CircleSync is committed to protecting your privacy. This policy explains exactly what information we collect, how we use it, who we share it with, and your rights regarding your personal data.
When you create an account we collect your email address and display name. If you provide one, we also store your profile photo. If you sign in with Google or Apple, we receive your name and email address from those services. Your phone number, if provided, is stored privately and is never shared with other users or visible in groups.
We store everything you create in CircleSync: group names, shared lists and checklist items, trip plans including titles, destinations, dates, and budgets, trip expenses and expense splits, trip comments, trip documents, and personal lists and personal trips. Content added to a shared group is visible to all members of that group.
When you use the email forwarding feature, we collect and process:
We collect your device's FCM (Firebase Cloud Messaging) token to deliver push notifications. This token is stored privately and is not visible to other users or group members. Multiple tokens may be stored if you use the app on more than one device.
When matching a forwarded booking to one of your trips, we use the booking's location to look up geographic coordinates via the Google Geocoding API. We cache the results but do not store your real-time device location.
Group activity (who added, edited, or completed items) is logged and visible to all members of that group. We maintain internal counters for rate limiting to protect the service from abuse.
The weather forecast feature retrieves forecasts for your trip destinations from the OpenWeatherMap API using the destination city name. We do not store your location or weather query history.
We use the information we collect to:
We do not use your content to train AI models. Email content sent for booking extraction is processed by OpenAI's API under a data processing agreement. OpenAI's API usage policies prohibit using API inputs to train their models.
We use the following third-party services to operate CircleSync. Each has its own privacy policy.
We never sell your data. CircleSync does not sell, rent, or trade your personal information to third parties for marketing purposes. Ever.
Content you add to a shared group — lists, checklist items, trips, expenses, comments, and documents — is visible to all current members of that group. Group activity logs (who did what and when) are visible to all group members.
Your display name and profile photo are visible to other authenticated users of the app (for example, in group member lists). Your email address, phone number, forwarding address, and booking data are never shared with other users.
Depending on your location, you may have the following rights regarding your personal data:
For GDPR or CCPA requests, contact us at support@getcirclesync.com. We will respond within 30 days.
We retain your data for as long as your account is active.
When you delete your account, personal data is removed from active systems immediately. Raw email logs stored for debugging purposes are not automatically purged on account deletion; these are accessible only via administrative tools and contain no attribution to your deleted account after your user record is removed. Google Firebase may retain encrypted infrastructure backups per their own retention policies; we do not control these backups.
Raw inbound email content is stored in a restricted administrative collection for debugging and support purposes. This data is not accessible to end users or group members.
If a group has other members, ownership is transferred to the next member and your membership is removed. If you are the sole member, the group and all its content is permanently deleted.
You are removed from the members list. Content you created remains but is anonymised (ownership attributed to "deleted user"). Your individual activity log entries may remain visible to remaining group members due to a technical limitation in group activity rules.
Google Firebase may retain encrypted backups per their own data retention policies. We do not control these backups. See Google's Privacy Policy for details.
Full details including step-by-step instructions and an alternative email method are available on our Account Deletion page.
CircleSync uses Google Firebase infrastructure, which may process and store your data in data centers outside your country of residence, including the United States. OpenAI processes forwarded email content in the United States. By using CircleSync you consent to these transfers. We rely on standard contractual clauses and data processing agreements with our service providers to protect transferred data.
CircleSync is not intended for children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe we have collected information from a child please contact us at support@getcirclesync.com and we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes via a notice in the app or by email before the changes take effect. Continued use of CircleSync after the effective date constitutes acceptance of the updated policy. The date at the top of this page reflects when it was last updated.
Privacy Questions? Contact us at support@getcirclesync.com. We will respond within 48 hours for general inquiries and within 30 days for formal data rights requests.