How Polysync collects, uses, stores, and protects your information.
Effective Date: May 1, 2025 · Last Updated: May 25, 2026
Polysync Pty Ltd ("Polysync", "we", "us", or "our") operates the Polysync data pipeline orchestration platform, available as a SaaS application on the Microsoft Azure Marketplace. This Privacy Policy explains what information we collect, why we collect it, how we use and store it, and the choices you have.
We are an Australian company and comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth). Where we process the personal data of individuals in the European Economic Area or the United Kingdom, we also act in accordance with the General Data Protection Regulation and the UK GDPR.
By accessing or using Polysync, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not access the Service.
When you sign in via Microsoft Entra ID, we receive the following claims from Microsoft about your identity:
oid) and tenant identifier (tid).Data you provide while using the Service, including platform connection details, job and task definitions, schedules, concurrency profiles, dependency graphs, parameter mappings, and tags. This data is stored in a SQL schema dedicated to your tenant.
Data the Service generates while operating on your behalf, including run history, run status, dispatcher logs, and audit records of administrative actions. Operational data is stored in the same tenant schema as your configuration data.
We collect application telemetry through Microsoft Application Insights to operate the Service, diagnose problems, and improve performance. This may include:
Telemetry is associated with your tenant for support purposes but is not used for advertising or sold to third parties.
When you subscribe through the Azure Marketplace, Microsoft transmits subscription metadata to us so we can provision and manage your tenant. This includes your Azure tenant identifier, plan identifier, term, status, quantity, and the email address of the purchaser. Billing and payment information itself is held by Microsoft and is not shared with Polysync.
We process the information described above for the following purposes and on the following legal bases (where the GDPR or UK GDPR applies):
Polysync is hosted on Microsoft Azure. The primary processing region for the production Service is Australia East (Sydney). Disaster-recovery and backup data may be replicated to another Azure region within the same sovereign boundary. If you require deployment in a different region, contact us at support@polysync.com.au.
Each customer's configuration, operational data, and run history is stored in a dedicated SQL schema. Tenant identity is enforced server-side from identity claims rather than from URL parameters, headers, or client state.
Access to the application is authenticated exclusively through Microsoft Entra ID. Within Polysync, the Administrator and Operator roles determine what each user can do. Access by Polysync personnel to production systems is limited to authorised staff, logged, and used only to operate the Service and respond to support requests.
We engage the following sub-processors to provide the Service. Each is bound by contractual obligations to protect the data they process on our behalf.
When you connect your own cloud platforms (Azure, Google Cloud, or others as they become supported) through Polysync, those platforms act on your instructions and are governed by their own terms and privacy notices, not by this policy.
We will provide reasonable advance notice of any new sub-processor we intend to engage so that customers subject to a Data Processing Agreement can exercise any objection rights described in that agreement.
We do not sell, rent, or trade your personal information. We disclose information only in the following circumstances:
We retain your configuration and operational data for as long as your subscription is active. Run history is retained according to the limits of your subscription plan.
If your Azure Marketplace subscription is cancelled or expires, your tenant data is retained for a 30-day grace period and is then permanently deleted, including the tenant database schema. Backup copies are overwritten on the normal backup-rotation cycle (typically within 35 days of deletion).
Telemetry data collected through Application Insights is retained for the period configured in that service (typically 90 days) and is not used to identify you outside the support context.
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
To exercise any of these rights, contact us at support@polysync.com.au. We will respond within 30 days of receiving a verifiable request.
You also have the right to lodge a complaint with a data-protection authority. In Australia this is the Office of the Australian Information Commissioner (OAIC). In the European Economic Area or the United Kingdom, this is the supervisory authority in your country of residence.
Polysync uses cookies and browser local storage only for purposes that are strictly necessary to operate the Service. We do not use advertising cookies and do not embed third-party tracking pixels.
When you connect your own cloud platforms or vaults to Polysync, those services act on your instructions. Their handling of your data is governed by their own privacy notices. Polysync stores only the configuration needed to call them and the reference to the credential held in your chosen vault.
The primary processing region for the Service is Australia East. If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with cross-border transfer requirements, your data may be transferred to Australia for processing. We rely on appropriate transfer mechanisms (including the Standard Contractual Clauses adopted by the European Commission and the UK International Data Transfer Addendum) where required.
Polysync is a business-to-business service and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it promptly.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you through the application or by email.
For privacy enquiries, data-subject requests, or to request a Data Processing Agreement, please contact us: