Syncro is a modern CRM with WhatsApp integration and AI. It helps sales teams manage leads, automate customer service with AI agents, track sales funnel with visual Kanban and make data-driven decisions.

Does Syncro use the official WhatsApp?

Yes. We use the official WhatsApp Business API (Cloud API). Your number is safe from bans, unlike solutions using WhatsApp Web.

How does the AI agent work?

You configure the personality, tone of voice, knowledge base and rules. The AI replies automatically on WhatsApp, qualifies leads, moves them in the funnel and transfers to a human when needed. 24/7.

Do I need to know how to code?

No. Syncro was built for sales teams, not developers. The CRM is visual (drag-and-drop), the AI agent is configured via form, and the chatbot has a visual editor. Zero code.

Can I test before paying?

Yes. 14-day free trial with access to all features. No credit card required.

How much does Syncro cost?

Starting at R$ 59.90/month on the Starter plan. We also have Growth (R$ 99.90/month) and Scale (R$ 179.90/month). All with 14-day free trial.

Privacy Policy

Last updated: May 2026

This policy describes how Syncro collects, uses, and protects user and customer data.

1. Who we are

Syncro is a CRM and digital marketing platform geared toward companies and sales teams. We offer tools for lead management, customer service via WhatsApp and Instagram, sales funnels, and marketing campaigns.

This policy applies to all users registered on the platform — administrators, managers, and operators of each organization.

2. Data we collect

We collect the following types of data for the operation of the platform:

Account data: Name, email, password (encrypted), role in the organization.
Leads and contacts: Name, email, phone, company, position, origin, notes, tags, custom fields.
WhatsApp messages: Phone number, message content, media, send timestamps.
Instagram messages: IGSID, username, profile picture, DM content, media.
Campaigns: Name, platform, performance metrics (clicks, impressions, cost).
OAuth tokens: Access tokens for integrations — stored encrypted.
System logs: Activity records, errors, access timestamps.

3. How we use the data

The data is used exclusively for:

Lead and pipeline management: organizing contacts in sales funnels, recording stages and history.
Messaging-based service: displaying WhatsApp and Instagram conversations in the inbox to serve customers.
AI automation: when enabled, recent message history is processed by a language model to generate automatic responses. No data is retained by the AI provider beyond the request.
Reporting: generating performance, lead-origin, and team-activity reports.
Security: detecting unauthorized access and maintaining audit records.

We do not sell, rent, or share lead or customer data with third parties for commercial purposes. The data belongs exclusively to the organization that entered it.

4. Third-party integrations

Syncro integrates with external services. Each integration is optional and controlled by the administrator:

WhatsApp Business: Messages, phone numbers, media.
Instagram Business (Meta): DMs, IGSID, username, profile picture, OAuth tokens.
AI Models (LLM): Recent message history (only when AI agent is enabled).

5. Use of Google data (Limited Use Disclosure)

Compliance statement (Limited Use):

Syncro’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

English statement (for Google verification review):
Syncro's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Requested OAuth scopes and purpose:

https://www.googleapis.com/auth/calendar — read, create, update, and delete the user’s Google Calendar events, exclusively for two-way synchronization with Syncro’s internal calendar.
https://www.googleapis.com/auth/userinfo.email and userinfo.profile — identify the connected Google account (name and email) in the CRM interface.

How we handle data received from Google APIs:

Google Calendar data (events, dates, descriptions) is used exclusively to display, create, edit, and delete events within the Syncro platform.
We do not transfer data obtained from Google APIs to third parties, except where necessary for the operation of the integration contracted by the user, for compliance with applicable law, or as part of a merger/acquisition with prior notice.
We do not use Google data to serve advertising, including personalized advertising or retargeting.
We do not use Google data to train, improve, or develop generalized AI or machine learning models.
We do not allow human reading of Google data, except with explicit consent, for security, for legal compliance, or for anonymized internal operations.
OAuth tokens are stored encrypted (AES-256) at rest and transit via TLS/HTTPS.
The user may revoke access at any time at myaccount.google.com/permissions or by disconnecting in the Syncro dashboard.

6. Storage and security

Encryption in transit: all communication with the platform uses HTTPS/TLS.
Encryption at rest: OAuth tokens and sensitive credentials are encrypted with AES-256.
Isolation per organization: each organization’s data is isolated and inaccessible to others.
Role-based access control: distinct permissions for administrators, managers, and operators.
Audit logs: critical actions are recorded with date, time, and responsible user.

7. Data retention

Data is retained as long as the organization’s account is active. Upon contract termination:

Data may be exported in a standard format upon request.
After the grace period, data is permanently deleted.
Security logs may be retained for up to 12 months for legal purposes.

8. Data sharing

We do not share personal data with third parties, except:

Legal obligation: when required by law or court order.
Infrastructure: server and database providers, under confidentiality agreements, acting as data processors.
Customer-enabled integrations: when connecting external platforms, the corresponding data flows according to the permissions granted.

9. Your rights (LGPD)

In compliance with the Brazilian General Data Protection Law (LGPD, Law No. 13,709/2018), you have:

Access: confirm whether your data is processed and receive a copy.
Correction: correct incomplete, inaccurate, or outdated data.
Erasure: request deletion of unnecessary or improperly processed data.
Portability: receive data in a structured format for use in another service.
Consent withdrawal: revoke previously granted consents.
Information: know which entities your data is shared with.

To exercise your rights, contact us via the email indicated in the Contact section. We respond within 15 business days.

10. Cookies

Syncro uses only essential technical cookies:

Session cookie: keeps the user authenticated. Expires on browser close or inactivity.
CSRF token: protection against request forgery.

We do not use advertising tracking cookies or third-party analytics within the authenticated area.

11. Minors

Syncro is intended exclusively for companies and professionals. We do not collect data from individuals under 18. If identified, such data will be deleted immediately.

12. Changes to this policy

This policy may be updated periodically. For substantial changes, we will notify administrators by email at least 15 days in advance.

13. Contact

For questions or requests, contact the Data Protection Officer (DPO):

Email: [email protected]