Privacy Policy — SkipSync

Effective: June 1, 2026 · Last Updated: June 1, 2026 · SkipSync, Inc. · Wilmington, Delaware, USA

This Privacy Policy explains how SkipSync, Inc. ("SkipSync", "we", "us", "our") collects, uses, stores, and shares your personal information when you use skipsync.io and our browser extensions (collectively, the "Service"). It applies to all users worldwide and is designed to satisfy the requirements of applicable privacy laws including the US state privacy laws, the EU General Data Protection Regulation (GDPR), the UK GDPR, Canada's PIPEDA and Quebec Law 25, Australia's Privacy Act 1988, and Mexico's LFPDPPP.

1. Data Controller

SkipSync, Inc., Wilmington, Delaware, USA is the data controller for personal data collected through the Service. For EU/UK users, SkipSync acts as data controller under GDPR Article 4(7). Contact: legal@skipsync.io

2. What Data We Collect

Account & Identity Data

Data	Why We Collect It	Legal Basis
Email address	Account creation, login, transactional emails	Contract performance
Password (encrypted)	Account authentication	Contract performance
First and last name	Personalization, support communications	Contract performance
Phone number	Optional — SMS account recovery only	Consent (optional)

Device & Technical Data

Data	Why We Collect It	Legal Basis
Device fingerprint (SHA-256 hash)	Enforce device limits per subscription plan	Contract performance
Device type, OS, browser	Display correct device information in dashboard	Contract performance
IP address	Security, fraud prevention, rate limiting	Legitimate interest
Session tokens (hashed)	Maintain authenticated sessions securely	Contract performance

Subscription & Payment Data

Payment card details are processed exclusively by Stripe, Inc. and are never stored by SkipSync. We retain only Stripe customer IDs, subscription status, and billing dates necessary to manage your subscription.

User-Submitted Content

Segment timestamps, segment types, and descriptions you voluntarily submit through the extension or app. These become part of the SkipSync database per your license grant in the Terms of Service.

Usage & Analytics Data

We collect minimal usage data — specifically which segments were skipped and when — to maintain and improve detection accuracy. This data is not linked to identifiable individuals in our analytics systems.

What We Do NOT Collect

We do not collect the content of any video you watch
We do not collect your browsing history outside of supported streaming platforms
We do not collect precise geolocation data
We do not build advertising profiles
We do not sell your personal data to any third party

3. Cookies & Tracking Technologies

SkipSync uses the following categories of cookies and local storage:

Category	Purpose	Can be declined?
Strictly Necessary	Authentication session token, CSRF protection	No — required for the service to function
Functional	Language preference, skip settings storage	Yes
Analytics	Anonymous usage statistics (no third-party trackers)	Yes

SkipSync does not use advertising cookies, cross-site tracking cookies, or third-party analytics platforms. You can manage your cookie preferences at any time using the cookie settings button in the footer.

4. How We Use Your Data

Provide the Service — authenticate your account, enforce device limits, deliver segment timestamps
Process payments — manage your subscription via Stripe
Communicate with you — send transactional emails (verification, password reset, subscription confirmations, payment receipts)
Security & fraud prevention — detect and prevent unauthorized access
Improve detection accuracy — analyze aggregate skip patterns to improve our AI model
Legal compliance — respond to lawful requests, enforce our Terms of Service

We do not use your personal data for advertising, profiling, or automated decision-making that produces legal effects on you.

5. How Long We Keep Your Data

Data Type	Retention Period	Reason
Account data	Until account deletion + 30 days	Allow account recovery window
Payment records	7 years	Tax and accounting legal requirements
Session tokens	30 days or until logout	Security
Segment submissions	Indefinitely (anonymized)	Part of the community database
Security logs (IP)	90 days	Fraud detection and security
Support communications	2 years	Service quality and legal protection

6. Who We Share Your Data With

We share personal data only with the following trusted service providers, under strict data processing agreements:

Provider	Purpose	Location
Stripe, Inc.	Payment processing and subscription management	USA (adequacy / SCCs for EU)
SendGrid (Twilio)	Transactional email delivery	USA (SCCs for EU)
Twilio, Inc.	SMS account recovery (if phone number provided)	USA (SCCs for EU)
Railway / Render	Cloud infrastructure hosting	USA
OpenAI, Inc.	AI-powered segment detection (video metadata only, no personal data)	USA

We never sell, rent, or trade your personal data. We do not share data with advertisers, data brokers, or marketing platforms.

