Privacy Policy
We recommend that you read this Privacy Notice in full to ensure you are fully informed. However, if you want to access a section of this Privacy Notice, please refer to the table below:
- What Types of Personal Data do we collect about users of Capsyl?
- Sources
- We may disclose Personal Data to the following third parties:
- Hosting Location and Transfer of Personal Data
- Retention – How Long does Synchronoss Retain Personal Data
- Children
- What Privacy Rights do I have?
- Third-party Services and Links to Other Websites
- Security
- Changes to this Privacy Notice
- How can I contact Synchronoss about this Privacy notice?
What Types of Personal Data do We collect about users of Capsyl? (top)
The Synchronoss Cloud Service provides a cloud content storage and back-up solution.
The Synchronoss Capsyl Service provides a cloud content storage and back-up solution, and related features.
As a user of Capsyl, we will collect personal data directly from you when you sign-up and create an account such as your name and email address. We will also collect personal data directly when you choose to upload any photo, video, files, messages, call logs, or contact content to the Cloud. In addition we will collect personal data when you use the Service, such as your IP address. Please see further information below.
Account information: We collect, and associate with your account, the information you provide to us when you do things such as sign up for your account (like your name, email address, phone number, payment info, and physical address).
Your Content: Our Services are designed for you to back-up and store your data. If you are an Android user, the Capsyl Service will collect and store the following:
- Photos
- Videos
- Documents
- Call Logs
- Contacts
- SMS
- MMS
- Audio Files
For iOS the Capsyl Service will collect and store the following:
- Photos
- Videos
- Contacts
Collectively “Content”. The Capsyl Service allows you to collaborate with others, and work across multiple devices and services. To make that possible, we store, process, and transmit your Content as well as information related to it.
Contacts: You may choose to give us access to your contacts to make it easy for you to do things like share your Content. If you do, we’ll store those contacts for you to use.
Usage information: We collect information related to how you use the Services, including actions you take in your account (like sharing, editing, viewing, creating and moving files or folders). We use this information to provide, improve, and promote our Services, and protect Capsyl users.
Device information: We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services. Metadata of the files in your content may also consist of location data (for example, photographs) and in such cases, the location data is processed as any other file metadata. We may use device information to detect abuse and identify and troubleshoot bugs.
Cookies and other technologies: On our website use technologies like cookies and pixel tags to provide, improve, protect, and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services. Please see our Cookies Policy here.
Marketing: If you register for our Capsyl Service, we will, from time to time, send you information about upgrades when permissible. Users who receive these marketing materials can opt out at any time by disabling notifications in the app.
Biometric: Some features such as Tag & Search use information which could be classified as biometric information. If you opt-in to use these features we may collect and process such information. Please see the section below on Tag and Search for more detail.
Additional information re. California Consumer Privacy Act: We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
Category | Example if Collected |
Identifiers | First name, last name, email address, usage data, IP address. Note: Some personal information may overlap with other categories. |
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | First name, last name, email address, usage data, IP address. |
Protected classification characteristics under California or federal law. | None unless you choose to provide such information in the content you upload to the Service. |
Commercial information. | Purchased product/service. |
Biometric information | If you have opted in for the Tag and Search feature then the faces in pictures you choose to upload. |
Internet or other similar network activity. | IP Address, cloud storage amount, feature activity, referring/exit pages, operating system, date/time stamp and/or clickstream data. |
Geolocation data. | Extracted from IP address. Location used in the Smart Album feature. |
Sensory data | If you choose to upload such information, such as audio recordings, in the content you upload to the Service. Where you contact us and leave a voicemail. |
Professional or employment-related information. | If you choose to provide such information in the content you upload to the Service. |
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | If you choose to provide such information in the content you upload to the Service |
Inferences drawn from other personal information. | If you have opted in to allow Analytics |
