Legal
Your presentation content — slides, text, images — never reaches our servers. The server only facilitates the encrypted connection between your devices.
SyncBy!App ("we", "us", "the Service") is a peer-to-peer presentation tool operated by Bartosz Kulczyk. You can reach us at syncby@proton.me.
Session data. When a screen creates a session, we generate an anonymous UUID and PIN pair. This data is held exclusively in server memory and is automatically deleted after 1 hour or immediately when either participant ends the session. We do not write it to any persistent database or log file.
IP addresses for rate limiting. To protect against brute-force PIN-guessing attacks, we apply rate limiting. The IP address used for this purpose is one-way hashed using SHA-256 before any processing. We never store the raw IP address, and the hash cannot be reversed to recover the original address.
WebSocket relay traffic. When WebRTC is unavailable, slide images are relayed through our server as binary chunks. We do not inspect, store, log, or analyse this content in any way. The relay is a pure forwarding pipe.
CSP violation reports. We log Content Security Policy violation reports briefly (max 24 hours) to monitor for injection attacks. These reports contain no presentation content and no personal data.
What we do not collect:
Processing is necessary for the performance of the service you request (Art. 6(1)(b) GDPR). Rate-limiting data processing is based on our legitimate interest in protecting the service from abuse (Art. 6(1)(f) GDPR).
Session data (UUID/PIN pairs) is retained in server memory only for the duration of the session — within 1 hour for Free sessions, within 4 hours for PRO sessions. It is never written to disk. Hashed IP data used for rate limiting is cleared automatically within minutes after the rate-limit window expires.
We use our own STUN server (stun.syncby.app:3478) to assist WebRTC peer discovery. STUN negotiation transmits only your public IP address to our server for the purpose of establishing a direct connection — no presentation content is involved. This is a standard WebRTC mechanism and cannot be disabled when using P2P mode. WebSocket relay mode does not use any third-party services.
We do not share any data with advertisers, data brokers, or analytics platforms.
Under GDPR and applicable data protection law, you have the right to access, rectify, erase, and port your personal data, and to object to or restrict its processing. Because we do not collect or retain identifiable personal data, most of these rights are satisfied by design. For any request, contact us at syncby@proton.me.
All traffic between your browser and our servers is encrypted using TLS (HTTPS/WSS). WebRTC DataChannels use DTLS-SRTP encryption by specification. We apply rate limiting, input validation, per-session connection limits, and Content Security Policy headers to reduce the attack surface of the service.
We may update this policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page. Continued use of the Service after any update constitutes acceptance of the revised policy.
For any privacy-related questions or requests: syncby@proton.me