1. Scope and who we are
This Privacy Policy applies to the SunSync iPhone and Apple Watch applications, widgets, website, and related services (collectively, the "Services"). The Services are provided by SunSync ("SunSync," "we," "us," or "our"), a product by Oscillara.
SunSync is a consumer wellness tool, not a healthcare provider, and information in the Services is not a medical record. This policy does not cover third-party services under their own privacy policies.
2. Information we collect
Account and authentication information
When you create an account, we receive your Firebase user identifier, email address, sign-in provider, and authentication status. You may sign in using email and password, Sign in with Apple, or Google Sign-In. Firebase Authentication handles passwords; SunSync does not receive or store your plaintext password.
Profile and personalization information
You may provide your name, age range, biological sex, Fitzpatrick skin type, onboarding status, and settings. We use this information to personalize estimates, reminders, and the app experience. Skin type, sex, and age information may be considered sensitive personal information in some jurisdictions.
Sun exposure and sunscreen information
SunSync may process sunscreen SPF, water-resistance choices, activities, UV conditions, session duration, protection scores, timestamps, reapplication activity, and session location. Sunscreen profiles and session history are currently stored locally on your device and shared App Group so they can work with Apple Watch and widgets.
Precise location and weather
With your permission, SunSync accesses location while you use the app. Coordinates are sent to Apple WeatherKit to obtain local weather and UV information. Session coordinates may also be saved with local session history. SunSync does not request background location.
Usage, analytics, and technical information
Firebase Analytics and related SDKs may collect app opens, sessions, screen views, sign-up and sign-in events, onboarding progress, session events, paywall and purchase events, app-instance identifiers, device model, operating-system version, IP-derived information, and diagnostic data. Analytics may be associated with your Firebase user ID. SunSync does not use Apple's advertising identifier (IDFA) or App Tracking Transparency permission and does not use this information for cross-app advertising.
Purchases and subscriptions
Apple processes App Store payments. RevenueCat receives a SunSync user identifier and subscription receipt or entitlement information so we can provide and restore SunSync Plus. We do not receive your full payment-card details.
Information stored on your device
SunSync uses local preferences and files for session history, active sessions, sunscreen profiles, Apple Watch session state, and cached UV data. This information may remain until you delete it, delete your account where applicable, or uninstall the app.
3. How we use information
- Provide accounts, authentication, syncing, widgets, and Apple Watch features.
- Calculate and display UV conditions, protection timing, scores, and reminders.
- Personalize the Services using the profile and preferences you choose to provide.
- Process, verify, restore, and manage SunSync Plus subscriptions.
- Send notifications you request, such as reapplication and UV alerts.
- Understand feature use, troubleshoot problems, secure accounts, and improve reliability.
- Comply with law, enforce our Terms, and protect users, SunSync, and others.
4. Legal bases for processing
Where the law requires a legal basis, we process information as needed to perform our contract with you, with your consent, for our legitimate interests in operating and improving the Services, and to comply with legal obligations. We rely on consent where required for precise location, notifications, and information treated as sensitive under applicable law. You can withdraw consent through device settings or by contacting us, although this does not affect earlier processing.
5. When we disclose information
We disclose information only as reasonably necessary to the following recipients:
- Google Firebase and Google Sign-In: authentication, cloud profile storage, analytics, security, and diagnostics.
- Apple: Sign in with Apple, WeatherKit, App Store and StoreKit purchases, Apple Watch functionality, and notifications.
- RevenueCat: subscription status, entitlement management, and purchase restoration.
- Authorities or other parties: when required by law or reasonably necessary to protect rights, safety, security, and the integrity of the Services.
- A successor organization: in connection with a merger, financing, reorganization, or sale, subject to appropriate safeguards and notice where required.
These providers may process information in accordance with their own terms and privacy notices. SunSync does not sell personal information, share it for cross-context behavioral advertising, or use it to serve targeted ads.
6. Retention and deletion
We keep account and cloud profile information while your account is active and as needed to provide the Services. We may retain limited records longer when required for security, fraud prevention, legal compliance, dispute resolution, or enforcement. Analytics and diagnostic information is retained according to our provider settings and applicable law.
You can request account deletion from within SunSync. Deleting your account deletes your Firebase Authentication account and SunSync cloud user profile. Local SunSync data is removed through the app's deletion flow where supported and can also be removed by uninstalling the app. Apple and RevenueCat may retain transaction records or other data they are legally required or independently permitted to keep.
7. Your choices and privacy rights
- Change location and notification permissions in iOS Settings.
- Review and correct profile information in the app.
- Delete your SunSync account using the in-app account deletion control.
- Contact us to request access, correction, deletion, portability, restriction, or objection where applicable.
California residents may request to know, correct, or delete covered personal information and may exercise applicable rights concerning sensitive personal information without discrimination. SunSync does not sell or share personal information as those terms are defined for cross-context behavioral advertising. Residents of the EEA, United Kingdom, and other regions may have additional rights, including the right to complain to a local data protection authority. We may need to verify your identity before completing a request.
8. Children and teens
SunSync is not directed to children under 13, and we do not knowingly collect personal information from a child under 13. Users under the age of legal majority must have a parent or legal guardian's permission to use the Services. If you believe a child under 13 has provided information, contact us so we can investigate and delete it.
9. Security and international transfers
We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. No storage or transmission method is completely secure, so we cannot guarantee absolute security. SunSync and its providers may process information in the United States and other countries. Where required, we use recognized transfer mechanisms and safeguards.
10. Changes to this policy
We may update this policy as the Services, providers, or law change. We will post the revised policy with a new effective date and provide additional notice when required. Continued use after an update means the revised policy applies to future use.
11. Contact us
For privacy questions or requests, email SunSync@oscillara.dev. Please include "Privacy Request" in the subject line and identify the right you wish to exercise.