Privacy policy

Privacy Policy

Last updated: 15th November 2025

1. Introduction

SYNC Health ("SYNC," "we," "us," or "our") operates the website beinsync.co and related services (collectively, the "Services"). We are committed to protecting your privacy and being transparent about how we collect, use, store, and share your personal information.

This Privacy Policy applies to all information collected through our website, mobile applications, SmartStack™ personalisation quiz, email and SMS communications, customer accounts, and any other services we offer that reference this policy.

SYNC is a personalised supplement company. Many of our products and services are tailored to your individual health profile, which means we collect and process health-related information that we treat with the highest level of care. Please read this policy carefully to understand how we handle your data.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent as our legal basis for processing your information, we will obtain that consent explicitly at the point of collection.

2. Information We Collect

A. Information You Provide Directly

Account Information: Name, email address, phone number, mailing address, password (stored in encrypted form), and account preferences.

Health & Wellness Information: Responses to our SmartStack™ quiz and health assessments, including information about your sleep patterns, energy levels, stress, digestive health, cognitive function, mood, immunity, weight management goals, skin and hair health, hormonal health, menstrual cycle status, reproductive status, supplement history, dietary habits, lifestyle factors, and health goals. This information is classified as sensitive personal information and is collected only with your explicit consent.

Wearable & Connected Device Data: If you choose to connect a wearable device or health application to your SYNC account, we may receive data including sleep metrics, heart rate, recovery scores, activity levels, and other biometric data. This data is only collected with your explicit, informed consent and you may disconnect your device at any time through your account settings.

Payment & Transaction Information: Billing address, order history, purchase details, and subscription information. We do not store full credit card numbers — payment processing is handled by our third-party payment processor.

Communications: Messages you send to our support team, feedback, product reviews, testimonials, survey responses, and any other content you voluntarily submit to us.

B. Information Collected Automatically

Device & Technical Information: Browser type, operating system, device type, mobile device identifiers, IP address, and general location data derived from IP address.

Usage Information: Pages visited, time spent on pages, navigation paths, click patterns, scroll behaviour, search queries, cart activity, and interactions with emails and SMS messages.

Cookies & Tracking Technologies: We use cookies, pixels, web beacons, and similar technologies to collect information about how you interact with our Services. See Section 6 for full details.

C. Information from Third Parties

Advertising & Analytics Partners: We may receive information about your interactions with our advertisements on third-party platforms, including Meta (Facebook/Instagram), Google, and TikTok.

Authentication Providers: If you log in using a third-party service such as Google or Facebook, we receive basic profile information (name, email) as authorised by your settings on that platform.

Publicly Available Information: We may collect information from publicly available sources to supplement our records where permitted by law.

We may combine information from these sources to provide a more personalised experience.

3. How We Use Your Information

We use the information we collect for the following purposes:

Personalisation & Product Delivery: To create your personalised supplement formulations based on your health profile, quiz responses, and connected device data. To process, fulfil, and ship your orders.

Account Management: To create and manage your SYNC account, authenticate your identity, and maintain your preferences and health profile.

Health Profile Maintenance & Improvement: To store and maintain your health profile over time, including periodic check-in data and tracked outcomes, to improve the accuracy of your personalised recommendations and to support your ongoing wellness goals. Your health data may be retained in a longitudinal profile that enables us to track progress, refine recommendations, and provide increasingly personalised guidance.

Subscription Management: To process subscription renewals, manage billing, send renewal reminders, and process cancellation, pause, skip, or modification requests.

Communication: To respond to your enquiries, send order confirmations and shipping updates, deliver renewal reminders, and provide customer support.

Marketing & Promotions: To send promotional emails, SMS messages, and personalised offers where you have consented to receive them. You may opt out at any time (see Section 8).

Advertising: To deliver and measure the effectiveness of advertising on third-party platforms. This may involve sharing certain information with advertising partners (see Section 5).

Analytics & Improvement: To analyse usage patterns, conduct A/B testing, improve our website and services, develop new products, and enhance the accuracy of our recommendation engine.

Fraud Prevention & Security: To detect and prevent fraud, protect our systems, and ensure the security of your account and data.

Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, including responding to lawful requests from public authorities.

Aggregated Research & Product Development: To create aggregated, de-identified datasets for internal research, product development, and population-level wellness insights. Aggregated data cannot be used to identify you individually.