In addition, if the EU General Data Protection Regulation (“GDPR”) applies for you, the following table details the legal basis (“Legal Basis”) for and the reasons why (“Purposes”) we process your Personal Data:
NECESSARY FOR ENTERING INTO OR PERFORMANCE OF A CONTRACT | |
Legal Basis | It is necessary to process your Personal Data to enter into and perform our contract with you and provide the Capsyl Cloud Service. |
Purposes | We obtain, collect and process your Personal Data: Entering Into and Performing our Contract with you as a recipient of the Capsyl Cloud Service:
|
IMPORTANT | We will process your Personal Data as it is necessary to enter into a contract with us a user of the Capsyl Service and enable us to provide our Capsyl Service to you. In the event that you do not wish to provide us with your Personal Data for the above purposes, you will not be able to avail of the Capsyl Service. |
LEGITIMATE INTERESTS | |
Legal Basis | We may obtain, collect and process your Personal Data where we have a legitimate interest to do so. |
Purposes | We obtain, collect and process your Personal Data: Authentication:
|
IMPORTANT | When we process your Personal Data based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests. You can object by using functionality provided by the Service or emailing us at object@capsyl.com |
CONSENT | |
Legal Basis | We may obtain, collect and process your Personal Data where you have given us explicit consent to do so. |
Purposes | We obtain, collect and process your Personal Data by consent to:
|
COMPLIANCE WITH A LEGAL OBLIGATION | |
Legal Basis | It is necessary to process your Personal Data in order to comply with legal obligations to which we are subject. |
Purposes | We obtain, collect and process your Personal Data in order to comply with the following legal obligations:
|
To help you evaluate the implications of such processing, some further information is provided below:
- Your Content
We consider the Content that you back up or manage through Capsyl to be your private data. We do not seek to usurp your rights to your Content nor do we grant any licenses to third parties to it. You can delete your Content saved on Capsyl.
To ensure the best protection for your privacy, we seek to process i) your account information, ii) your actual content and iii) metadata and security data separately from each other as much as feasibly possible.
We do not seek or want to see the contents of your files. However, we need to process metadata and security data related to your content so that we can provide you with our services. In so doing, we also link some aggregate metadata to your account. We access your specific file contents only where there is a clear need to do so. The most common such need is that you raise a support case relating to your content. In such cases, we enforce a process where only high-level support and hosting technicians can access your content when the case is escalated from the normal support level. We may also need to access your specific content when you use our services to distribute content which may violate our terms of use. In such case, our personnel’s access to the content in question is provided on a need-to-know basis.
Naturally, you yourself may make your content available to others through the service options. We process the necessary metadata from your Content to enable our service to manage it for you and may also scan your content for any malicious software. The privacy aspects of these activities are included in the section regarding technical data and security data.
- Technical data and security data
As the Capsyl Service helps you secure, back up and share the content on your devices, it is necessary for us to process the related technical data / metadata. For example, when you are storing, sharing or synchronizing your files as part of our services, we need to categorize the files to handle their storage, transfer, listing, playing, sharing and retrieval. We also need to collect metadata on files to enable copying and synchronizing them across various devices and to enhance their presentation.
- Analysis data
We collect information about how you use the Services, including actions you take in your Capsyl account, to efficiently and reliably provide the Services. We also use such information to improve our Services and develop new features, protect Capsyl users, and, in some instances, promote the Capsyl Services. For example, to improve our Services, we collect information about how you interact with our Services to understand what features are most useful to you and improve them. To protect users, we analyze things like IP addresses, login history, and email and password changes to detect and respond to abusive behavior. To promote Capsyl Services, we will, in some instances, analyze information about users’ activity and level of engagement with our Services.
Google Analytics for Firebase uses identifiers to collect information such as that pertain to notification open and receive events. We use this data to better understand user engagement with app notifications to monitor and measure the effectiveness of Capsyl’s campaigns promoting its features. You can find out more at www.google.com/policies/privacy/partners/). Users can opt-out of the Google Analytics for Firebase feature used by Capsyl through applicable device settings, or other opt-out means made available in the App.
