Privacy Policy

Allstar Technologies Canada Limited, operating as GetInSync (“GetInSync”, “we”, “us”, or “our”), explains how it collects, uses, stores, and protects personal information when accessing the website at https://getinsync.ca and related applications and services (collectively, the “Services”).

Information We Collect

Information You Provide

Personal information may be provided when you:

• Create an account
• Sign in using email/password or third-party authentication
• Contact support
• Invite users to your organization
• Submit feedback or inquiries

This may include:

• Name
• Email address
• Organization name
• Authentication identifiers
• User role and workspace assignments

Information Collected Automatically

When using the Services, the following information is automatically collected:

• IP address
• Browser type and version
• Device and operating system information
• Access timestamps
• Pages viewed and actions taken

This information is used for security, performance, and abuse prevention.

Third-Party Authentication

Email and Password Authentication

Passwords are hashed using industry-standard bcrypt encryption and never stored in plain text.

Sign in with Google (OAuth 2.0)

When signing in using Google, the following is received:

• Email address
• Name
• Profile image (optional)

Google passwords and access to Gmail, Google Drive, or other Google services are not received.

Google Privacy Policy: https://policies.google.com/privacy

Sign in with Microsoft (OAuth 2.0)

When signing in using Microsoft, the following is received:

• Email address
• Name
• Profile image (optional)

Microsoft passwords and access to Outlook, OneDrive, or other Microsoft services are not received.

Microsoft Privacy Policy: https://privacy.microsoft.com/privacystatement

Microsoft Entra ID Single Sign-On (Enterprise Only)

Enterprise customers may configure SSO using Microsoft Entra ID.

The following is received:

• Work email address
• Display name
• Optional attributes configured by your organization

Authentication occurs entirely within your organization’s identity provider, and work account passwords are never received.

How We Use Your Information

Personal information is used to:

• Authenticate users
• Operate and secure the Services
• Provide customer support
• Enforce access controls
• Improve reliability and functionality
• Meet legal and regulatory requirements

Personal information is not sold.

Canadian Data Residency and Multi-Region Options

Default Data Location

Customer data is stored in Canada (AWS ca-central-1, Montreal) by default through infrastructure providers.

This supports:

• PIPEDA compliance
• Provincial FOIP legislation
• Canadian data sovereignty requirements

Multi-Region Options

On request, data may be hosted in:

• United States (us-east-1)
• European Union (eu-west-1)

Region selection must occur before account provisioning.

Cross-Border Processing

Authentication services and email delivery may route through global infrastructure. Application data remains within the selected region.

Our Commitment to Security

GetInSync maintains a security-focused operating model that includes:

• SOC 2 Type II certified infrastructure
• AES-256 encryption at rest
• TLS 1.2+ encryption in transit
• Database row-level security
• Segregated customer namespaces
• Regular security reviews
• Incident response within 24 hours

Multi-Tenant Security Architecture

GetInSync is a multi-tenant SaaS platform with strict data isolation.

Namespace Isolation

Each organization operates within a unique namespace identified by a UUID.

Row-Level Security

Database-level row-level security enforces isolation between customer namespaces. Cross-tenant access is blocked at the database layer.

Role-Based Access Control

Roles include:

• Namespace Admin
• Workspace Admin
• Editor
• Viewer

Permissions are enforced consistently across the application.

Audit Logging

The following is logged:

• User authentication events
• Data creation, updates, and deletion
• Permission and role changes

Audit logs are retained for 365 days.

Information Sharing and Disclosure

Personal information is shared only:

• With authorized service providers
• To meet legal obligations
• To protect the security and integrity of the Services

Personal information is not shared for third-party marketing.

Infrastructure and Service Providers

Key service providers include:

• Supabase – database and authentication — https://supabase.com/privacy
• Netlify or Azure Static Web Apps – application hosting — https://www.netlify.com/privacy · https://privacy.microsoft.com/
• Google OAuth — https://policies.google.com/privacy
• Microsoft OAuth and Entra ID — https://privacy.microsoft.com/privacystatement

All providers operate under data processing agreements.

Cookies and Similar Technologies

Essential Cookies

Required for authentication and security:

• Session cookies
• OAuth state cookies
• CSRF protection cookies

These cookies cannot be disabled.

Preference Cookies

Optional cookies store interface preferences such as theme or language.

Third-Party Cookies

Google and Microsoft may set cookies during authentication. These cookies are governed by their own privacy policies.

Advertising or cross-site tracking cookies are not used.

Data Retention

Active Accounts

Data is retained while your account remains active.

Trial Accounts

Inactive trial accounts are deleted after 180 days, with advance notice.

Cancelled Accounts

Data is retained for 90 days after cancellation, then permanently deleted.

Account Deletion

You may request account deletion by emailing support@getinsync.ca. Deletion occurs within 30 days, subject to legal retention requirements.

Backups

Encrypted backups are retained for 30 days.

Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

• Access personal information
• Request correction
• Request deletion
• Export your data
• Object to certain processing

Requests can be made by contacting us.

Children’s Privacy

The Services are not intended for individuals under 16 years of age. Information from children is not knowingly collected.

Changes to This Privacy Policy

This Privacy Policy may be updated periodically. Changes take effect when posted. Continued use of the Services indicates acceptance.

Contact Us

To understand more about this Policy or to contact concerning individual rights and Personal Information:

Email: support@getinsync.ca

Website: https://getinsync.ca

Address: 1856 Angus Street Regina, SK Canada S4T 1Z4

Business Hours: Open 9 a.m. – 5 p.m. (CST) Monday – Friday