← Back to Stylync

Stylync / Pavlync — Privacy Policy

Last updated: 6 July 2026

This policy explains how the Stylync and Pavlync platform ("the Platform"), operated by Narinder Singh as a sole trader (ABN: 20 181 541 570), Melbourne, Australia, collects, uses, and protects personal information. It covers both our direct customers (design firms and their staff) and individuals whose information those firms store in the Platform (their clients and suppliers).

Two Kinds of Data — and Two Roles

Customer account data — names, emails, and login details of the firm's team members, plus billing records. For this data, we are the data controller.

Firm workspace data — the project details, client names and contacts, supplier records, messages, and financial entries a firm stores in its workspace. For this data, the firm is the controller and we act as its processor: we store and process it solely on the firm's behalf and instructions. Individuals whose details appear in a firm's workspace should direct privacy requests to that firm first; we will assist the firm in fulfilling them.

What We Collect

How We Use It

AI Processing

Messages submitted to the AI ingest feature are sent to Google's Gemini API solely to extract project-relevant actions (e.g. "the sofa order arrived"). Outputs are validated against the firm's existing records before any change is made, and every AI-suggested change is written to an audit log visible to the firm. Gemini API data handling is governed by Google's API terms, which do not permit use of submitted content for model training.

Where Data Is Stored and How It's Protected

Workspace data is stored in a PostgreSQL database hosted by Supabase. Protections include:

Hosting providers (Supabase, Vercel) may store data on infrastructure located outside Australia. By using the Platform, firms consent to this transfer, which is protected by the providers' own security and compliance programs.

Retention and Deletion

Workspace data is retained while the firm's subscription is active, and for 60 days after cancellation to allow reactivation or export, after which it is deleted from production systems. Firms may request earlier deletion. Backup copies age out on our providers' standard backup rotation.

Your Rights (Privacy Act 1988)

Individuals may request access to, correction of, or deletion of personal information we hold, regardless of their location or jurisdiction. If your information was entered by a design firm using the Platform, we may refer your request to that firm as the controller of that data, and will assist them in actioning it. Contact: hello@stylync.com.

Third-Party Services

Supabase (database hosting), Vercel (application hosting), Google Gemini (AI processing), Stripe (payments), and — where a firm enables them — an email inbound provider and WhatsApp Business Platform (Meta) for message ingestion. Each processes data under its own privacy policy.

Data Breach Response

In the event of a data breach likely to result in serious harm, we will notify affected firms and the OAIC in accordance with the Notifiable Data Breaches scheme, and provide firms the information they need to notify their own clients where required.

Children

The Platform is a business tool and is not directed at children.

Changes

Material changes to this policy will be notified by email or in-app before taking effect.

Contact

Privacy requests and questions: hello@stylync.com — Melbourne, Australia (ABN: 20 181 541 570)