This Privacy Policy explains how Prakhar Bhaarat Enterprises ("PBE," "we," "us"), operating through its development arm Prakhar Bhaarat Tech Studio ("PBTS"), collects, uses, stores, and protects information through the AgencySync platform (the "Portal") and the public-facing AgencySync website at this domain (the "Website"). By using the Website or Portal, you agree to the practices described herein.

1. Who We Are

AgencySync is developed by Prakhar Bhaarat Tech Studio (PBTS), under the entity Prakhar Bhaarat Enterprises (PBE), registered in India. For the purposes of applicable data protection law, PBE is the Data Controller for data collected through the Website (waitlist, contact forms) and the Data Processor for agency and client data entered into the Portal by our customers.

2. Information We Collect

2.1 Website Visitors (No Account Required)

When you visit the public Website, we may collect:

2.2 Agency Accounts (Portal Users)

When an agency registers and uses the Portal, we collect and process:

2.3 Client Portal Users

Clients who log in to an agency's branded portal access their own data only. We process:

2.4 Information We Do NOT Collect

3. How We Use Your Information

4. Third-Party Services & Data Sharing

We share data only with the following categories of service providers, and only to the extent necessary to deliver the platform:

4.1 Supabase (Infrastructure Provider)

Supabase hosts our database, authentication system, file storage, and real-time messaging infrastructure. All agency and client data resides in our Supabase project. Supabase acts as a Data Processor under our instructions. Supabase's own privacy policy governs their infrastructure practices.

4.2 Razorpay (Payment Processor)

Razorpay processes all payments on the platform — both agency subscription payments and Exchange marketplace purchases. When a payment is initiated, Razorpay receives the order amount, currency, and receipt ID from our server. The buyer's payment instrument details (card, UPI, net banking) are collected and processed entirely by Razorpay. We receive only a Payment ID and order status in return. Razorpay is PCI-DSS compliant.

4.3 AI Providers (Agency-Configured, BYOK)

When an agency enables AI features, conversation data (chat messages, invoice descriptions) is sent to the AI provider the agency has selected and credentialed:

Each agency uses their own API key (BYOK). We do not maintain a shared key. Data sent to AI providers is subject to the respective provider's data processing terms. We recommend agencies review their chosen provider's policies. AI features are entirely opt-in — agencies that do not configure an AI key will not have any data sent to external AI services.

4.4 Google Fonts

The Website loads the Inter typeface from Google Fonts (fonts.googleapis.com). This results in your browser making requests to Google's CDN, which may log IP addresses per Google's privacy policy. No personally identifiable information is transmitted by us.

4.5 SnappyMail (Embedded Webmail)

The integrated webmail client (SnappyMail v2.38.2) runs within the Portal and connects directly to the agency's configured IMAP/SMTP mail server. Email data transits between the browser and the mail server. We do not intercept, store, or index any email content.

4.6 No Sale of Data

We do not sell, rent, or trade personal information to any third party. We do not use your data for advertising, profiling, or cross-platform tracking.

5. Data Security

5.1 Encryption

5.2 Multi-Tenant Data Isolation

AgencySync is a multi-tenant platform. Data isolation between agencies is enforced at the database level using PostgreSQL Row-Level Security (RLS) policies. Every table containing agency or client data includes RLS policies that restrict access based on the authenticated user's agency membership. This means:

5.3 Session Management

User sessions are authenticated via JWT tokens issued by Supabase Auth, stored server-side in PHP sessions (not in browser cookies or localStorage). Tokens have a configurable expiration and are automatically refreshed. Sessions expire after 24 hours of inactivity.

6. Data Retention

7. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

To exercise any of these rights, contact us at the address provided in Section 11.

8. Cookies & Local Storage

9. Children's Privacy

AgencySync is a B2B platform designed for professional agency use. We do not knowingly collect data from individuals under the age of 18. If you believe a minor has submitted data through our platform, contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of the Website or Portal after changes constitutes acceptance of the revised policy.

11. Contact Us

For privacy-related inquiries, data access requests, or complaints:

Prakhar Bhaarat Enterprises (PBE)
Development: Prakhar Bhaarat Tech Studio (PBTS)
Email: Contact Form
Website: agencysync.in