Privacy Policy

Effective 2026-06-05

This Privacy Policy describes how RefSource ("we," "us," or "our"), operated by Synctek, collects, uses, and protects information when you use the RefSource iOS app or web applications.

1. Information we collect

We only collect information necessary to operate the service. Specifically:

• Email address. We collect your email address when you accept an invite or sign in via magic-link OTP. We use it to authenticate you and to send service-related email (invite confirmations, notification preferences). We do not use it for marketing.
• User identifier. We generate an internal user ID to associate your activity within your tenant organization. The ID is not shared across organizations.
• Photos and audio attachments. If you attach photos or voice notes to a referral or thread message, we store them in our object storage. Attachments are scoped to your tenant and only visible to authorized members of that tenant.
• Crash and error data. We use Sentry to capture crash reports and error events from the app and backend services. Sentry events do not include attachment contents, OTP codes, or other secrets. We have configured Sentry to strip personally identifiable information from breadcrumbs and to never send default PII.

2. Information we do NOT collect

• We do not track your activity across other apps or websites.
• We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes.
• We do not use third-party analytics or tracking SDKs.
• We do not collect device location.

3. Required-reason APIs (Apple)

The iOS app uses the following Apple APIs for the listed legitimate purposes:

• UserDefaults (reason: CA92.1) — to persist user-selected app preferences across launches.
• FileTimestamp (reason: C617.1) — to display creation and modification timestamps on user-attached files.
• SystemBootTime (reason: 35F9.1) — to compute elapsed time for diagnostic measurements.
• DiskSpace (reason: E174.1) — to verify available storage before downloading attachments.

4. How we use information

• To authenticate you and authorize your access to your tenant's data.
• To deliver service-related transactional email (invites, notifications you opt into).
• To diagnose and fix crashes and errors (Sentry).
• To comply with legal obligations.

5. Data retention

We retain user accounts and tenant data while the tenant subscription is active. Voice-note attachments not referenced by an active thread are automatically deleted after 90 days. You can request export or deletion of your personal data at any time by contacting [email protected].

6. Data security

Data is encrypted in transit (TLS 1.2+) and at rest. Row-level security policies in our database isolate each tenant's data. Access to production systems is restricted to a small operations team.

7. Children's privacy

RefSource is intended for use by professional service operators. We do not knowingly collect information from children under 13. If you believe a child has provided information, contact us and we will delete it.

8. Changes to this policy

We may update this policy. The effective date at the top reflects the most recent revision. Material changes will be communicated by email or in-app notice.

9. Contact

Privacy inquiries: [email protected]
General support: [email protected]
Postal mail: Synctek, attn: RefSource Privacy