Privacy Policy
Last updated: 1 May 2026
This Privacy Policy describes how Rafael Ferrero Conde ("we", "us", "Synkrea") collects, uses, and shares personal information when you install and use the SynkreaCRM browser extension (the "Extension") and the related Synkrea CRM web service available at https://synkrea.com (the "Service").
1. Data Controller
The data controller responsible for the processing of personal data described in this policy is:
- Name: Rafael Ferrero Conde
- NIF: 48291455B
- Address: c/ Agrillent 13, 46870 Ontinyent (Valencia), Spain
- Contact email: soporte@synkrea.com
For any privacy-related question, request, or complaint, please contact us at the email address above.
2. Scope
This policy applies to:
- The SynkreaCRM Chrome Extension published on the Chrome Web Store.
- The Synkrea CRM web application at https://synkrea.com.
- Any communication you have with us regarding either of the above.
This policy does not apply to third-party services you may choose to integrate with the Service (for example, Zapier or WhatsApp). Those services are governed by their own privacy policies, which we recommend you review before activating any integration.
3. What the Extension Does
The Extension is a productivity tool that integrates with skool.com to help users (typically marketing agencies, agency clients, or independent professionals) manage leads, conversations, and content from Skool communities through the Synkrea CRM.
To do this, the Extension reads data displayed on skool.com pages while you are logged in to your own Skool account, and synchronises that data with your Synkrea CRM account. The Extension does not access skool.com on your behalf when you are not actively using it, and it does not read or transmit data from any website other than skool.com and player.vimeo.com.
4. Personal Data We Process
The Synkrea CRM is a multi-tenant service. Depending on whether you are a direct customer of Synkrea, an agency, or a client managed by an agency, your role and the data we process on your behalf will differ. Throughout this section, "you" refers to the person who has installed the Extension and uses the Synkrea CRM.
4.1 Account data — we are the data controller
We collect and process the following data about you, the user of the Service:
- Email address
- Password (stored as a salted hash via Supabase Auth; we never have access to the plaintext)
- Subscription plan and billing status
- Settings and preferences you configure in the CRM
- For agencies: the list of clients you manage and their contact details, when you choose to add them
4.2 Skool data synced to the CRM — we act as a data processor
When you use the Extension, the following data flows from skool.com to the Synkrea CRM and is stored in our database:
- Public Skool profile information of community members you interact with (name, profile picture, public bio, public posts and comments).
- Direct messages that you send or receive through the Synkrea CRM. The CRM acts as a unified inbox: messages you compose in the CRM are sent to Skool on your behalf, and messages you receive on Skool are stored in our database so that you can read and reply to them from the CRM, including after you close the Skool tab.
- Tags, notes, custom fields, and any other annotations you create about Skool members.
For this category of data, you (the user of the Synkrea CRM) act as the data controller, and Synkrea acts as the data processor. This means you are responsible for informing the people whose data you process (your Skool community members and contacts) about the processing, and for having a lawful basis to process their data under applicable law (e.g. GDPR Article 6).
You can delete this data at any time from the CRM interface. Deletion requests are propagated to our database within 30 days.
4.3 Authentication data
The Extension reads your Skool authentication cookies in real time to make authenticated requests to skool.com on your behalf. These cookies are read each time a request is made and are never stored on our servers.
4.4 Technical data
We retain logs of API requests between the Extension and our backend for up to 30 days for security, debugging, and abuse prevention purposes. These logs include timestamps, the API endpoint called, and the response status, but do not include IP addresses or message content.
4.5 What we do not collect
- Your IP address (we do not store IPs in our application database; however, our hosting provider Vercel logs IP addresses as part of standard server access logs — see Section 7).
- Your browsing history outside skool.com and player.vimeo.com.
- Payment card numbers (handled directly by Stripe — see Section 7).
- Data from any website other than skool.com and player.vimeo.com.
