← Back to home

Privacy Policy

Last updated: May 30, 2026

This Privacy Policy explains what personal data Sykr collects, why we collect it, how we use and share it, and what rights you have. We aim to collect as little data as necessary to run the service.

1. Data controller

Sykr operates the service available at sykr.app (and related domains). For any privacy question, contact privacy@sykr.app.

2. What we collect

  • Account data: email, password hash, display name, avatar, subscription tier, referral code.
  • Profile / tuning data: the niche focus, skills, weekly time budget, risk appetite and monetization preferences you provide so the agent can tailor opportunities.
  • Product usage: opportunities generated, scans run, items saved, approvals, feedback, credits consumed, in-app actions.
  • Payment data: handled by Stripe. We store only a customer identifier, plan, invoices and the last 4 digits of your card — never the full card number.
  • Technical data: IP address, browser, device type, language, basic logs needed for security, debugging and abuse prevention.
  • Communications: emails or messages you send us, and our replies.

3. Why we use it (legal bases under GDPR)

  • To provide the service — running scans, generating opportunities, billing — based on the contract between you and us.
  • To improve the product — analytics, debugging, model quality — based on our legitimate interest in operating a reliable service.
  • To prevent abuse and fraud — rate limiting, blocklists, security logging — based on legitimate interest and legal obligations.
  • To send transactional emails — receipts, security alerts, account changes — based on the contract.
  • To send product updates and marketing — only with your consent, which you can withdraw at any time.

4. AI processing

We send the niche, profile context and relevant signals to large language model providers (e.g. Google Gemini, OpenAI) through a managed AI gateway, strictly to generate opportunities, plans, drafts and similar outputs for you. We do not authorize these providers to train their foundation models on your inputs or outputs. Cached prompts and outputs may be retained for short windows for abuse-prevention and latency, per provider policy.

5. How we share data

We do not sell your personal data. We share it only with:

  • Infrastructure providers — Lovable Cloud (database, auth, file storage), Cloudflare Workers (hosting), email providers.
  • AI providers — Google, OpenAI and similar, via our gateway, for the prompts you trigger.
  • Payments — Stripe, for processing subscriptions and credit purchases.
  • Authorities — when required by law, court order or to protect rights and safety.

6. International transfers

Some of our providers are based outside the EU/EEA. Where required, we rely on adequacy decisions or Standard Contractual Clauses to safeguard transfers.

7. Data retention

  • Account and profile data: while your account is active, plus up to 90 days after deletion.
  • Opportunities, scans, outreach and other product data: while your account is active; deletable on request.
  • Billing and invoices: up to 10 years where tax law requires it.
  • Security logs: typically 30–90 days.

8. Your rights

Depending on where you live, you have the right to access, rectify, delete, export and restrict processing of your personal data, to object to processing based on legitimate interest, and to withdraw consent at any time. You can exercise most rights directly from the Settings page or by emailing privacy@sykr.app. You may also lodge a complaint with your local data-protection authority.

9. Security

We use industry-standard measures: encryption in transit (TLS), encryption at rest, role-based access, row-level security on our database, secret management, and audit logging. No system is perfectly secure — please use a strong, unique password and notify us immediately of any suspected compromise.

10. Children

Sykr is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Changes

We may update this Policy from time to time. Material changes will be notified by email or in-app at least 14 days before they take effect.

TermsPrivacyCookies