Data Privacy Plan

Your data, your control.

Our roadmap for data anonymisation, private tasks, soft deletion, and session-only storage — putting you in complete control of your crumbs and task data.

Effective date: 2026-03-16 — Syncflow, Stationsplein 8K, 6221 BT, Maastricht, The Netherlands

Compliance Framework

This plan is designed to comply with and exceed the requirements of:

EU GDPR

Art. 5(1)(e) Storage Limitation, Art. 17 Right to Erasure, Art. 25 Data Protection by Design

EU ePrivacy Directive

2002/58/EC — Consent for data storage, purpose limitation for session data

EN 301 549

European ICT Accessibility Standard — ensuring privacy controls are accessible to all users

Dutch UAVG / AP Guidelines

National implementation of GDPR, Autoriteit Persoonsgegevens data minimisation guidance

Implementation Roadmap

Data Inventory & Classification

In Progress

Q2 2026

Complete audit of all personal data stored across the platform, categorising each field by sensitivity level and retention necessity.

Map all task and crumb data fields to GDPR lawful bases
Classify data into tiers: essential (account operation), functional (feature delivery), and optional (analytics, improvement)
Document data flows to third-party processors (Groq, Vercel, MongoDB Atlas)
Conduct Data Protection Impact Assessment (DPIA) per Art. 35 GDPR

Anonymisation of Stored Data

Planned

Q3 2026

Implement automatic anonymisation of crumb and task data after completion, retaining only aggregate statistics for service improvement.

Task content anonymisation— Strip personally identifiable information (PII) from completed task titles and descriptions after 90 days of inactivity
Crumb data hashing— Replace crumb content with irreversible hashes, retaining only completion timestamps and ordering for streak calculations
AI prompt purging— Ensure no user prompts or decomposition inputs are retained beyond the immediate API request to the AI provider
Aggregate-only analytics— Replace per-user usage metrics with differential privacy aggregates

Soft Delete & Data Lifecycle

Planned

Q3 2026

Give users explicit control over data deletion with a reversible soft-delete mechanism before permanent erasure.

Soft delete for tasks and crumbs— Deleted items are moved to a "trash" state, recoverable for 30 days before permanent deletion (Art. 17 GDPR)
Bulk deletion— Allow users to delete all tasks, all crumbs, or their entire account data in one action
Automated purge scheduler— Background job that permanently erases soft-deleted records after the retention window
Data export before deletion— Prompt users to download their data (JSON/CSV) before confirming permanent deletion (Art. 20 Data Portability)

Private & Session-Only Tasks

Planned

Q4 2026

Introduce privacy modes that let users control how long their data persists, including fully ephemeral session-only tasks.

Private tasks— Encrypted at rest with a user-specific key; not included in analytics, AI training, or data exports to third parties
Session-only tasks & crumbs— Stored only in the browser session (sessionStorage). Never sent to the server unless the user explicitly saves them
Configurable retention (72h window)— Users can opt to store session data server-side for up to 72 hours for cross-device access, after which it is automatically and permanently deleted
Retention settings UI— Per-task toggle in the task creation flow: "Keep forever", "Keep for 72 hours", or "Session only"
Visual indicators— Clear badges on private and session-only tasks so users always know their data's persistence level

Advanced Privacy Controls

Planned

Q1 2027

Long-term privacy features that give users granular control over every aspect of their data.

Privacy dashboard— Single page showing all stored data, retention schedules, third-party data shares, and one-click actions for each GDPR right (access, rectification, erasure, portability, restriction, objection)
Automated DSAR handling— Self-service Data Subject Access Requests with automatic data compilation and delivery within 72 hours (well under the 30-day GDPR deadline)
Consent management— Granular consent toggles for each processing purpose, with full audit trail of consent changes
Data residency options— Allow EU users to ensure their data never leaves EU-based infrastructure

Data Control Features

Concrete features we are building to give you full ownership over your data. Each feature maps to specific GDPR articles and EN 301 549 requirements.

Soft Delete with Recovery

Delete tasks and crumbs with a 30-day recovery window before permanent erasure.

