// Legal_Document

Privacy Policy

Effective: 1 March 2026 · Last updated: 1 March 2026

1. Who we are

Nanosync Inc. ("Nanosync", "we", "us") operates the website at nanosync.dev and the Nanosync data replication platform. We are incorporated in the State of Delaware, United States. This Privacy Policy explains how we collect, use, and protect your personal information.

Questions or requests: legal@nanosync.dev

2. Data we collect

Early Access Requests

When you submit a request for early access, we collect your email address, job title, company name, and any other information you voluntarily provide in the form. We use this to evaluate access requests and communicate product updates.

Usage Analytics

We use Google Analytics 4 to understand how visitors interact with our website. Google Analytics collects data including your IP address (anonymised), browser type, device type, pages visited, and session duration. This data is processed by Google LLC under Google's privacy policy. We do not use this data to identify you personally.

Google Analytics sets cookies (e.g. _ga, _ga_*) to distinguish visitors and track sessions. These cookies persist for up to 2 years. You can opt out via your browser settings or Google's opt-out tool.

Platform Data (Future)

When the Nanosync platform is available, pipeline configuration data, connection metadata, and usage metrics will be collected. A separate data processing addendum (DPA) will govern this data. No platform data is collected at this time.

3. How we use your data

→To evaluate and respond to early access requests.

→To send product updates, launch announcements, and relevant communications (you can unsubscribe at any time).

→To understand website traffic and improve our content using aggregated, anonymised analytics.

→To comply with applicable US federal and state legal obligations.

We do not sell your personal information to third parties. We do not use your data for automated decision-making that produces legal effects.

4. Legal basis for processing

We process your personal information on the following bases:

→Consent — for marketing communications and analytics cookies.

→Legitimate interests — for website security, fraud prevention, and product improvement.

→Legal obligation — where required by applicable US federal or state law.

If you are a resident of the European Economic Area, the UK, or another jurisdiction with equivalent data protection laws, we rely on the same bases as defined under the GDPR or applicable local law, and we will honour your rights under those frameworks.

5. Data sharing

We share data only with the following categories of third parties, under appropriate data protection agreements:

→Google LLC — analytics (Google Analytics 4), subject to Google's privacy policy and standard contractual clauses where applicable.

→Form providers — if you submit a form via Tally or a similar service, their privacy policy governs data at the point of collection.

→Legal authorities — where required by US federal or state law, regulation, or valid legal process.

6. Data retention

Early access contact data is retained until you withdraw consent or request deletion. Analytics data is retained per Google Analytics' default retention settings (14 months). We review retention annually and delete data we no longer need.

7. Your rights

Depending on where you reside, you may have the following rights regarding your personal information:

→Access the personal information we hold about you.

→Correct inaccurate or incomplete information.

→Request deletion of your personal information.

→Opt out of the sale or sharing of personal information (we do not sell personal information).

→Withdraw consent at any time without affecting prior processing.

→Data portability (where technically feasible).

→Non-discrimination for exercising your rights.

California residents may exercise rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt out. To submit a request, email legal@nanosync.dev. We will respond within 45 days as required by law.

Residents of other jurisdictions with applicable data protection laws (EEA, UK, etc.) may contact us at the same address. We will respond within 30 days.

8. Security

We implement technical and organisational measures appropriate to the risk, including TLS encryption in transit, access controls, and regular security reviews. No method of transmission over the internet is 100% secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable US federal and state breach notification laws.

9. Children

Our services are not directed at children under 13. We do not knowingly collect personal information from children under 13 in a manner that is inconsistent with the Children's Online Privacy Protection Act (COPPA). If you believe we have done so, contact us at legal@nanosync.dev and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by updating the "Last updated" date above and, where appropriate, by email. Continued use of our website after changes constitutes acceptance of the updated policy.

11. Governing law

This Privacy Policy is governed by the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any disputes shall be subject to the exclusive jurisdiction of the state and federal courts located in Delaware.

Nanosync Inc. · Delaware, United States · legal@nanosync.dev