← Back to home

Privacy Policy

Last updated: 2026-05-06

1. Who we are

BookSynch is operated by Devopzone EOOD, a Bulgarian limited liability company ("we", "us"). For GDPR purposes we act as the data controller for account data and as a data processor for the Stripe transaction data we fetch on your behalf.

2. What we collect

  • Account data: email address, hashed password (or OAuth provider ID), business name, country.
  • Stripe data: via OAuth (read-only scope), we fetch charges, refunds, balance transactions, fees, payouts, and tax data necessary to build your monthly ledger.
  • Billing data: handled by our payment processor (Stripe). We do not store card numbers.
  • Operational logs: request logs, error reports, email delivery status.

3. What we do NOT collect or store

  • Your Stripe secret API keys — we use OAuth tokens with read-only scope only.
  • Payment card numbers — handled exclusively by Stripe.
  • End-customer personally identifiable information beyond what is required to generate the ledger; PII redaction is applied 30 days after Stripe disconnect.

4. How we use your data

  • To operate the Service: fetch Stripe data, build ledger reports, deliver them.
  • To bill you for the subscription.
  • To send transactional emails (report delivery, account notifications).
  • To monitor errors and improve reliability.

We do not sell your data. We do not use your data to train AI models. We do not share your data with advertisers.

5. Sub-processors

  • Microsoft Azure (compute, database, storage) — North Europe region.
  • Stripe — payment processing & Connect data source.
  • Resend — transactional email.
  • Cloudflare — DNS & CDN.

6. Data retention

Account data is retained while your account is active and for 30 days after deletion. Ledger reports are retained for 24 months for your reference. PII fields in transaction-level data are redacted 30 days after Stripe disconnect.

7. Your rights (GDPR)

You have the right to access, correct, export, or delete your personal data. To exercise these rights, email privacy@booksynch.com. You may also lodge a complaint with the Bulgarian Commission for Personal Data Protection or your local supervisory authority.

8. International transfers

Some of our sub-processors are based outside the EU. We rely on Standard Contractual Clauses or equivalent safeguards for these transfers.

9. Cookies

We use only strictly-necessary cookies for authentication. We do not use advertising or analytics cookies on the marketing site.

10. Contact

Privacy questions: privacy@booksynch.com.