✓Trash view to review deleted items
✓Restore individual items or bulk restore
✓Automatic permanent deletion after 30 days
✓Compliant with Art. 17 GDPR (Right to Erasure)

Private Tasks

Create encrypted tasks that are invisible to analytics and third-party processors.

✓Client-side encryption with user-specific key
✓Excluded from AI processing pipelines
✓No third-party data sharing
✓Visual lock indicator on private items

Session-Only Mode

Tasks and crumbs that exist only during your browser session.

✓Stored in browser sessionStorage (never hits our servers)
✓Optional 72-hour server-side cache for cross-device access
✓Automatic cleanup on session end or timer expiry
✓Data minimisation by design (Art. 5(1)(c) GDPR)

Data Export & Portability

Download all your data in standard, machine-readable formats at any time.

✓Export as JSON, CSV, or HTML
✓Includes tasks, crumbs, templates, and settings
✓One-click full data export from settings
✓Compliant with Art. 20 GDPR (Data Portability)

Configurable Retention

Choose how long your data persists — from session-only to indefinite.

✓'Keep forever' — standard persistent storage
✓'Keep for 72 hours' — auto-deleted after 3 days
✓'Session only' — no server-side storage
✓Per-task retention override available

Anonymised Analytics

We plan to use differential privacy so no individual user can be identified from aggregate data.

✓k-anonymity for any aggregate reporting
✓No individual usage patterns stored long-term
✓PII stripped from completed task content after 90 days
✓Compliant with Art. 5(1)(e) GDPR (Storage Limitation)

Technical Approach

Anonymisation Strategy

Our anonymisation pipeline uses a multi-stage approach designed to be irreversible while preserving statistical utility:

PII Detection— Automated scanning of task content for email addresses, names, phone numbers, and other identifiers using pattern matching and NER
Content Generalisation— Replace specific values with category labels (e.g., "[EMAIL]", "[NAME]")
Hash-based Pseudonymisation— SHA-256 hashing of crumb content with per-user salt, then deletion of the salt after the retention window
Aggregation— Roll up per-user metrics into cohort-level statistics with noise injection (differential privacy)

Session-Only Architecture

Session-only tasks use a hybrid architecture that respects user choice:

Browser-only mode— Tasks stored exclusively in sessionStorage. AI decomposition requests are made directly from the client with ephemeral tokens; no task data touches our database
72-hour cached mode— Tasks are encrypted client-side before upload. The server stores only the encrypted blob with a TTL index. MongoDB TTL indexes automatically remove expired documents — no background jobs needed
Upgrade path— Users can promote a session-only task to persistent storage at any time, with clear consent

Soft Delete Implementation

The soft delete mechanism ensures data recovery while respecting erasure timelines:

Deleted records receive a deletedAt timestamp and are excluded from all queries via a global filter
A daily scheduled job permanently removes records where deletedAt is older than 30 days
Users can view, restore, or permanently delete items from their trash view before the 30-day window expires
Account deletion triggers immediate permanent erasure of all user data (bypassing soft-delete), with only legally required invoicing records retained per Dutch tax law (7 years)

Our Commitment

Privacy is not an afterthought at Syncflow. We are committed to data protection by design and by default (Art. 25 GDPR). This plan is a living document that we will update as we implement each phase.

Read our Privacy Policy →·Contact our Privacy Team →

W

O

R

K

I

N

G

O

N

I

T

.

Compliance Framework

This plan is designed to comply with and exceed the requirements of:

EU GDPR

Art. 5(1)(e) Storage Limitation, Art. 17 Right to Erasure, Art. 25 Data Protection by Design

EU ePrivacy Directive

2002/58/EC — Consent for data storage, purpose limitation for session data

EN 301 549

European ICT Accessibility Standard — ensuring privacy controls are accessible to all users

Dutch UAVG / AP Guidelines

National implementation of GDPR, Autoriteit Persoonsgegevens data minimisation guidance

Implementation Roadmap

Data Inventory & Classification

In Progress

Q2 2026

Complete audit of all personal data stored across the platform, categorising each field by sensitivity level and retention necessity.

