Privacy Policy

Last updated: August 06, 2025

Psync is the data controller responsible for protecting your personal data. At Psync, we value your privacy and are committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, store, and protect your information, in compliance with Brazil's General Data Protection Law (LGPD) and Google's requirements for applications. All user data, including Google data, is transmitted and stored securely using industry-standard TLS/HTTPS encryption.

1. Information We Collect

We collect the following data:

• Registration Data: Full name, email, and encrypted password when you create an account.
• Profile Data: Profile picture (optional) and service configuration information (working days and hours).
• Patient Data: Name, CPF, date of birth, mobile phone, email, address, ZIP code, and notes, entered by you. This data is considered sensitive and is handled securely.
• Usage Data: Information about therapy sessions, medical records, and interactions with the platform.
• Google Integration: If you connect your account to Google Calendar, we use temporary access credentials (OAuth tokens) to create and manage events in the "Psync" calendar. We only store the IDs of the created events and Google Meet links, without accessing or storing other calendar data. Our use of the Google Calendar API complies with the Google API Services User Data Policy.

2. How We Use Your Data

We use your information to:

• Manage your account and provide access to the platform.
• Facilitate session scheduling and patient management.
• Generate medical records and internal reports.
• Integrate with Google Calendar (Google API), when authorized, to sync events. The use of this API is limited to creating and managing appointments.
• Improve our services and ensure the platform's security, without tracking external activities.
• Comply with legal obligations, such as maintaining records required by the LGPD.

3. Data Sharing

We do not share your personal data with third parties, except:

• When necessary to comply with legal obligations or court orders.
• With Google, only for integration with Google Calendar (via API), if you choose to do so. We only share the IDs of the created events and necessary Google Meet links for the functionality, in compliance with Google's policies.
• When an AI-generated medical record is requested, the notes taken during the session are solely and exclusively processed through the OpenAI API and returned to the user, with no data being kept in the third-party service's history. No data regarding the psychologist, patient, or any other external information besides the session notes is shared for this feature, maintaining user identity confidentiality.

4. Storage and Security

Your data is stored on secure servers with encryption. Passwords are protected by hashing. All data transmissions occur over TLS/HTTPS, ensuring security. We adopt technical measures to prevent unauthorized access, but no system is 100% immune to failure. Sensitive data, such as CPF and patient information, receives additional protection. We regularly monitor our systems to detect and mitigate security risks.

5. Data Retention and Deletion

• Psync: All data manually deleted by a user or via a request to our support is retained in backups for up to 3 days and can only be recovered in exceptional cases during this period. After this period, the data is permanently deleted.
• Google Calendar: We do not view or store Google Calendar data, except for events created by the platform in the "Psync" calendar. For these cases, we only store the event ID, which can be deleted at any time by the user in the platform's calendar.
• WhatsApp: Only replies to messages sent via WhatsApp are stored. Their retention follows the rules described in the "Psync" section of this policy.
• OpenAI: No data used in the processing of artificial inteligence features with OpenAI is stored externally. Its internal retention follows the rules described in the "Psync" section of this policy.

6. Your Rights

According to Brazil's General Data Protection Law (LGPD), you have the following rights:

• Access, correct, or delete your data at any time through your profile on the platform.
• Request the portability of your data to another service.
• Restrict the processing of your data, where applicable.
• Revoke the integration with Google Calendar in the settings section, stopping access to the API.
• Request the complete deletion of your account, which will remove all associated data, except when required by law. Contact us at contato@psync.app.br.

7. Cookies and Similar Technologies

We use cookies only to keep your session active and improve the Browse experience. You can disable cookies in your browser settings, but this may affect the platform's functionality. We do not track activities outside the platform or use cookies for advertising.

8. Application Permissions

We only request permissions when necessary:

• Access to Google Calendar: To sync events, with your explicit authorization.

9. Changes to this Policy

We may update this policy periodically. The link for verification will always be available in the footer of all pages.

10. Contact

Questions or requests? Contact us by email: contato@psync.app.br.

Click here to return to the homepage