InSync Analytics Incorporated, a Delaware corporation (“InSync Analytics”, “we”, “us”, or “our”), is committed to protecting the privacy and security of personal data and ensuring transparency in how information is collected, processed, and used in connection with our products and services. This Privacy Policy applies to your access to and use of our websites, platforms, APIs, and Microsoft Office add-ins (collectively, the “Services”), and describes our practices regarding the collection, use, storage, and disclosure of personal information.
InSync Analytics may act as either a data controller or a data processor depending on the context in which personal data is collected and processed. Where we collect personal data directly from users, such as during account registration or interactions with our Services, we act as the data controller. Where we process data on behalf of our enterprise customers, we act as a data processor and process such data in accordance with the instructions of the customer and applicable contractual agreements.
We collect personal information that is necessary to provide and operate our Services. This includes information provided directly by users, such as name, business contact details, and account credentials, as well as information provided in the course of communications or support requests. In addition, we collect limited technical and usage information automatically when users interact with our Services. This may include system-level performance data, request metadata, login activity, session information, and other diagnostic data. Such information is collected solely to ensure the proper functioning, security, and optimization of our Services.
InSync Analytics also collects limited interaction metadata to understand system usage patterns and improve service reliability. This metadata is primarily limited to high-level interaction signals; however, in certain cases, more detailed interaction records, including user inputs, system-generated outputs, and execution metadata, may be recorded where necessary for operational purposes such as debugging, system reliability, security, and auditability.
Our Microsoft Office add-ins are designed to operate within the permissions framework of the host application and access data only to the extent required to perform user-requested functionality. We do not access, monitor, or process user content within Office applications unless explicitly triggered by the user. Data accessed through the add-in is processed solely to deliver the requested functionality. In limited cases, certain technical and interaction metadata - including request traces, system responses, and tool execution flows - may be recorded to support debugging, system reliability, and audit requirements. Data accessed through the add-in is processed solely for the purpose of delivering the requested functionality and is not retained beyond what is necessary for real-time processing, except for limited logging and interaction records captured in accordance with the "API Logging and Monitoring" section for operational, security, and audit purposes.
We maintain logging and monitoring capabilities to ensure the reliability, security, and performance of our Services. Such logging may include technical metadata (such as request identifiers and timestamps), as well as structured interaction records, including user inputs, system-generated outputs, and execution metadata (such as tool calls, processing steps, and system workflows), where necessary for operational purposes. Logging systems are designed to minimize the inclusion of sensitive data wherever feasible; however, user-generated content may be captured where necessary to support debugging, troubleshooting, system reliability, and auditability. Log retention is managed in accordance with internal operational, security, and legal requirements. Where feasible, logs may be periodically deleted, anonymized, or aggregated to reduce identifiability.
Access to system logs is strictly restricted to authorized personnel and is permitted only for legitimate operational purposes, including troubleshooting, system monitoring, and security incident detection. Logs are not used for profiling, marketing or advertising purposes. InSync Analytics does not use customer data, including API inputs, outputs, or interaction records, to train, fine-tune, or otherwise improve machine learning or AI models.
In addition to system-level metadata, we maintain records of user-initiated data downloads, including information such as the user identifier, dataset or file accessed, and timestamp of the download. These records are maintained solely for operational, auditing, and security purposes, including monitoring usage, preventing unauthorized distribution, and ensuring compliance with contractual obligations. Such records do not include the content of the downloaded data itself. Download activity logs are subject to the same access control and usage limitations described above and are not used for profiling, marketing, or behavioral analysis.
We adhere to strict data minimization principles and limit the collection and processing of personal data to what is necessary to provide, secure, and improve our Services. Monitoring systems are designed to minimize the capture of sensitive or user-generated content wherever possible. However, limited data may be retained where necessary for debugging and issue resolution, system reliability, and audit and compliance requirements.
We use personal data to provide, operate, and maintain our Services, authenticate users, manage access, monitor performance, troubleshoot technical issues, comply with legal obligations, and communicate with users regarding the Services. We do not use personal data for cross-context behavioral advertising or unauthorized profiling.
We may share personal data with trusted third-party service providers that assist us in delivering our Services, including providers of cloud infrastructure, authentication, analytics, and AI processing capabilities. These providers are contractually bound to process data only for specified purposes, to maintain appropriate security safeguards, and to comply with applicable data protection laws. Where applicable, such providers are configured, where feasible, to operate under zero-retention or equivalent data handling settings to ensure that customer data is not retained beyond the scope of processing.
Where personal data is transferred internationally, including from the European Economic Area to other jurisdictions, we implement appropriate safeguards such as Standard Contractual Clauses or rely on transfers to jurisdictions deemed to provide an adequate level of data protection. These safeguards are designed to ensure that personal data remains protected in accordance with applicable legal requirements.
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including operational, contractual, legal, and compliance requirements. Account and registration data may be retained for the duration of the customer relationship and for a reasonable period thereafter to comply with legal, tax, and audit obligations. Support and communication data may be retained as necessary to provide ongoing support and resolve technical issues. Technical logs, usage metadata, and interaction records are retained in accordance with internal policies and operational requirements, including debugging, system reliability, security, and audit purposes. Retention periods are determined based on business needs, system requirements, and applicable legal obligations. Where feasible, data may be deleted, anonymized, or aggregated to reduce identifiability.
We implement commercially reasonable physical, technical, and administrative safeguards to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, authentication mechanisms, monitoring systems, and incident response procedures. Access to sensitive systems and data is restricted to authorized personnel on a need-to-know basis, and system logs are subject to strict access controls and audit mechanisms.
InSync Analytics maintains ownership or authorized control over all domains, APIs, and infrastructure used to deliver the Services. We implement internal controls to ensure that all production endpoints are registered and monitored, that third-party services are properly authorized, and that unauthorized infrastructure is not used. We maintain records of infrastructure ownership and can provide verification upon reasonable request for compliance or security review purposes.
Depending on applicable law, users may have rights to access, correct, delete, or restrict the processing of their personal data, as well as the right to object to certain processing activities or request data portability. Users may also withdraw consent where processing is based on consent. Requests to exercise these rights may be directed to compliance@insyncanalytics.com, and we will respond in accordance with applicable legal requirements.
InSync Analytics does not sell personal information or use it for cross-context behavioral advertising. Residents of certain jurisdictions, including California, may have additional rights regarding their personal data, including the right to request disclosure of data collected and the right to request deletion of personal information, subject to applicable exceptions.
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. For questions or requests regarding this Privacy Policy, please contact: compliance@insyncanalytics.com
See also our Terms of Use and product-specific support resources.
©Copyright 2025 InSync Analytics Corp. All Rights Reserved.