cookies/consent)	Global	Yes

Optional enrichment sub-processors (used only if you enable enrichment)

These providers are engaged to enrich contact records you choose to enrich. They do not receive data unless you initiate enrichment for a contact.

Processor	Type of Data	Purpose	Region	Opt-out
Apollo.io	Contact identifiers (e.g., name, email, company)	Enrichment	USA/EU (per vendor DPA)	Yes (do not run enrichment)
DropContact	Contact identifiers	Enrichment	EU (per vendor DPA)	Yes (do not run enrichment)
Prospeo	Contact identifiers	Enrichment	EU/USA (per vendor DPA)	Yes (do not run enrichment)
People Data Labs	Contact identifiers	Enrichment	USA (per vendor DPA)	Yes (do not run enrichment)
Datagma	Contact identifiers	Enrichment	EU/USA (per vendor DPA)	Yes (do not run enrichment)

User-connected integrations (optional; not our sub-processors)

You may connect third-party integrations such as Google Workspace, Microsoft 365/Outlook, and WhatsApp to sync contacts (and, if you choose, interactions). These providers act as independent services you choose to connect; you can disconnect at any time in Settings → Integrations. See "Google User Data," "Microsoft User Data," and "WhatsApp."

International Data Transfers

Personal Data collected within the European Economic Area (EEA) and the United Kingdom may be transferred to, and stored in, countries that may have different data protection laws. Where we transfer Personal Data outside the EEA/UK, we implement appropriate safeguards such as Standard Contractual Clauses.

Data Retention and Deletion

You may request that your Account be closed at any time. Following account deletion, Personal Data is removed from active systems within 7 days and from backups within 7 days. Log data is retained for 14 days for security and auditing, after which it is deleted or anonymized, unless we are legally required to retain data longer.

Communication

We may send you emails to inform you of Service changes or to communicate technical or administrative information. You may opt out of marketing emails by using the unsubscribe link in those emails. We may still send you transactional or administrative messages related to the Service even after you have opted out of marketing.

Links to Other Websites

Our Service may contain links to websites that are not operated by us. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you by posting the new Privacy Policy on this page and updating the "Last updated" date. Where required by law, we will notify you via email or through the Service prior to the change becoming effective.

Contact Us

If you have any questions about this Privacy Policy, you can contact us:

By email: privacy@softsync.ai

If you have any questions about this Privacy Policy, please contact us at privacy@softsync.ai.