Privacy Policy

SYNCOLINK (Bowrand Inc.) Privacy Policy

Bowrand Inc., Calgary, Alberta, Canada

Effective Date: August 25, 2025

1. INTRODUCTION AND SCOPE OF THIS POLICY

Bowrand Inc., a corporation incorporated under the laws of Alberta, Canada, together with its affiliates, subsidiaries, and related entities ("Bowrand," "we," "us," or "our"), is committed to protecting the privacy and security of the data entrusted to us. This Privacy Policy ("Policy") describes our practices regarding the collection, use, processing, disclosure, and protection of information in connection with your use of our proprietary AI-assistant and CRM SaaS platform, Syncolink, and all associated software, websites, services, and applications (collectively, the "Service"), operated on the authorized domains syncolink.net and bowrand.com.

This Policy is designed to comply with global privacy regulations, including Canada's PIPEDA and Alberta's PIPA, the GDPR (EEA/UK), and U.S. federal and state laws including the CCPA/CPRA.

Definitions

"Personal Data" (or "Personal Information") means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

"You" and "your" refer to the individual or entity that is a user of our Service.

"Process" or "Processing" means any operation performed on Personal Data (e.g., collection, storage, use, disclosure, erasure).

Controller/Processor Roles

For self-serve accounts, Bowrand generally acts as a data controller of Personal Data you provide directly to us. For organizational customers, Bowrand acts as a data processor/service provider with respect to end-customer data we host on your instructions. Where we act as processor, we Process such data only as instructed in our agreement with you.

2. INFORMATION WE COLLECT AND HOW WE COLLECT IT

We collect information to operate the Service and provide you the best possible experience.

2.1. Information You Provide Directly to Us

Account and Registration Information: When you create an account, subscribe, or communicate with us, you provide Personal Data such as name, organization, email, address, phone number, username, password, and job title.
Payment and Billing Information: For paid plans, payment data is collected and processed by our PCI-compliant payment partners; we do not store full payment card numbers.
User Data and Content: We store data you upload or generate while using the Service (which may include Personal Data of your customers). You are responsible for having a lawful basis and necessary consents to provide such data.
Communications: We collect information in your communications with us (including metadata).

2.2. Information We Collect Automatically

Usage and Log Data: IP address, device identifiers, browser/OS details, timestamps, and clickstream.
Cookies and Tracking Technologies: See Section 7.
Location Information: General location inferred from IP for analytics and customization.

2.3. Information From Third-Party Sources

Third-Party Services: If you link or integrate a third-party service, we may receive information you authorize from that service.
Public and Marketing Sources: We may supplement data from public sources or partners.

2.4. Google OAuth and Sign-In With Google

Important for Google Review

When you choose Sign in with Google or connect Google services to your account, we receive information from Google strictly as authorized by you and limited to the scopes you grant (e.g., basic profile and email for authentication). We do not collect or store your Google password.

Tokens: OAuth tokens (including any refresh tokens, if applicable) are encrypted at rest, stored separately from user profile records, and used only to provide the features you enabled (e.g., authentication and account linking).
Minimal Scopes: We request the minimum scopes necessary to deliver the requested functionality and do not request restricted or sensitive scopes unless they are required for a clearly described feature.
Revocation: You can revoke our access at any time via your Google Account settings at myaccount.google.com/permissions.
No Ads/Profiling: Google-derived data is not used for advertising, profiling, or unrelated purposes. See Sections 3, 4, and 13.

We comply with the Google API Services User Data Policy, including the Limited Use requirements (see Section 13).

3. HOW WE USE YOUR INFORMATION

Provide, Maintain, and Improve the Service: Operate the Service, fulfill contracts, process transactions, manage accounts, support customers, and improve features (including training and evaluation of AI features using de-identified/aggregated data where feasible).
Security and Fraud Prevention: Verify accounts; detect, prevent, and respond to security incidents and misuse.
Communications: Transactional notices, updates, support, surveys, and marketing (you can opt out of marketing).
Legal Compliance and Protection of Rights: Comply with laws/requests; enforce terms; protect our users, the public, and our rights.
Analytics and Business Development: Create anonymized/aggregated statistics to understand and improve the Service.

Google OAuth Data – Additional Use Limits

Google-derived data obtained via OAuth is used only for the specific functionality you enabled (e.g., authentication) and is not used for ads, profiling, or building audiences. We do not combine Google-derived OAuth data with other Personal Data for advertising or marketing.

Legal Bases (GDPR)

Depending on the context, we rely on contract, legitimate interests (e.g., to secure and improve the Service), consent (where required), and legal obligation.

4. HOW WE SHARE AND DISCLOSE YOUR INFORMATION

We do not sell your Personal Data.

Service Providers and Subprocessors: Vendors under contract who process data on our instructions and consistent with this Policy and applicable law. Access is limited and governed by confidentiality and data protection obligations.
Legal and Safety: As required by law or to protect rights and safety.
Business Transfers: In connection with corporate transactions, subject to this Policy and applicable law.
With Your Consent: Where you direct us to share.

