Security & privacy
How 2sync protects your data and privacy
2sync is built with privacy and security at its core. We process your data transiently, store only what's necessary, and give you full control over access.
How does 2sync process data?
Transient architecture
2sync doesn't store your calendar events, emails, tasks, or contacts. Data flows through our servers in memory and is discarded after each sync cycle:
- Fetch data from source (e.g., Google Calendar)
- Compare with destination (e.g., Notion)
- Apply necessary changes
- Discard all content from memory
Your data is never written to disk or retained after processing.
What we store
| Stored | Not stored |
|---|---|
| Connection IDs | Event descriptions |
| Sync timestamps | Email content |
| Field mapping configuration | Task details |
| Error logs (anonymized) | Contact information |
| OAuth tokens (encrypted) | File attachments |
We retain only the minimum metadata required to maintain your sync connections.
How does authentication work?
OAuth 2.0
2sync uses OAuth 2.0 for all service connections. We never see or store your passwords.
How it works:
- You authorize 2sync through the service's login page
- The service issues a limited-access token
- 2sync uses this token for sync operations
- You can revoke access anytime from your account settings
Permission scopes
We request only the permissions necessary for sync:
| Service | Permissions | Purpose |
|---|---|---|
| Google Calendar | calendar.events | Read/write events |
| Gmail | gmail.readonly | Read emails only |
| Todoist | data:read_write | Read/write tasks |
| Google Contacts | contacts | Read/write contacts |
| Notion | Content access | Databases you share |
Each service is authorized separately. Connecting Google Calendar doesn't grant access to Gmail. See How sync works for more on how 2sync connects to your services.
Where is 2sync infrastructure hosted?
Server location
All 2sync infrastructure is hosted in Germany (EU) by Hetzner, an ISO 27001 certified data center provider.
Encryption
| Layer | Standard |
|---|---|
| Data in transit | TLS 1.3 |
| Data at rest | AES-256 |
| OAuth tokens | Encrypted storage |
All communication between your browser, our servers, and connected services is encrypted.
What compliance standards does 2sync meet?
| Standard | Status |
|---|---|
| GDPR | ✓ Compliant |
| CCPA | ✓ Compliant |
| SOC 2 Type II | In progress |
| ISO 27001 | Planned |
GDPR rights
As a user in the EU, you have the right to:
- Access your data
- Export your data
- Delete your account and all associated data
- Revoke consent at any time
Contact help@2sync.com to exercise these rights.
How do I revoke access?
You can disconnect 2sync at any time:
From 2sync:
- Go to your 2sync dashboard
- Delete the automation or disconnect the service
From the service:
- Google: myaccount.google.com/permissions
- Notion: Settings → Connections → Remove 2sync
- Todoist: Settings → Integrations → Revoke access
- Microsoft: account.microsoft.com/privacy
Revoking access immediately terminates 2sync's ability to read or write your data.
What security best practices should I follow?
- Review permissions regularly: Check which apps have access in your Google/Notion security settings.
- Enable 2FA: Use two-factor authentication on all connected accounts.
- Revoke unused connections: Remove access for services you no longer use.
- Monitor sync status: Map the Sync Status field to track automation health.
Related
- How sync works for understanding the sync architecture
- Safety limits for safeguards that protect your data
- Error codes for troubleshooting authentication and permission errors
- Rate limits and retries for how 2sync handles API rate limits
- Glossary for definitions of security and sync terminology
FAQ
Does 2sync store my calendar events or emails?
No. 2sync processes data in volatile memory and discards it after each sync. Only minimal metadata (connection IDs, timestamps) is retained.
Can 2sync access my passwords?
No. 2sync uses OAuth 2.0 tokens that you can revoke anytime. We never see or store your passwords.
Where are 2sync servers located?
2sync servers are located in Germany (EU), hosted by Hetzner, an ISO 27001 certified data center provider.
Is 2sync GDPR compliant?
Yes. 2sync is fully GDPR and CCPA compliant, following strict data minimization principles.
How do I revoke 2sync's access?
Go to your Google, Notion, or other service's security settings and revoke the 2sync integration. This immediately terminates access.