Skip to main content

Privacy Policy

Effective Date: March 31, 2026 Last Updated: March 31, 2026

Myriatech, LLC ("Synctech," "we," "us," or "our") operates the Synctech construction intelligence platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Service.

By using the Service, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password (hashed), phone number, job title/role, and company name when you register or are invited to join a Company.
  • Company Information: Company name, industry type, company size, region, division and department structure, and organizational hierarchy.
  • Employee Data: Employee names, positions, roles, certifications, union affiliations, pay rates, and work assignments that you enter into the Service.
  • Project Data: Project names, descriptions, timelines, tasks, bid amounts, cost estimates, production rates, equipment assignments, and crew allocations.
  • Financial Data: Payroll configurations (tax rates, insurance rates, burden calculations), receipt records, expense tracking, bid sheet data, and cost management information. We do not store your raw credit card numbers.
  • Equipment Data: Equipment identifiers, types, assignments, operating costs, checkout/authorization records, and maintenance history.
  • Safety Data: Tailboard safety reports, daily field reports, safety checklists, and incident documentation.
  • Documents: Files you upload including as-built documentation, receipts, photos, and any other attachments.
  • Support Data: Messages, tickets, and feedback you submit through the support system.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, click patterns, session duration, and frequency of use.
  • Device Information: Browser type, operating system, device type, screen resolution, and language preference.
  • Log Data: IP address, access timestamps, error logs, and API request metadata.
  • Performance Data: Page load times, client-side errors, and application performance metrics.

1.3 Information from Third Parties

  • Stripe: Subscription status, payment method type (last 4 digits only), billing history, and invoice data. See Stripe's Privacy Policy.
  • Firebase Authentication: OAuth profile information (name, email, profile photo) when you sign in with Microsoft or Google.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Operate, maintain, and improve the platform including project management, crew management, payroll, equipment tracking, and analytics.
  • Process Payments: Manage subscriptions, trials, and billing through Stripe.
  • Authenticate Users: Verify identity through Firebase Authentication (email/password, Microsoft OAuth, Google OAuth).
  • Generate AI Predictions: Use your Company's historical data to power AI-driven predictions, production rate estimates, and cost analysis — scoped exclusively to your Company.
  • Send Communications: Deliver transactional emails (account verification, password reset, billing receipts, invitation codes), system notifications, and optional product updates.
  • Provide Support: Respond to support tickets, troubleshoot issues, and improve the Service based on feedback.
  • Ensure Security: Detect, investigate, and prevent fraud, abuse, and unauthorized access.
  • Comply with Law: Meet legal obligations, respond to lawful requests, and protect our legal rights.

3. How We Store Your Data

3.1 Infrastructure

Your data is stored on Google Cloud Platform through Firebase services:

  • Firestore: Structured data (projects, crews, employees, equipment, receipts, etc.)
  • Firebase Authentication: User credentials and session tokens
  • Firebase Storage: Uploaded documents and files
  • Firebase Hosting: Web application delivery

3.2 Data Scoping

All Company data is scoped under companies/{companyId}/ in Firestore. Your data is logically separated from other Companies and is never mixed or shared across Company boundaries.

3.3 Encryption

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+.
  • At Rest: Data stored in Firestore and Firebase Storage is encrypted at rest using Google Cloud's default encryption (AES-256).

3.4 Access Controls

Access to your data within the Service is controlled by a role-based permission system: admin > manager > foreman > member > viewer. Firestore Security Rules enforce these access controls at the database level.

4. Payment Data and Stripe

4.1 What Stripe Stores

When you enter payment information, it is sent directly to Stripe. We never see or store your full credit card number. Stripe provides us with:

  • Customer ID
  • Payment method type and last 4 digits
  • Subscription status and billing history
  • Invoice records

4.2 PCI Compliance

Credit card data is handled entirely by Stripe, which is PCI DSS Level 1 certified. Our servers never process or store raw card data.

5. Cookies and Tracking

5.1 Essential Cookies

We use essential cookies and localStorage for:

  • Authentication: Maintaining your login session (Firebase Auth tokens)
  • Preferences: Storing your theme preference (drill-wise-theme), active company selection, and UI settings
  • Security: CSRF protection and session management

5.2 Analytics

We may use analytics services to understand how Users interact with the Service. Analytics data is aggregated and does not include personally identifiable Company data.

5.3 No Third-Party Ad Tracking

We do not use third-party advertising cookies or sell your data to advertisers.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

  • Service Providers: With trusted third parties that help us operate the Service (Google Cloud, Stripe, email delivery services) under strict data processing agreements.
  • Within Your Company: Other members of your Company can access shared Company data according to their assigned role and permissions.
  • Legal Requirements: When required by law, court order, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected Users.
  • With Your Consent: When you explicitly authorize us to share specific information.

7. Data Retention

  • Active Accounts: Your data is retained for as long as your Account is active and your Subscription is current.
  • After Cancellation: Data is retained for 30 days after Account termination to allow for data export, after which it is permanently deleted.
  • Billing Records: Payment history and invoice records are retained for 7 years to comply with tax and financial regulations.
  • Log Data: Server logs and usage analytics are retained for 90 days, then aggregated or deleted.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

8.1 Access

You can access your personal information at any time through your Account settings and the Service's data export features.

8.2 Correction

You can update your personal information through the Service's settings pages.

8.3 Deletion

You can request deletion of your Account and associated data by contacting support. Deletion will be completed within 30 days, subject to legal retention requirements.

8.4 Data Portability

You can export your Company data through the Service's built-in export functionality (CSV export, API access on Business/Enterprise plans).

8.5 Objection

You can object to certain data processing activities by contacting us. Note that some processing is necessary to provide the Service and cannot be opted out of.

8.6 California Residents (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information we collect and the right to request deletion. We do not sell personal information. To exercise CCPA rights, contact us at the address below.

8.7 European Users (GDPR)

If you are located in the European Economic Area, you have rights under the GDPR including access, rectification, erasure, restriction of processing, data portability, and objection. Our legal basis for processing is: (a) performance of our contract with you; (b) legitimate business interests; (c) your consent where applicable. To exercise GDPR rights, contact us at the address below.

9. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from children. If we discover that a child under 18 has provided us with personal information, we will promptly delete it.

10. International Data Transfers

The Service is hosted in the United States on Google Cloud infrastructure. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

11. Security Measures

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Firebase Authentication with support for multi-factor authentication
  • Role-based access controls enforced at the database level
  • Regular security audits and vulnerability assessments
  • Automatic session timeout for inactive sessions
  • Login attempt rate limiting and account lockout

Despite these measures, no system is completely secure. We cannot guarantee absolute security of your data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The "Last Updated" date at the top will reflect the most recent revision.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Myriatech, LLC Email: privacy@synctech.app Website: https://synctech.app

For data protection inquiries specifically, contact our Data Protection Officer at dpo@synctech.app.