Privacy Policy

Last Updated: October 7, 2025

This Privacy Policy explains how EditSync (“EditSync,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you use our web application, related websites, and integrations (the “Service”).

1) Who We Are & How to Contact Us

Controller: Monarch Software Solutions, 20 Edgewood Cir, Montgomery, TX.
Email: team@monarchsolutions.ai

2) Scope & Roles (Controller vs. Processor)

• Controller: We act as controller for your team’s account data (admins, shooters, editors, client admins/guests) and for operational data (security logs, notifications).
• Processor / Service Provider: For client contact data you bring into EditSync from your own GoHighLevel (“GHL/LeadConnector”) account (e.g., via webhooks), we process that information only on your documented instructions to provide the Service. Our Data Processing Addendum (DPA) governs this processing.

3) Information We Collect

We collect only what we need to provide and improve the Service:

• Account & Team Information: username, email, phone, role, status, and a hashed password. For client guests, the parent client admin relationship.
• Project Data: client name, project titles/details, type/status, due/shoot dates, notes, “replay”/download/asset links, Dropbox folder paths and shared links, and team assignments.
• Integrations: OAuth access/refresh tokens and identifiers (e.g., GHL company/location IDs; Dropbox account ID). Sensitive tokens are encrypted at rest.
• Contacts via GHL Webhooks (Processor role): contact IDs, names, emails, phone numbers, project names and related metadata your GHL workflows send to us.
• Security & Logs: IP address and user-agent, rate-limit metadata, notifications/audit-like events necessary for abuse prevention, debugging, and service integrity.
• Password Reset: single-use reset tokens stored as hashes with strict expirations.
• Cookies & Usage Data: We use essential cookies for core functions like keeping you logged in.

4) How We Use Information

• Provide, operate, and secure the Service (authentication, dashboards, projects, assignments, notifications).
• Perform the actions you request with integrations (e.g., send email/SMS via your GHL location; create Dropbox folders/links/file requests).
• Maintain integrity and safety (fraud/abuse prevention, rate limiting, debugging, incident response).
• Communicate with you (account notices, security alerts, product updates where permitted).

EEA/UK Legal bases: contract (providing the Service), legitimate interests (security, service improvement), legal obligation (compliance), and consent where applicable.

5) Messaging (Email & SMS)

When enabled, EditSync can send emails and SMS via your GHL location to your team or clients, on your instructions.

• SMS Program: “EditSync Alerts.” Frequency varies by project activity. Msg & data rates may apply. Reply STOP to opt out; HELP for help. Support: reply@editsync.io. Carriers are not liable for delayed/undelivered messages. See Terms and this Privacy Policy.
• We include opt-out instructions in applicable messages. You control who receives messages by configuring your projects and team/integration settings.

6) How We Share Information

We do not sell personal information and we do not share it for cross-context behavioral advertising.

• Service Providers / Sub-processors: We disclose data to vendors who help deliver the Service, including:
  • GHL/LeadConnector (messaging/contacts at your direction)
  • Dropbox (storage/links/file requests at your direction)
  • Hosting, email delivery, logging/security, and similar infrastructure providers
  We maintain a current list at /subprocessors.
• Legal & Safety: If required by law, or to protect rights, safety, or property.
• Business Transfers: In connection with a merger, acquisition, or asset sale, we’ll continue to protect your information and honor this Policy.

7) Security

We use administrative, technical, and physical safeguards appropriate to the risk, including password hashing, encryption at rest for OAuth tokens, HTTPS, CSRF protection, secure HttpOnly cookies, and request size limits. No security practice is perfect; we continuously monitor and improve safeguards.

8) Data Retention

We keep information only as long as needed for the purposes described above or as required by law. Typical retention periods:

You may request deletion at any time (see “Your Rights”). Disconnecting an integration revokes and deletes stored tokens on our side; we also attempt remote revocation where supported.

9) International Data Transfers

We process data in the United States. For EEA/UK data, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) where required. See our DPA for details.

10) Your Privacy Rights

Your rights depend on your location, but may include the right to access, correct, delete, restrict or object to processing, and data portability.

• California (CCPA/CPRA): We act as a service provider for your client contact data. We do not sell or share personal information for cross-context advertising. You may request access/deletion as described below.
• EEA/UK: You may object to processing based on legitimate interests and lodge a complaint with your data protection authority.

How to exercise your rights: Email team@monarchsolutions.ai. If you are a client contact of an EditSync customer, please contact that customer directly; we will assist them as processor.

11) Children

The Service is not directed to children under 13 (or under 16 where applicable). We do not knowingly collect such information.

12) Changes to This Policy

We may update this Policy. We’ll post the updated version with a new “Last Updated” date, and for material changes we’ll provide additional notice in-app or by email.

13) Contact

Questions or requests: team@monarchsolutions.ai • Monarch Software Solutions, 20 Edgewood Cir, Montgomery, TX