Map all task and crumb data fields to GDPR lawful bases
Classify data into tiers: essential (account operation), functional (feature delivery), and optional (analytics, improvement)
Document data flows to third-party processors (Groq, Vercel, MongoDB Atlas)
Conduct Data Protection Impact Assessment (DPIA) per Art. 35 GDPR

Anonymisation of Stored Data

Planned

Q3 2026

Implement automatic anonymisation of crumb and task data after completion, retaining only aggregate statistics for service improvement.

Task content anonymisation— Strip personally identifiable information (PII) from completed task titles and descriptions after 90 days of inactivity
Crumb data hashing— Replace crumb content with irreversible hashes, retaining only completion timestamps and ordering for streak calculations
AI prompt purging— Ensure no user prompts or decomposition inputs are retained beyond the immediate API request to the AI provider
Aggregate-only analytics— Replace per-user usage metrics with differential privacy aggregates

Soft Delete & Data Lifecycle

Planned

Q3 2026

Give users explicit control over data deletion with a reversible soft-delete mechanism before permanent erasure.

Soft delete for tasks and crumbs— Deleted items are moved to a "trash" state, recoverable for 30 days before permanent deletion (Art. 17 GDPR)
Bulk deletion— Allow users to delete all tasks, all crumbs, or their entire account data in one action
Automated purge scheduler— Background job that permanently erases soft-deleted records after the retention window
Data export before deletion— Prompt users to download their data (JSON/CSV) before confirming permanent deletion (Art. 20 Data Portability)

Private & Session-Only Tasks

Planned

Q4 2026

Introduce privacy modes that let users control how long their data persists, including fully ephemeral session-only tasks.

Private tasks— Encrypted at rest with a user-specific key; not included in analytics, AI training, or data exports to third parties
Session-only tasks & crumbs— Stored only in the browser session (sessionStorage). Never sent to the server unless the user explicitly saves them
Configurable retention (72h window)— Users can opt to store session data server-side for up to 72 hours for cross-device access, after which it is automatically and permanently deleted
Retention settings UI— Per-task toggle in the task creation flow: "Keep forever", "Keep for 72 hours", or "Session only"
Visual indicators— Clear badges on private and session-only tasks so users always know their data's persistence level

Advanced Privacy Controls

Planned

Q1 2027

Long-term privacy features that give users granular control over every aspect of their data.

Privacy dashboard— Single page showing all stored data, retention schedules, third-party data shares, and one-click actions for each GDPR right (access, rectification, erasure, portability, restriction, objection)
Automated DSAR handling— Self-service Data Subject Access Requests with automatic data compilation and delivery within 72 hours (well under the 30-day GDPR deadline)
Consent management— Granular consent toggles for each processing purpose, with full audit trail of consent changes
Data residency options— Allow EU users to ensure their data never leaves EU-based infrastructure

Technical Approach

Anonymisation Strategy

Our anonymisation pipeline uses a multi-stage approach designed to be irreversible while preserving statistical utility:

PII Detection— Automated scanning of task content for email addresses, names, phone numbers, and other identifiers using pattern matching and NER
Content Generalisation— Replace specific values with category labels (e.g., "[EMAIL]", "[NAME]")
Hash-based Pseudonymisation— SHA-256 hashing of crumb content with per-user salt, then deletion of the salt after the retention window
Aggregation— Roll up per-user metrics into cohort-level statistics with noise injection (differential privacy)

Session-Only Architecture

Session-only tasks use a hybrid architecture that respects user choice:

Browser-only mode— Tasks stored exclusively in sessionStorage. AI decomposition requests are made directly from the client with ephemeral tokens; no task data touches our database
72-hour cached mode— Tasks are encrypted client-side before upload. The server stores only the encrypted blob with a TTL index. MongoDB TTL indexes automatically remove expired documents — no background jobs needed
Upgrade path— Users can promote a session-only task to persistent storage at any time, with clear consent

Soft Delete Implementation

The soft delete mechanism ensures data recovery while respecting erasure timelines:

Deleted records receive a deletedAt timestamp and are excluded from all queries via a global filter
A daily scheduled job permanently removes records where deletedAt is older than 30 days
Users can view, restore, or permanently delete items from their trash view before the 30-day window expires
Account deletion triggers immediate permanent erasure of all user data (bypassing soft-delete), with only legally required invoicing records retained per Dutch tax law (7 years)