4. Health Data: Special Protections

SYNC collects health-related information that we classify as sensitive personal information. We apply additional protections to this data:

Explicit Consent: We collect health and wellness data only after obtaining your explicit, informed consent. This consent is obtained at the point of collection — for example, before you begin the SmartStack™ quiz or when you choose to connect a wearable device. You are not required to provide health data to make a purchase, but certain personalisation features require it.

Purpose Limitation: Your health data is used solely for the purposes described in this policy — primarily to personalise your supplement recommendations, maintain your health profile, and improve our services. We do not sell your health data to third parties.

Access Controls: Health data is subject to restricted access controls within our organisation. Only authorised personnel involved in product personalisation, customer support, and service improvement have access to individual health records.

Right to Withdraw Consent: You may withdraw your consent for health data processing at any time by contacting us at hello@beinsync.co. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal. Please note that withdrawing consent for health data processing may limit our ability to provide personalised services.

Data Minimisation: We collect only the health data necessary to deliver the personalisation services you have requested.

5. How We Share Your Information

We do not sell your personal information for monetary consideration. We may share your information with the following categories of third parties:

Service Providers: Third parties that help us operate our business, including website hosting, cloud infrastructure, order fulfilment and manufacturing, subscription billing, payment processing, email and SMS marketing platforms, customer support tools, and analytics providers. These partners process your data only on our behalf, under contractual obligations to protect your information, and may not use it for their own purposes.

Advertising & Analytics Partners: We work with advertising platforms including Meta (Facebook/Instagram), Google, and TikTok to deliver and measure advertising. These partners may receive information about your interactions with our Services — including page views, purchase events, and quiz engagement — through tracking technologies such as pixels and conversion APIs. This data is used to deliver relevant advertising, measure ad performance, and build audience segments. Where required by law, we obtain your consent before sharing data for advertising purposes. See Section 6 for information about opting out.

Business Transitions: In the event of a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your information may be transferred to a successor entity. We will provide notice if your information becomes subject to a different privacy policy.

Legal Obligations: We may disclose your information to law enforcement, regulatory authorities, or courts when required by law, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of SYNC, our users, or the public.

With Your Consent: We may share your information with other third parties when you have given us explicit consent to do so.

Aggregated or De-Identified Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you with partners for research, analytics, or business development purposes.

6. Cookies, Tracking Technologies & Advertising

What We Use

We use the following technologies to collect information about your activity on our Services:

Cookies: Small text files stored on your device that help us remember your preferences, understand how you use our site, and improve your experience.

Pixels & Web Beacons: Small code snippets embedded in our website and emails that allow us and our partners to track page views, conversions, and email engagement.

Meta Pixel & Conversions API: We use Meta's tracking tools to measure the effectiveness of our advertising on Facebook and Instagram. These tools may transmit data about your activity on our site — including pages viewed, products viewed, quiz interactions, and purchase events — to Meta. Meta may use this information in accordance with its own privacy policy to deliver targeted advertising across its platforms.

Google Analytics & Google Ads: We use Google's analytics and advertising tools to understand site traffic, measure ad performance, and deliver relevant ads.

Session Recording & Heatmaps: We may use tools that record anonymised session data including click patterns, scroll behaviour, and navigation paths to improve site usability.

Managing Your Preferences

Cookie Banner: When you first visit our site, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies.

Browser Settings: You can adjust your browser settings to block or delete cookies. Note that disabling cookies may affect site functionality.

Global Privacy Control (GPC): We honour Global Privacy Control signals. If your browser sends a GPC signal, we will treat it as a request to opt out of the sale or sharing of your personal information for targeted advertising.

Do Not Track: We honour Do Not Track signals where technically feasible.

Opt-Out of Interest-Based Advertising:

  • Digital Advertising Alliance: http://www.aboutads.info/choices
  • Network Advertising Initiative: http://www.networkadvertising.org/choices/

Please note that opting out of interest-based advertising does not mean you will stop seeing ads — only that the ads will not be personalised based on your browsing activity.

7. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes described in this policy, including:

Account Data: Retained for the duration of your active account and for up to 24 months after account closure or subscription cancellation, unless you request earlier deletion.

Health & Wellness Data: Your health profile, quiz responses, check-in data, and connected device data may be retained for up to 36 months after your last interaction with our Services, to support longitudinal wellness tracking and recommendation improvement. If you request deletion of your health data, we will process that request within 45 calendar days, subject to any legal obligations that require us to retain certain records.