We may disclose data where required by law, court order, or to protect the rights and safety of SkipSync or its users.

7. International Data Transfers

SkipSync is based in the United States. If you are located in the EU, UK, Canada, Australia, or Mexico, your data is transferred to and processed in the USA. We ensure appropriate safeguards are in place for these transfers as follows:

EU/UK users: Transfers rely on Standard Contractual Clauses (SCCs) approved by the European Commission
Canadian users: Transfers comply with PIPEDA's accountability principle for cross-border transfers
Australian users: Transfers comply with APP 8 cross-border disclosure requirements
Mexican users: Transfers comply with LFPDPPP Chapter V international transfer requirements

8. Your Rights — By Jurisdiction

🇺🇸 USA (California, Virginia, Colorado + other states)

Right to know, right to delete, right to opt-out of sale (we don't sell data), right to non-discrimination. Submit requests below.

🇪🇺 European Union (GDPR)

Right to access, rectification, erasure, restriction, portability, objection, and not to be subject to automated decisions. Lodge complaints with your local DPA.

🇬🇧 United Kingdom (UK GDPR)

Same rights as EU GDPR. Lodge complaints with the ICO (ico.org.uk).

🇨🇦 Canada (PIPEDA + Quebec Law 25)

Right of access, correction, and withdrawal of consent. Quebec residents have additional right to data portability and de-indexing.

🇦🇺 Australia (Privacy Act)

Right to access and correct personal information under the Australian Privacy Principles (APPs). Lodge complaints with the OAIC.

🇲🇽 Mexico (LFPDPPP)

ARCO rights: Access, Rectification, Cancellation, and Opposition. Submit requests to legal@skipsync.io. We respond within 20 business days.

9. Right to Erasure / Account Deletion

You may request deletion of your personal data at any time. Upon a verified erasure request, SkipSync will:

Delete your account, email address, name, phone number, and device records within 30 days
Anonymize (not delete) segment submissions — these become part of the community database with no link to your identity
Retain payment records for 7 years as required by US tax law (these cannot be deleted)
Confirm deletion to your email address once complete

Logged-in users can delete their account directly from their Dashboard. You may also submit a verified erasure request using the form below:

Submit a Data Erasure / Deletion Request

Submit your email address below. We will send a verification link to confirm your identity before processing. All requests are completed within 30 days as required by GDPR, UK GDPR, PIPEDA, and CCPA.

✓ Request received. We will email you a verification link within 24 hours. Your data will be deleted within 30 days of verification.

10. Data Security

SkipSync implements the following security measures to protect your personal data:

Passwords are hashed using bcrypt with cost factor 12 — never stored in plaintext
Session tokens are stored as SHA-256 hashes — never the raw token
All data in transit is encrypted using TLS 1.2 or higher
Database connections use SSL in production
API endpoints are rate-limited to prevent brute-force attacks
Device fingerprints are one-way hashed — cannot be reversed to identify hardware

11. Children's Privacy

SkipSync is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact legal@skipsync.io and we will delete it promptly.

12. Changes to This Policy & Governing Language

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 30 days before the change takes effect. The "Last Updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

This Policy is originally written in English. Any translation into another language is provided solely for user convenience. In the event of any conflict, discrepancy, or ambiguity between the English version and a translated version, the English version shall govern and prevail.

13. Contact & Data Protection Inquiries

General privacy inquiries: legal@skipsync.io
Data erasure requests: legal@skipsync.io (subject: "Data Erasure Request")
EU/UK representative: legal@skipsync.io
Response time: Within 30 days for all rights requests. Within 20 business days for Mexican ARCO requests.
SkipSync, Inc. · Wilmington, Delaware, USA