- Tag and Search Objects and Facial Data
Capsyl’s Tag and Search feature makes it easier for you to search and organize your photos, and there are two distinct capabilities of the feature: (i) object tagging, and (ii) facial data tagging, which we discuss below:
Objects: By signing up for Capsyl you acknowledge that Tag and Search object tagging is provided as a matter of course. This provides functionality to enable you to tag objects in your photos, making it easier for you to search and organize your photos. So when you search for in your photos (e.g., dog, baseball, beach, etc.) You’ll see all the photos that are recognized by the feature as containing that object or thing.
Facial Data: Please note that the Capsyl Service will only collect and process facial data, namely facial vectors If you choose to opt-in using the functionality provided (by opting in to Tag and Search you are opting in to the facial data capability of the feature). As applicable, if you have opted-in to use the Tag and Search facial data feature, you can opt-out at any time using the functionality provided to opt-out and the above facial data is deleted from the Service.
When enabled, the Tag and Search facial data feature applies face recognition technology to your photos to detect faces and recognizable patterns in the photos you have stored in Capsyl, this means that photos of the same person can be grouped together. You can also tag the photos by adding names to them, these are private to your account, even if you share photos with others. The feature makes it easier to search and organize your photos and helps Capsyl auto-generate photo stories for you. You can learn more here .
This Tag and Search facial data feature stores the facial data in the Capsyl hosting location applicable to You, as described below. By opting-in to Tag and search you acknowledge that you agree and understand the above and that you have any necessary permissions.
Sources (top)
We obtain the categories of personal data/ information listed above from the following categories of sources:
- Directly from you. For example, from the forms you complete on our Service, preferences you express or provide through our Service, or the Content you upload to the Service, and other information you provide to Us.
- Indirectly from you. For example, analytics taken from your activity on our Service.
- Automatically from you. For example, through cookies We or our Service Providers set on your Device.
- From service providers and partners. For example, third-party vendors to monitor and analyze the use of our Service, third-parties for payment processing, or other third-parties that We use to provide the Service to you.
We may disclose Personal Data to the following third parties: (top)
Synchronoss may disclose some or all the Personal Data to the following third parties:
- Your Carrier: We may share your Personal Data with the Carrier you are a subscriber to, and its service providers. Please contact them and/or refer to their privacy notice for further information;
- Affiliates: We may share your Personal Data with other companies under common ownership with Synchronoss and Internal business units within Synchronoss such as IT, Product and Support staff, who use your personal data as outlined in this Privacy Notice;
- Service providers/ sub-processors: We share your personal data with service providers/ sub-processors that we use to support the Cloud Service. These companies provide services like hosting, analytics and customer support. Service Providers may use anonymize and aggregate personal data for statistical and service improvement purposes. We have contracts with our service providers that address the safeguarding and proper use of your personal information;
- Payment processors;
- Public or government Authorities: We may share your personal data to follow applicable law or to respond to government and law enforcement requests. We will analyze requests to determine whether they are legally and procedurally valid. We will resist blanket and overly broad requests. Once we’ve determined that a request is valid, we will notify the user (unless we’re legally prohibited from doing so).
- Merger or Acquisition: We may share your personal data during a corporate transaction like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification of any changes to control of your personal data, as well as choices you may have.
- Consent: We may share your personal data in other ways if you have asked us to do so or have given consent.
- Other: We may share your personal data where there are violations of this Privacy Notice or other agreements such as the Terms of Service or other terms that are applicable to the Service, or to protect the legal rights of third parties, including our employees, users, or the public
Hosting Location and Transfer of Personal Data (top)
The Capsyl Service is currently hosted in the United States (for the avoidance of doubt, please note that notwithstanding hosting location, data may be transferred to third countries including the United States for example for the purpose of providing support).
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using our Cloud Service you consent to the transfer of Personal Data to countries outside of the location(s) of your place of business, including the United States and countries within and outside the European Economic Area (“EEA”), which may have different data protection rules than those of your country.
Where such transfers of your Personal Data are made they will be made in accordance with applicable law. Where your Personal Data is transferred outside the EEA, this may include transfers on the basis of Standard Contractual Clauses, or as is otherwise permitted by applicable law. Standard Contractual Clauses are a form of data processing contract approved by the European Commission. You can find a copy of these clauses here.
