Privacy Policy

Synclarion ("we", "us") is built for licensed real estate agents. This Privacy Policy explains what information we collect when you use the platform, how we use it, who we share it with, and the choices you have.

1. Information we collect

We collect the following categories of information:

• Account information — your name, email address, brokerage, license number, time zone, and any contact details you choose to add to your profile.
• Transaction data — property addresses, sale prices, parties (buyer / seller / lender / escrow / listing agent), key dates and deadlines, checklist items, deal notes, and any documents you upload.
• Contact & CRM data — names, emails, phone numbers, tags, notes, and the relationships you record between contacts and transactions.
• Google Calendar & Gmail data — when you connect your Google account, we receive an OAuth refresh token scoped to Calendar and Gmail. We read calendar events for the day to display them on your Today dashboard, and we read recent messages and send messages on your behalf when you ask Claire to draft or send an email. We do not store the full content of your inbox; we cache the metadata required to surface contact suggestions and to render the unified inbox view.
• Claire interactions — the messages you send to Claire and the responses she generates, plus the actions she takes on your behalf (notes created, contacts added, emails drafted). We retain these so you can review past conversations.
• Usage telemetry — page views, feature usage, error logs. We use this to improve the product and to debug issues.

2. How we use your information

• To run the core product — show your transactions, contacts, calendar, compliance checklist, deadlines, and morning briefing.
• To process your messages with Claire (our AI assistant). Your transaction and contact context is sent to Anthropic's Claude API as part of the prompt so Claire can answer questions about your deals. See "Third-party services" below.
• To send transactional email — confirmations, password reset, calendar reminders, and emails you explicitly draft and send through Synclarion.
• To compute compliance signals (e.g. missing forms, expiring agreements) and surface them in your dashboard.
• To improve the product — debug issues, measure feature adoption, prioritise roadmap. We do not sell your data and we do not use the contents of your transactions or Claire conversations to train AI models.

3. Third-party services

Synclarion is built on top of trusted infrastructure providers. The data each provider sees is limited to what is necessary for the listed function:

• Supabase — our database, authentication, storage, and row-level-security backbone. All transactional data lives in a Supabase Postgres database hosted in the US, scoped per agent by RLS. Supabase Auth also sends authentication-related email on our behalf (password reset, email verification).
• Anthropic (Claude API) — powers Claire. When you chat with Claire, your message and a context snippet (transaction details, recent emails, etc.) are sent to Anthropic's API. Anthropic's enterprise terms apply: they do not train on this data.
• Google (Calendar, Gmail, Drive APIs) — only invoked for agents who have explicitly connected their Google account through OAuth. Tokens are stored encrypted at rest in Supabase.
• Resend — used to send operational and transactional email originating from the platform (morning briefings when opted in, agent-drafted client emails sent through Synclarion). Authentication email is handled by Supabase Auth, not Resend. Resend sees the recipient email and message body for the messages it sends only.
• Vercel — hosting, edge network, and runtime logs.

4. Data retention

Account, transaction, contact, and Claire-conversation data is retained while your account is active. Closed transactions stay in your archive unless you delete them. If you cancel, we retain your data for 30 days in case you reactivate, then delete it. You can request earlier deletion at any time by emailing us.

Calendar event metadata cached for the Today panel is short-lived — we re-fetch it on each page load and do not persist it in our database. Email content read for contact-suggestion scanning is processed in memory and not stored beyond the suggestion record itself (sender, signature snippet, deal-match address).

5. Your rights

You can:

• Access and edit any data on your account directly inside Synclarion.
• Disconnect Google, DocuSign, or any other integration at any time from Settings → Integrations. Disconnecting revokes the stored tokens immediately.
• Export your transactions, contacts, and notes (email us for a structured export).
• Request deletion of your account and all associated data. Email legal@synclarion.ai and we'll process the request within 30 days.

California residents have additional rights under the CCPA — including the right to know what data we have, the right to delete, and the right to opt out of sale (Synclarion does not sell personal data).

6. Security

All connections to Synclarion are TLS-encrypted. Data at rest is encrypted by Supabase. OAuth tokens for connected services (Google, DocuSign) are stored as JSONB in a row-level-security-protected table keyed to your user account. We do not have a SOC 2 audit yet (we are in private beta); this is on the roadmap.

7. Children

Synclarion is intended for licensed real estate professionals. We do not knowingly collect data from anyone under 18.

8. Changes

We may update this policy as the product evolves. Material changes will be announced in-app and / or by email at least 30 days before they take effect.

9. Contact

Privacy questions or data requests: legal@synclarion.ai