Google OAuth Data – Additional Sharing Limits

Data obtained via Google APIs is not transferred to third parties except (a) to provide or improve user-facing features you enabled, (b) with your consent, (c) to comply with law, or (d) as part of a merger/acquisition where the recipient agrees to abide by the Google API Services User Data Policy. We do not allow third-party ad platforms to access Google-derived data.

5. DATA RETENTION

We retain Personal Data for as long as necessary for the purposes described, including during your relationship with us and for a reasonable period afterward to meet legal, tax, and business obligations. Afterward, we delete or anonymize it; if deletion is not immediately possible, we securely store and isolate it until deletion is possible.

Where we act as a processor for organizational customers, we retain end-customer data according to the customer's instructions and our agreement.

6. DATA SECURITY

We implement appropriate technical, administrative, and physical safeguards, including encryption in transit and at rest where applicable, role-based access controls, least-privilege principles, audit logging, and regular security reviews. Access to Personal Data is limited to authorized personnel with a legitimate need and subject to confidentiality obligations.

Important: No system is 100% secure, and transmission is at your own risk.

If we become aware of a data incident affecting your Personal Data, we will notify you consistent with applicable law and our contractual commitments.

7. COOKIES AND OTHER TRACKING TECHNOLOGIES

We use:

Essential Cookies (required for the Service)
Performance/Analytics, Functionality, and Targeting/Advertising cookies

Most browsers let you control cookies; disabling some may impact functionality.

Google OAuth Separation: Data obtained via Google OAuth is not used for advertising or combined with cookies or trackers for ad personalization.

8. INTERNATIONAL DATA TRANSFERS

The Service is hosted and operated in Canada, and data may be processed in other countries where our providers operate. By using the Service, you consent to these transfers. Where required, we use Standard Contractual Clauses or other lawful transfer mechanisms and take reasonable steps to ensure protection consistent with this Policy.

9. YOUR PRIVACY RIGHTS AND CHOICES

Rights vary by jurisdiction and may include access, correction, deletion, restriction/objection, portability, and complaint rights.

General

Update account info in settings; opt out of marketing via the unsubscribe link or by contacting us.

Canada (PIPEDA/PIPA)

Access and correction; you may challenge our compliance by contacting our Privacy Officer.

EEA/UK (GDPR)

Access, rectification, erasure, restriction, objection, portability, and complaint to a supervisory authority.

California (CCPA/CPRA)

Know/access, delete (with exceptions), correct, opt-out of sale/share (we do not sell/share as defined), and non-discrimination.

How to Exercise Rights

Contact us per Section 12. We will verify your identity before fulfilling requests. If we process data on behalf of a customer, we will refer your request to that customer where appropriate.

10. CHILDREN'S PRIVACY

The Service is not directed to children under 18, and we do not knowingly collect their data. If discovered, we will delete it.

11. CHANGES TO THIS PRIVACY POLICY

We may modify this Policy at any time. Material changes will be posted with an updated date and, where required, notified through additional channels. Continued use indicates acceptance.

12. CONTACT US

Privacy Officer – Bowrand Inc.

Calgary, Alberta, Canada

Email: support@bowrand.com

If you signed in with Google and wish to revoke access, visit myaccount.google.com/permissions and remove Syncolink.

13. GOOGLE API SERVICES USER DATA POLICY (INCLUDING LIMITED USE)

To the extent our Service accesses Google user data via Google APIs:

We comply with the Google API Services User Data Policy, including Limited Use.
Google-derived data is used only to provide or improve user-facing features you request (e.g., sign-in and account linking), not for serving ads, profiling, or unrelated purposes.
We do not allow humans to read Google-derived data except (i) with your explicit consent, (ii) for security or compliance (e.g., investigating abuse), (iii) to comply with applicable law, or (iv) for internal operations when the data has been aggregated and de-identified.
We do not transfer Google-derived data except as permitted under Section 4 and the Google API Services User Data Policy.
You may revoke our access at any time via your Google Account settings (see Section 12).

14. DATA DELETION & ACCOUNT CLOSURE (Required Instructions)

You may request deletion of your Syncolink account and associated Personal Data by contacting support@bowrand.com from your registered email or via in-product settings where available. After verification, we will delete or de-identify Personal Data unless retention is required by law or to protect our rights. Where we act as processor for an organizational customer, we delete or return data as instructed by that customer.

Google Sign-In Users: If you used Google Sign-In, revoking access at myaccount.google.com/permissions will stop new data flows from Google; to remove data already stored in Syncolink, please also submit a deletion request as described above.

By using SyncoLink, You acknowledge that You have read, understood, and agreed to this Privacy Policy. Bowrand Inc. is committed to protecting your privacy and maintaining the security of your data.

Back to Signup Page