Transaction & Order Data: Retained for up to 7 years to comply with tax, accounting, and legal obligations.

Marketing & Communication Data: Retained until you unsubscribe or request deletion. We will process opt-out requests within 10 business days.

Aggregated & De-Identified Data: Data that has been aggregated or de-identified such that it cannot reasonably identify you may be retained indefinitely for research and product development purposes.

We periodically review our retention practices and delete or anonymise information that is no longer necessary.

8. Your Privacy Rights

All Users

Regardless of your location, you may:

  • Access the personal information we hold about you
  • Correct inaccurate personal information
  • Delete your account and request deletion of your personal information
  • Opt out of marketing emails by clicking the unsubscribe link in any email, or by contacting us
  • Opt out of SMS marketing by replying STOP to any message
  • Withdraw consent for health data processing at any time
  • Request data portability — receive a copy of your personal information in a structured, commonly used, machine-readable format

State-Specific Rights (California, Colorado, Connecticut, Virginia, Utah, and other applicable states)

If you are a resident of a state with a comprehensive privacy law, you may also have the right to:

  • Know what personal information we have collected, the categories of sources, the purposes of collection, and the categories of third parties with whom we have shared it
  • Delete your personal information, subject to certain legal exceptions
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information for targeted advertising purposes
  • Limit the use of sensitive personal information to purposes necessary to provide the services you have requested
  • Appeal a denial of your privacy request (available to residents of Colorado, Connecticut, and Virginia)

How to Submit a Request: Email hello@beinsync.co with the subject line "Privacy Request" and a description of your request. We may verify your identity before processing your request. You will receive acknowledgement within 10 business days and a substantive response within 45 calendar days. If additional time is needed, we will notify you of the extension and the reason.

Do Not Sell or Share My Personal Information: To opt out of the sale or sharing of your personal information for targeted advertising, click the "Do Not Sell or Share My Personal Information" link in the footer of our website, enable Global Privacy Control in your browser, or contact us directly at hello@beinsync.co. We aim to process opt-out requests within 15 business days.

Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, a different quality of service, or be denied access to our Services because you exercised a privacy right.

9. SMS & Text Message Communications

If you opt in to receive SMS or text messages from SYNC, you consent to receive recurring automated marketing and transactional messages at the phone number you provided. Message frequency varies. Message and data rates may apply.

Consent is not a condition of purchase. You may opt out at any time by replying STOP to any message. After opting out, you may receive a single confirmation message. For help, reply HELP or contact hello@beinsync.co.

We will not share your phone number with third parties for their marketing purposes without your explicit consent.

10. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have collected personal information from a minor under 18, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided personal information to SYNC, please contact us at hello@beinsync.co and we will delete the information.

11. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorised access, use, alteration, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and employee training.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify affected users and applicable regulatory authorities in accordance with applicable law, including within the timeframes required by state breach notification statutes.

12. Third-Party Websites & Services

Our Services may contain links to third-party websites, platforms, or services that are not operated by SYNC. We are not responsible for the privacy practices, content, or security of these external sites.

We encourage you to review the privacy policies of any third-party services before providing your personal information. Information you share with third-party websites is governed by their respective privacy policies, not this one.

13. Medical Disclaimer

The content and information provided through SYNC's Services — including product descriptions, quiz results, personalised recommendations, and educational materials — are for informational purposes only and are not intended as a substitute for professional medical advice, diagnosis, or treatment.

Always consult your physician or a qualified healthcare provider before starting any supplement regimen, particularly if you are pregnant, nursing, taking medication, or managing a medical condition. Do not disregard professional medical advice or delay seeking treatment because of information received through our Services.

SYNC Health supplements are not intended to diagnose, treat, cure, or prevent any disease. These statements have not been evaluated by the Food and Drug Administration.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Provide notice through our Services or via email at least 15 calendar days before the changes take effect
  • Where required by law, obtain your consent to material changes

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

15. Contact Us

If you have questions or concerns about this Privacy Policy, your personal information, or wish to exercise any of your privacy rights, please contact us:

Email: hello@beinsync.co Subject line: Privacy Request (for rights requests) or Privacy Enquiry (for general questions) Response time: Within 24–48 business hours for general enquiries. Privacy rights requests will be acknowledged within 10 business days.

SYNC Health | beinsync.co This policy is subject to change. The version in effect at the time of your interaction with our Services applies to your data.