- Biometric data, location data, or any sensitive category data under GDPR Article 9.
5. Legal Basis for Processing (GDPR)
We process your personal data on the following legal bases:
- Contract performance (Article 6(1)(b) GDPR): processing necessary to provide the Service you have subscribed to, including syncing Skool data to your CRM.
- Legitimate interest (Article 6(1)(f) GDPR): keeping logs for security and debugging.
- Consent (Article 6(1)(a) GDPR): activating optional integrations such as Zapier or WhatsApp. You can withdraw consent at any time by deactivating the integration in your CRM settings.
6. How We Use Your Data
We use the data described in Section 4 only to:
- Provide and operate the Service.
- Sync Skool data to your CRM as you request.
- Communicate with you about your account, billing, and changes to the Service.
- Detect and prevent abuse, fraud, and security incidents.
- Comply with legal obligations.
We do not sell your personal data, and we do not use it to train machine learning models, profile you for advertising, or share it with advertisers.
7. Subprocessors
We rely on the following third-party services to operate the Service. Each has been selected for its compliance posture and data protection commitments:
| Subprocessor | Purpose | Region | Privacy policy |
|---|---|---|---|
| Supabase | Database and authentication | EU (Ireland) | supabase.com/privacy |
| Vercel | Hosting of the Synkrea CRM web application | EU/US | vercel.com/legal/privacy-policy |
| Stripe | Payment processing | EU/US | stripe.com/privacy |
If you activate optional integrations (Zapier, WhatsApp, etc.), data will additionally flow to those services under their own terms. We do not have a data processing agreement with services you choose to activate.
8. International Data Transfers
Personal data is stored in the European Union (Supabase, region eu-west-1, Ireland). Other personal data may be processed outside the EU by:
- Vercel (hosting): processes server requests from a global edge network, including the United States. IP addresses are temporarily stored in Vercel's access logs.
- Stripe (payments): processes payment data in the EU and the United States.
Both transfers rely on standard contractual clauses approved by the European Commission as the legal mechanism for international data transfers.
9. Data Retention
- Account data: retained for the duration of your subscription and for up to 12 months after cancellation, unless you request earlier deletion.
- Skool data synced to your CRM: retained as long as your account is active. You can delete specific records at any time from the CRM interface.
- Logs: retained for up to 30 days.
- Skool authentication cookies: never stored.
10. Your Rights
If you are located in the European Economic Area, the United Kingdom, or any jurisdiction with comparable data protection laws, you have the following rights:
- Access: request a copy of the personal data we hold about you.
- Rectification: request correction of inaccurate data.
- Erasure: request deletion of your data ("right to be forgotten").
- Restriction: request that we limit how we process your data.
- Portability: request your data in a machine-readable format.
- Objection: object to processing based on legitimate interest.
- Withdraw consent: for any processing based on consent.
To exercise any of these rights, email us at soporte@synkrea.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Spanish data protection authority (Agencia Española de Protección de Datos, aepd.es).
11. Security
We implement reasonable technical and organisational measures to protect your data, including encryption in transit (HTTPS), encryption at rest (Supabase), restricted access to production systems, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
12. Children
The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at soporte@synkrea.com and we will delete it.
13. Chrome Web Store Compliance
In accordance with the Chrome Web Store Developer Program Policies, we confirm:
- We do not sell user data to third parties.
- We do not use or transfer user data for purposes unrelated to the Extension's single purpose.
- We do not use or transfer user data to determine creditworthiness or for lending purposes.
14. Changes to This Policy
We may update this policy from time to time. When we make material changes, we will notify you by email (to the address associated with your Synkrea account) at least 14 days before the change takes effect. The "Last updated" date at the top of this policy reflects when the latest change was made.
15. Contact
For any question regarding this policy or your personal data:
Rafael Ferrero Conde
c/ Agrillent 13, 46870 Ontinyent (Valencia), Spain
soporte@synkrea.com