Retention – How Long does Synchronoss Retain Personal Data? (top)
We will retain your Personal Data for at least as long as you use the Cloud Service, and in line with our Data Retention Policy.
We will retain your Personal Data for at least as long as you use the Cloud Service, and as long as your account exists or as long as we need to provide the Service to you. If you delete your account, we’ll initiate deletion in 30 days. There may be some latency in deletion from back-up storage.
Please note that in certain circumstances, we may hold your Personal Data for a longer period, for example, if applicable, to retain information on your purchase and payment of our Service, if we are processing an ongoing claim, to uphold agreements between you and us, to prevent fraudulent activity, or we believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve your Personal Data.
If you would like to know more about how long we will retain your Personal Data, please contact our Privacy Officer (see below).
Children (top)
Our Service does not address anyone under the age of 16 (“Children” or “Child”). Additionally, if you are under the age of majority in your jurisdiction (most commonly, 18 years of age), you represent that your parent or legal guardian has reviewed and agreed to this Privacy notice.
We do not knowingly collect personal data from anyone under the age of 16. If you are a parent or guardian and you are aware that your Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from Children without verification of parental consent, we take steps to remove that information from our servers.
What Privacy Rights do I have? (top)
If the EU General Data Protection Regulation (“GDPR”) applies for you, you have a number of rights in relation to your Personal Data which are set out in this section 6. In particular these rights include the right to object to processing of your Personal Data where that processing is carried out for our legitimate interests. Note that in certain circumstances these rights might not be absolute.
Right | Further Information |
Right of Access | You have the right to request a copy of the Personal Data held by us about you and to access the information which we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive. |
Right to Rectification | You have the right to have any inaccurate Personal Data which we hold about you updated or corrected. |
Right to Erasure | In certain circumstances, you may also have your personal information deleted, for example if you exercise your right to object (see below) and we do not have an overriding reason to process your Personal Data or if we no longer require your Personal Data for the purposes as set out in this notice. |
Right to Restriction of Processing | You have the right to ask us to restrict processing your Personal Data in certain cases, including if you believe that the Personal Data we hold about you is inaccurate or our use of your information is unlawful. If you validly exercise this right, we will store your Personal Data and will not carry out any other processing until the issue is resolved. |
Right to Data Portability | You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another data controller where this is technically feasible. This right only arises where: (1) we process your Personal Data with your consent or where it is necessary to perform our contract with you; and (2) the processing is carried out by automated means |
Right to Object | You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests. |
Rights under the CCPA: If the California Consumer Privacy Act (“CCPA“) applies to your use of the Service, then you have a number of rights in relation to your Personal Information which are set out below: Note that in certain circumstances these rights might not be absolute. You may only make a verifiable consumer request for access or data portability twice within a 12 month period. With effect from the 1 January 2023 the California Privacy Rights Act (“CPRA”) amends the CCPA, and references to the CCPA shall mean as amended by the CPRA as of their coming into effect.
