SceneSync Privacy Policy

Last Updated: December 2025

Overview

SceneSync (“we,” “our,” “us”) operates the SceneSync mobile application and website. This Privacy Policy explains how we collect, use, store, and protect your information.

For clarity: the Feedback Assistant is optional, and when used, only the text you choose to submit is transmitted for processing. OpenAI does not use API data to train or aggregate its models.

By using SceneSync, you agree to the practices described in this policy.

Information We Collect

Account Information

We collect:

  • Email address
  • Display name (optional)
  • Authentication credentials (managed by Firebase Authentication)

Content You Create

We store any content you choose to save in the app:

  • Scene plans
  • Reflections
  • Requests for AI feedback
  • Beta surveys and microsurveys

All user-generated content is stored securely in Firebase Firestore.

Usage Data

We automatically collect:

  • Device information
  • Operating system version
  • App version and build number
  • Session duration and screen views
  • Error and crash diagnostics
  • Token usage events (timestamped)

We do not collect:

  • Location data
  • Contacts or address book
  • Photos or media unless you deliberately upload them
  • Biometric data

How We Use Your Information

Provide Core Functionality

  • Authenticate your account
  • Store and sync your scene plans and reflections
  • Process your Feedback Assistant requests
  • Maintain token balances and token usage history

Improve the App

  • Debug errors
  • Analyze which features are used
  • Identify performance issues
  • Support beta testing and product development

Communicate With You

  • Important service updates
  • Beta-testing notifications
  • Responses to support inquiries

Legal and Security Purposes

  • Prevent fraud or misuse
  • Comply with regulations
  • Enforce our Terms of Service

We do NOT:

  • Sell your personal data
  • Use scene plans or reflections for advertising
  • Share your content with anyone without your permission

AI Feedback Processing

How It Works

When you run the Feedback Assistant:

  • The text you submit (scene plan or reflection) is sent from our Firebase Cloud Function to OpenAI’s API.
  • The request is made server-side, not from your device.
  • Only the content necessary to generate feedback is transmitted.

What OpenAI Receives

  • The text you submitted for analysis
  • No account details, no tokens, no device metadata

OpenAI Data Handling

OpenAI publicly states:

  • API data is not used to train or improve OpenAI models by default
  • Customers may opt in to data sharing for model improvement — SceneSync does not opt in
  • Temporary logs may be retained for abuse prevention and diagnostics

We do not permit OpenAI to use scene content for training, aggregation, or dataset creation.

Sources:

Data Storage and Security

Infrastructure

SceneSync uses Google Firebase for:

  • Authentication
  • Firestore Database
  • Cloud Functions
  • Cloud Storage

Your data resides in Google Cloud data centers in the region configured for the project (generally the United States).

Security Protections

  • All network traffic encrypted with HTTPS/TLS
  • Data encrypted at rest using AES-based Google-managed encryption
  • Firebase Security Rules restrict client-side access
  • Rate limits and abuse-prevention controls
  • Automated patching and security maintenance by Google Cloud

Important Clarification

  • Firebase Security Rules prevent other users from accessing your data.
  • Authorized project administrators (backend-only) technically can access Firestore data, as with any cloud backend.
  • We access user content only when necessary, such as:
    • When you request support
    • When investigating abuse or security concerns
    • When legally required

Data Retention

Active Accounts

Your data remains in Firestore and Firebase Authentication as long as your account is active.

Account Deletion

If you request deletion:

  • Your Firestore documents and Firebase Auth user are permanently removed from active storage.
  • Google Cloud’s underlying encrypted backups may retain deleted data for a limited period (typically up to ~180 days), per Google’s standard data deletion policies.

Beta Testing Data

  • Survey responses and activity metrics may be retained to evaluate feature performance and improve the product.
  • Where possible, aggregate or de-identified forms are used.

(We do not promise specific numeric deletion timelines unless we can technically enforce them.)

Third-Party Services

Google Firebase

Purpose: Authentication, database, cloud functions, storage
Data Shared: Email, display name, app content, usage data
Policy: https://firebase.google.com/support/privacy

OpenAI (Feedback Assistant)

Purpose: Generate feedback for scene plans and reflections
Data Shared: Only the text you explicitly submit for analysis
Policy: https://openai.com/policies/privacy-policy
Important: OpenAI does not use API data to train or aggregate its models, and we do not opt in to any data-sharing programs that would allow training on your content.

EmailJS

Purpose: Automated emails for beta testing and system notifications
Data Shared: Email address, display name (if provided)
Policy: https://www.emailjs.com/legal/privacy-policy

Your Privacy Rights

You have the right to:

Access

Request the data we hold about you.

Delete

Request permanent deletion of your account and all associated data.
(This is performed manually by contacting support.)

Export

Request a JSON export of your scene plans, reflections, and account info.

Correct

Ask us to update inaccurate personal information.

Restrict or Object

Request limits on how your data is used.

Withdraw Consent

You may withdraw consent for any non-essential processing.

How to Exercise These Rights

Email: support@scenesync.app
Subject Line: Data Request – [Type]

Include:

  • Your account email
  • Your request details

We respond within:

  • 30 days for standard requests
  • Up to 90 days for complex cases
  • 24 hours for urgent security issues

There is no charge unless a request is excessive or repetitive.

International Data Transfers

Your data may be processed in the United States.

Google relies on:

  • Standard Contractual Clauses (SCCs)
  • EU–US Data Privacy Framework (DPF)

These mechanisms support GDPR-compliant transfers.

Children’s Privacy

SceneSync is for adults 18 and older only.

We do not knowingly collect information from anyone under 18.

If an underage account is discovered:

  1. The account is deleted
  2. All data associated with it is removed
  3. Notice is sent to the registered email

Report concerns to: support@scenesync.app

Data Breach Notification

If a breach occurs that may impact your personal information, we will notify you without undue delay and generally within 72 hours when legally required.

Changes to This Policy

We may update this policy as the app evolves or laws change.

When updated:

  • The “Last Updated” date changes
  • Material changes are communicated via email or in-app notification

If you disagree with changes, you may stop using SceneSync or request account deletion.

Contact Us

support@scenesync.app
https://scenesync.app

Scroll to Top