Privacy Policy

Effective Date: June 1, 2026

End-to-End Encrypted (E2EE) Sync

Your clipboard data, notifications, notes, and contacts are secured locally using AES-256-GCM. Decryption keys are derived locally from your Sync Password, meaning we (the developers) cannot access or read your content.

1. Introduction

Welcome to IDoSync ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the IDoSync mobile application (coming soon for macOS and Windows) and our associated services. By using the app, you agree to the collection and use of information in accordance with this policy.

2. App Functionality & Audience

IDoSync is a cross-device synchronization hub designed to manage and sync clipboards, notifications, notebooks, and contacts across your devices.

Eligibility

You must be at least 16 years of age to create an account and use IDoSync. By creating an account, you self-certify that you meet this age requirement. We do not knowingly collect or sync personal data from anyone under 16. If we discover that a user is under 16, we will promptly delete their account and associated sync history.

3. Data Collection & Permission Justifications

To provide our core synchronization services, we require specific device permissions. We adhere to the principle of data minimization and only request permissions essential to the app's primary functionality:

Contacts (Google Play & Apple Requirement)

We require access to your address book solely to synchronize your contact lists across your connected devices. We do not sell your contacts, share them with marketers, or use them for any purpose other than fulfilling this cross-device sync.

Notifications

We require notification access to capture and mirror your incoming alerts to your other synchronized devices.

Clipboard / Background Activity

We require access to background processes and your device's clipboard to seamlessly sync copied text across your ecosystem. On Android, we provide an optional IME (keyboard) service called "IDoSync Keyboard" and a persistent foreground service to maintain clipboard monitoring in background, even when the app is closed.

Notebook / Notes

To allow you to create, save, and seamlessly sync your personal notes across your connected devices, we process and transmit your notebook entries via our backend infrastructure.

Data Linkage & End-to-End Encryption (E2EE)

The core payloads of your synced data (clipboard contents, notification text, notes, and contact numbers) are secured using End-to-End Encryption (E2EE) via AES-256-GCM. This means the data is encrypted on your device and decrypted only on your other authorized devices. Your synchronized payloads are encrypted with AES-256-GCM. The decryption keys are derived locally from your Sync Password, but the encrypted master key is stored on our servers to enable cross-device sync. While we (the developers) cannot read your payload content, the encrypted master key resides on our infrastructure. If you lose your Sync Master Key, your data is permanently unrecoverable.

Device Identifiers

To maintain sync pairing and security, we collect device characteristics including device model, OS version, and a unique device identifier (e.g., android_{brand}{model}{id} or ios_{model}{systemVersion}{identifierForVendor}). This is used solely for device management and sync routing.

4. Accounts, Data Retention, & Deletion

You are required to create an account to authorize and link your devices. We retain your account data (such as your email address and encrypted sync history) only for as long as your account remains active.

Account Deletion

You have the right to delete your account and all associated data at any time:

In-App Deletion

You can immediately delete your account by navigating to More > Profile > Delete Account within the IDoSync app.

Web Deletion

If you no longer have access to the app, you can request full data deletion by visiting our external request form.

Upon deletion, your account identifiers and encrypted payloads are permanently purged from our active servers. Deleted in-app items are moved to a Recycle Bin and remain there until 30 days. Also, you can manually perform "Delete Forever."

5. Third-Party Services & Analytics

We use select third-party infrastructure to operate the app. We do not sell your personal data. Our third-party integrations include:

  • Firebase: Used for backend database management, secure authentication (email/password + Google Sign-In), push notifications (Firebase Cloud Messaging), API attestation (Firebase App Check), and crash reporting.
  • Qonversion.io: Used to validate and manage subscription receipts.

No Cross-App Tracking: IDoSync does not use these SDKs to track you across websites or applications owned by other companies. Therefore, we do not engage in activities that require App Tracking Transparency (ATT) authorization for targeted advertising.

6. Billing, Subscriptions, & Refunds

IDoSync offers premium features via in-app purchases and subscriptions. We utilize Qonversion.io strictly to validate the status of your subscription.

We do not directly collect, process, or store your credit card numbers or raw financial data.

All actual charges, auto-renewals, and refunds are securely handled by the Google Play Store (Apple App Store billing coming soon), subject to their respective billing policies.

7. EU & UK Users (GDPR Compliance)

If you are a resident of the European Economic Area (EEA) or the UK, we process your personal data under the following lawful bases:

  • Performance of a Contract: To provide you with the synchronization services you requested.
  • Consent: When you explicitly grant device permissions (e.g., Contacts, Notifications).

Your Rights: You have the right to request access to, rectification of, or erasure of your personal data. You may also object to or restrict certain processing activities. To exercise these rights, please contact us at idosync.app@gmail.com

8. California Residents (CCPA/CPRA Compliance)

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information:

  • Right to Know & Access: You can request details about the categories and specific pieces of personal data we have collected about you over the past 12 months.
  • Right to Delete: You can request the deletion of your personal data (accessible via the app settings or web deletion process).
  • Right to Correct: You may request that we correct any inaccurate personal information we maintain about you.
  • Right to Limit Use of Sensitive Personal Information: IDoSync does not use sensitive personal information to infer characteristics about you. Data such as your contacts are strictly used to perform the service reasonably expected by you (cross-device syncing).
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal data, nor do we share it for cross-context behavioral advertising.

9. Security

We implement commercially reasonable security measures to protect your data both in transit and at rest, including TLS encryption for data transfer and E2EE for your synchronized payloads. However, no electronic transmission or storage system is 100% secure, and we cannot guarantee absolute security.

Local Storage Warning

The app maintains a local offline cache (up to 100 MB) of your encrypted data on your device. While this data is E2EE, the encryption keys are also stored locally in platform secure storage (Keychain/KeyStore), so physical device compromise could expose your data.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Move back to home

Your Data, Anywhere

We are currently in beta testing. You'll gain early access to a seamless hub. Your digital life is always within reach, no matter which screen you are using.

Join the waitlist