We wrote this to be understandable. Where a section has a fine-print obligation, we say so plainly; where you have a choice, we tell you how to make it.
Who we are and what this covers
CommSync is a unified messaging inbox operated by Haven Media Solutions LLC(“CommSync,”“we,” “us,” or “our”). This Privacy Policy explains what information we collect when you use our websites, applications, and APIs (together, the “Service”), how we use and share it, and the choices and rights you have.
CommSync is a business tool. When you connect a phone number or mailbox, you use it to send and receive messages with your own contacts. For that data, you act as the controller of your contacts’ information and we act as your processor — we handle it to provide the Service to you and on your instructions. For your own account information, we are the controller. This policy should be read together with our Terms of Service and our Security overview.
We collect what we need to run a messaging inbox and bill for it. We do not sell your data, and we do not use the content of your messages for advertising or to train our own models.
Information we collect
We collect the following categories of information:
- Account & profile
- Your name, email address, and a securely hashed password. If you join or create a workspace, your role and team membership.
- Channels you connect
- Phone numbers (via Skyetel or JustCall) and email accounts. For mailboxes, we store the IMAP/SMTP server settings and credentials you provide, which are encrypted before they are written to our database.
- Message content
- The SMS and email messages you send and receive through the Service, including subjects, bodies, headers, timestamps, delivery status, and any file attachments.
- Contacts
- The people you communicate with — names, phone numbers, email addresses, and any notes or labels you add — and the relationships our identity-matching builds between them.
- Billing
- Your subscription tier, seat count, and billing status. Card payments are processed by Stripe; we receive identifiers and status from Stripe but never store full card numbers on our systems.
- Usage & device
- Log data such as IP address, browser type, pages and features used, and timestamps. We use this for security, debugging, rate-limiting, and improving the Service.
You can choose not to provide some information, but parts of the Service may not work without it — for example, we cannot sync a mailbox without its credentials.
Your messages, contacts, and files
The heart of CommSync is the content that flows through it. We treat that content as confidential and handle it only to operate the Service for you:
- We transmit on your behalf. When you send a message, we relay it through the relevant carrier or your email provider. When you receive one, we sync it into your inbox.
- We do not sell it. We never sell or rent your messages, contacts, or attachments, and we do not share them with third parties for their own marketing.
- We do not use it to train our own models. Message content is not used to build advertising profiles or to train CommSync’s own machine-learning models.
- You are responsible for your recipients. You are responsible for having a lawful basis and any required consent to message the people you contact, and for the content you send (see our Terms of Service).
How we use information
We use the information we collect to:
- Provide, maintain, and secure the Service and sync your channels;
- Authenticate you and protect accounts against abuse and fraud;
- Power features you turn on — unified threading, identity matching, search, labels, shared contacts, and optional AI assistance;
- Process payments, manage subscriptions, and meter usage against your plan;
- Provide support and respond to your requests;
- Diagnose problems, monitor performance, and improve reliability and features;
- Comply with law and enforce our agreements, including detecting and preventing prohibited uses.
Where the law requires a legal basis to process personal data, we rely on performance of our contract with you, our legitimate interests in operating and securing the Service, your consent (where asked for), and compliance with legal obligations.
Optional AI features
CommSync offers optional AI assistance — automatic labelling, merge suggestions, daily digests, and thread titles. When these features are enabled, relevant message content is sent to our AI inference provider (Groq) to generate the result, which is returned to your inbox.
- AI features are off unless enabled and can be turned off at any time in settings;
- We operate these features under data-processing terms that restrict the provider from using your content to train its models;
- Outputs are assistive only — for example, every AI-suggested reply is sent only when you choose to send it.
How long we keep data
We keep information for as long as your account is active and as needed to provide the Service. Specifically:
- Messages and contacts persist in your inbox until you delete them or close your account;
- Items you move to Trash are permanently removed after roughly 30 days;
- When you delete your account, we delete your personal data and per-user content, subject to short operational backup windows and any data we must retain to meet legal, tax, or accounting obligations or to resolve disputes;
- We may retain de-identified or aggregated data that no longer identifies you.
How we protect information
We encrypt data in transit with TLS and at rest, encrypt the credentials you entrust to us with authenticated AES-256 encryption, hash passwords, and isolate each workspace’s data behind role-based access controls. No method of transmission or storage is perfectly secure, but we work hard to protect your information.
Our Security overview describes our safeguards in detail and explains how to report a vulnerability.
Your choices and rights
You can access and update most of your information directly in the app, and you can delete your account at any time from your account settings, which removes your personal data and per-user content as described above.
Depending on where you live, you may have rights to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. We honor these rights and do not discriminate against you for exercising them. We do not sell personal information or share it for cross-context behavioral advertising. To make a request, email [email protected]— we may need to verify your identity first.
If you use CommSync through a workspace administered by someone else, please direct rights requests about that workspace’s data to your administrator; we will assist them as their processor.
International users and data location
CommSync is operated from the United States, and we and our subprocessors store and process information in the United States and other countries. If you use the Service from outside the United States, you understand that your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your country. Where required, we put appropriate safeguards in place for such transfers.
Children's privacy
CommSync is a business product intended for adults. It is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you in the app or by email. Your continued use of the Service after an update means you accept the revised policy.
How to contact us
Questions about this policy or your data? Email us at [email protected] or write to Haven Media Solutions LLC. We’re happy to help.
If anything here is unclear, we’re glad to explain it in plain language. Email [email protected] or use our contact page.