Jetzt testen

Privacy Policy

Last updated: July 29, 2025

1. Introduction

Welcome to OnlySync (“we”, “us”). We respect your privacy and are committed to protecting any personal, business, and location data you provide when using our service. This Privacy Policy explains what data we process, for what purposes, and what rights you have.

2. Controller & Contact

The controller for data processing is: OnlySync. Contact: privacy@onlysync.io.


3. What information we collect

a) Personal Data (via Google Cloud Identity & OAuth)

  • Name, email address, and profile information.
  • Authentication and refresh tokens (used only to securely verify your identity and access you authorize).

b) Business Information (via Google My Business APIs / Business Profile Performance API, Meta Business API, Instagram Graph API)

  • Business name, address, and contact details.
  • Categories, attributes, opening hours, photos/media.
  • Performance metrics (e.g., views, searches, interactions).
  • Ratings and user-generated feedback (where authorized).

c) Location Data (via Google Places API)

  • Business locations, geodata, and business-related search queries (where applicable).

d) Log & Device Data

  • Server logs (e.g., truncated IP address, timestamps, error messages) for security and troubleshooting.
  • Device/browser information (user agent), cookies and similar identifiers where technically necessary.

We use data for authentication, to provide synchronized features (e.g., fetching, analyzing, and presenting your business profiles and performance data), to improve security and stability, and to meet legal obligations. We do not use your data for advertising or marketing purposes.

  • Contract performance (Art. 6(1)(b) GDPR): providing the features you requested.
  • Legitimate interests (Art. 6(1)(f) GDPR): security, abuse prevention, product improvement.
  • Consent (Art. 6(1)(a) GDPR): where legally required (e.g., optional cookies/integrations).
  • Legal obligation (Art. 6(1)(c) GDPR): retention duties, disclosures to authorities.


5. Sharing your data

We do not sell or rent your data. We share data only:

  • with processors (e.g., hosting/cloud providers) under data processing agreements;
  • to comply with legal obligations or lawful requests;
  • in accordance with the restricted-use requirements of Google and Meta APIs. Platform data is not used for advertising, profiling, or shared with data brokers.


6. Data storage & security

Data is stored securely and retained only as long as necessary for the purposes described or as required by law. Access tokens are securely managed and periodically rotated. We employ technical and organizational measures (e.g., encryption in transit/at rest, access controls, logging).

Users can request deletion of their data (see Section 11) or revoke OAuth access (see Section 12).


7. Your rights

  • Access, rectification, erasure, restriction of processing.
  • Data portability.
  • Objection to processing based on legitimate interests.
  • Withdrawal of consent with future effect.
  • Right to lodge a complaint with a supervisory authority.


8. Cookies & similar technologies

We use strictly necessary cookies/storage (e.g., for session management). Optional cookies (e.g., for analytics) are used only with your consent.

9. International data transfers

Where data is transferred outside the EEA, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses) or rely on GDPR exceptions where applicable.


10. Notes about Meta/Instagram platform data

  • We use Meta/Instagram platform data solely to deliver features you initiate (e.g., retrieving/analyzing your business profiles and performance metrics).
  • No use for advertising, personalized targeting, or profiling beyond the provided functionality.
  • No sharing of platform data with third parties except processors or as instructed by you.
  • When permissions are revoked or data is no longer needed, it is deleted or anonymized within a reasonable period.


11. Data deletion (User Data Deletion Instructions)

You can request deletion of your data stored by OnlySync at any time. Please follow these steps:

  • In-app/account: Delete your OnlySync account (if available) or use the deletion function in the profile area.
  • By email: Send a request to privacy@onlysync.io with subject “Data Deletion Request” and the email address you used to sign up.
  • If you used Facebook/Instagram login: Also follow Section 12 to remove the app’s access in Meta.

Upon receipt, we confirm deletion or anonymization within a reasonable time, subject to legal retention requirements.


12. Revoke OAuth permissions

  • Google: Go to My Account > Security > Third-party access and remove “OnlySync”.
  • Facebook/Instagram: Go to Settings & Privacy > Settings > Security > Apps and Websites (Facebook) or Settings > Security > Apps and Websites (Instagram) and remove “OnlySync”.


13. Retention periods

We retain personal data only as long as necessary to fulfill the purposes described. Security-related log data is typically kept for a short period. Statutory retention periods remain unaffected.


14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will communicate material changes on this page. The current version is always publicly available without login.


15. Contact

If you have questions or wish to exercise your rights, please contact us at privacy@onlysync.io.

Jetzt testen
Linkedin Instagram Facebook