Right | Further Information |
Right to Know What Personal Information is Collected, for what purposes and with whom is it shared | California residents have the right to request from a business disclosure of the categories and specific pieces of personal information it has collected from them, the categories of sources from which such personal information is collected, the business or commercial purpose for collecting or selling such personal information, and the categories of third parties with whom the business shares personal information. If you request that a business disclose categories and specific pieces of personal information collected about you, you have the right to receive that information, free of charge, twice a year. The information may be delivered by mail or electronically and, if provided electronically, shall be in a portable and, to the extent technically feasible, readily usable format that allows the California resident to relatively easily transmit this information to another entity. We will only charge you for such request if we feel it is unjustified or excessive. |
Right to know whether your personal information is sold | California residents have the right to request from a business that sells or discloses personal information for a business purpose separate lists of the categories of personal information collected, sold or disclosed for a business purpose in the preceding 12 months, including the categories of third parties to whom the personal information was sold or disclosed for a business purpose. Do Not Sell My Personal Information Under the CCPA, a business that sells California resident’s personal information to others: 1) must give notice to California residents before selling their personal information to others; and 2) must provide the right to opt-out of the sale of their personal information. Synchronoss does not directly sell your Personal Information in the conventional sense (i.e. in return for payment). However, the CCPA defines a “sale” broadly, including certain website cookies. To opt-out of such cookies on our Website, please use the functionality provided in our Onetrust cookie banner. Under the CPRA this right shall be known as “Do Not Sell or Share My Personal Information”. |
Right of Deletion | You have the right to request that we delete any of your personal information that we collect from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request we will delete your personal information, unless an exception applies. We may deny your deletion request if retaining the information is necessary for Us or Our Service Providers to: Complete the transaction for which We collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities. Debug products to identify and repair errors that impair existing intended functionality. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.). Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent. Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us. Comply with a legal obligation. Make other internal and lawful uses of that information that are compatible with the context in which you provided it. |
Right to Data Portability | Subject to the CCPA, you may request us to provide you with your Personal Information. The information may be delivered by mail or electronically, and if provided electronically, the information shall be in a portable and, to the extent technically feasible, in a readily useable format that allows the consumer to transmit this information to another entity without hindrance. |
Rights under other Applicable Law: Synchronoss will endeavor to comply with comparable data rights under other applicable laws. Note that in certain circumstances these rights might not be absolute.
Exercising Your Rights: You can exercise any of these rights by submitting a request to our Privacy Officer:
Email: privacyofficer@synchronoss.com or submit a Data Subject Access Request(DSAR) request here.
Verification: Where receiving a request, we will verify that the individual making the request is the individual to whom the personal data pertains, or otherwise has the authority to make the request. (Note: California residents may exercise their rights themselves or may use an authorized agent to make requests to disclose certain information about the processing of their personal information or to delete personal information on their behalf). If you use an authorized agent to submit a request, we may require that you provide us additional information demonstrating that the agent is acting on your behalf. We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request. We will only use personal data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. You must Describe Your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.
GDPR: We will provide you with information on any action taken upon your request in relation to any of these rights without undue delay and at the latest within 1 month of receiving your request. We may extend this up to 2 months if necessary however we will inform you if this arises.
Under the GDPR You also have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator. For further information please see here.
CCPA: Where the CCPA applies, we will endeavor to provide you with information on any action taken upon your request in relation to any of these rights within 45 days of receiving your request. If necessary, we may extend this as permitted under the CCPA, however we will inform you if this arises.
You also have the right to lodge a complaint about the way we handle or process your personal information with California Attorney General’s Office
Or contact the California Privacy Protection Agency
Other: We will endeavor to respond within the time period allowed under applicable law.
Non Discrimination: We will not discriminate against you for exercising any of your rights. However, you will note that some features of the Services will not function without your Personal Data.
Third-party Services and Links to Other Websites (top)
Our Service may embed or interoperate with third-party services. In such cases, and where the third-party service is a visible part of the Services, the respective data collection and privacy practices of that third party may apply.
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.
Security (top)
We use appropriate technical and organizational measures to protect the confidentiality and security of your personal data.
Changes to this Privacy Notice (top)
From time to time, we may change and/or update this Privacy Notice, to reflect changes in the law, our companies, or our Service and data collection and use and practices. Accordingly, please periodically review this Privacy Notice and review any changes.
Depending on the type of change, we may notify you of the change by posting on this page or other means including email, and you will have a choice as to whether or not we use your Personal Data in the new manner.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
How can I contact Synchronoss about this Privacy notice? (top)
If you have questions about this Privacy Notice and how we handle your Personal Data, please contact our Privacy Officer:
Email: privacyofficer@synchronoss.com
Post:
Attn: Chief Privacy Officer
Synchronoss Technologies, Inc.
200 Crossing Boulevard
Bridgewater
NJ08807
USA
Or, for EEA and UK users:
Synchronoss Software Ireland Limited
The Academy
42 Pearse street
Dublin 2
Ireland
Effective Date: 1 September 2022
Updated 11 December 2023