Last Updated: February 9, 2026

This Privacy Policy explains how Allstar Technologies Canada Limited, operating as GetInSync (“GetInSync”, “we”, “us”, or “our”) collects, uses, stores, and protects personal information when you access or use our website at https://getinsync.ca and our related applications and services (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services.

Information We Collect

Information You Provide

You may provide personal information when you:

• Create an account

• Sign in using email/password or third-party authentication

• Contact support

• Invite users to your organization

• Submit feedback or inquiries

This may include:

• Name

• Email address

• Organization name

• Authentication identifiers

• User role and workspace assignments

Information Collected Automatically

When you use the Services, we automatically collect:

• IP address

• Browser type and version

• Device and operating system information

• Access timestamps

• Pages viewed and actions taken

This information is used for security, performance, and abuse prevention.

Third-Party Authentication

GetInSync supports multiple authentication methods.

Email and Password Authentication

Passwords are hashed using industry-standard bcrypt encryption. Passwords are never stored in plain text.

Sign in with Google (OAuth 2.0)

When you sign in using Google, we receive:

• Email address

• Name

• Profile image (optional)

We do not receive your Google password or access to Gmail, Google Drive, or other Google services.

Google Privacy Policy:
https://policies.google.com/privacy

Sign in with Microsoft (OAuth 2.0)

When you sign in using Microsoft, we receive:

• Email address

• Name

• Profile image (optional)

We do not receive your Microsoft password or access to Outlook, OneDrive, or other Microsoft services.

Microsoft Privacy Policy:
https://privacy.microsoft.com/privacystatement

Microsoft Entra ID Single Sign-On (Enterprise Only)

Enterprise customers may configure SSO using Microsoft Entra ID.

We receive:

• Work email address

• Display name

• Optional attributes configured by your organization

Authentication occurs entirely within your organization’s identity provider. We never receive work account passwords.

How We Use Your Information

We use personal information to:

• Authenticate users

• Operate and secure the Services

• Provide customer support

• Enforce access controls

• Improve reliability and functionality

• Meet legal and regulatory requirements

We do not sell personal information.

Canadian Data Residency and Multi-Region Options

Default Data Location

Customer data is stored in Canada (AWS ca-central-1, Montreal) by default through our infrastructure providers.

This supports:

• PIPEDA compliance

• Provincial FOIP legislation

• Canadian data sovereignty requirements

Multi-Region Options

On request, data may be hosted in:

• United States (us-east-1)

• European Union (eu-west-1)

Region selection must occur before account provisioning.

Cross-Border Processing

Authentication services and email delivery may route through global infrastructure. Application data remains within the selected region.

Our Commitment to Security

GetInSync maintains a security-focused operating model that includes:

• SOC 2 Type II certified infrastructure

• AES-256 encryption at rest

• TLS 1.2+ encryption in transit

• Database row-level security

• Segregated customer namespaces

• Regular security reviews

• Incident response within 24 hours

Multi-Tenant Security Architecture

GetInSync is a multi-tenant SaaS platform with strict data isolation.

Namespace Isolation

Each organization operates within a unique namespace identified by a UUID.

Row-Level Security

Database-level row-level security enforces isolation between customer namespaces. Cross-tenant access is blocked at the database layer.

Role-Based Access Control

Roles include:

• Namespace Admin

• Workspace Admin

• Editor

• Viewer

Permissions are enforced consistently across the application.

Audit Logging

We log:

• User authentication events

• Data creation, updates, and deletion

• Permission and role changes

Audit logs are retained for 365 days.

Information Sharing and Disclosure

We share personal information only:

• With authorized service providers

• To meet legal obligations

• To protect the security and integrity of the Services

We do not share personal information for third-party marketing.

Infrastructure and Service Providers

Key service providers include:

• Supabase – database and authentication
  https://supabase.com/privacy

• Netlify or Azure Static Web Apps – application hosting
  https://www.netlify.com/privacy
  https://privacy.microsoft.com/

• Google OAuth
  https://policies.google.com/privacy

• Microsoft OAuth and Entra ID
  https://privacy.microsoft.com/privacystatement

All providers operate under data processing agreements.

Cookies and Similar Technologies

Essential Cookies

Required for authentication and security:

• Session cookies

• OAuth state cookies

• CSRF protection cookies

These cookies cannot be disabled.

Preference Cookies

Optional cookies store interface preferences such as theme or language.

Third-Party Cookies

Google and Microsoft may set cookies during authentication. These cookies are governed by their own privacy policies.

We do not use advertising or cross-site tracking cookies.

Data Retention

Active Accounts

Data is retained while your account remains active.

Trial Accounts

Inactive trial accounts are deleted after 180 days, with advance notice.

Cancelled Accounts

Data is retained for 90 days after cancellation, then permanently deleted.

Account Deletion

You may request account deletion by emailing support@getinsync.ca. Deletion occurs within 30 days, subject to legal retention requirements.

Backups

Encrypted backups are retained for 30 days.

Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

• Access personal information

• Request correction

• Request deletion

• Export your data

• Object to certain processing

Requests can be made by contacting us.

Children’s Privacy

The Services are not intended for individuals under 16 years of age. We do not knowingly collect information from children.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes take effect when posted. Continued use of the Services indicates acceptance.

Contact Us

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information you can sent an email to support@getinsync.ca or visit
https://getinsync.ca