Introduction
SupplySync ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application.
By installing and using SupplySync, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Information Collected Through Shopify APIs
When you install SupplySync, we access the following data through Shopify's APIs:
- Store Information: Shop name, domain, email, and timezone
- Order Data: Order details, line items, fulfillment status, and shipping addresses
- Product Data: Product titles, variants, SKUs, vendors, tags, and collections
- Customer Data: Customer names and email addresses (for order fulfillment purposes only)
Information You Provide Directly
We collect information that you voluntarily provide when using our app:
- Supplier Information: Supplier names and email addresses
- Fulfillment Data: Tracking numbers and carrier information submitted through the supplier portal
- Configuration Data: Supplier matching rules (vendor, tag, and collection assignments)
Automatically Collected Information
We automatically collect certain information when you use our application:
- Activity logs (actions performed within the app)
- IP addresses (for security and rate limiting)
- Timestamps of actions
How We Use Your Information
We use the collected information for the following purposes:
| Purpose | Data Used |
|---|---|
| Order routing to suppliers | Order data, product data, supplier rules |
| Supplier portal access | Supplier information, assigned orders |
| Fulfillment creation in Shopify | Tracking numbers, carrier information |
| Email notifications to suppliers | Supplier email, order details |
| Activity logging and audit trail | User actions, timestamps, IP addresses |
Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
- With Shopify: To create fulfillments and update order information through Shopify's APIs
- With Your Suppliers: Order information is shared with suppliers you have configured in the app through the supplier portal
- Legal Requirements: If required by law, regulation, or legal process
- Business Transfers: In connection with a merger, acquisition, or sale of assets
Data Retention
We retain your data for as long as your Shopify app remains installed and active. Specifically:
- Order and fulfillment data: Retained for the duration of app installation
- Activity logs: Retained for 12 months
- Supplier information: Retained until you delete the supplier or uninstall the app
Upon app uninstallation, we will delete your data within 30 days, unless we are required to retain it for legal purposes.
Data Storage and Security
Your data is stored on secure servers. We implement appropriate technical and organizational measures to protect your personal information, including:
- Encrypted data transmission (HTTPS/TLS)
- Secure database storage
- Access controls and authentication
- Regular security updates and monitoring
Data Processing Location
Your data may be processed and stored in servers located in the United States or European Union. By using our app, you consent to the transfer of your information to these locations.
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data
- Portability: Request a copy of your data in a machine-readable format
- Objection: Object to the processing of your personal data
- Restriction: Request restriction of processing of your personal data
To exercise any of these rights, please contact us using the information provided below.
GDPR Compliance (European Users)
If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our services
- Legitimate Interests: Processing for security, fraud prevention, and service improvement
- Consent: Where you have given explicit consent
CCPA Compliance (California Users)
If you are a California resident, you have the right to:
- Know what personal information we collect about you
- Request deletion of your personal information
- Opt-out of the sale of your personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
Cookies and Tracking
SupplySync uses essential cookies required for the application to function properly. We do not use tracking cookies or third-party analytics within the app.
Children's Privacy
SupplySync is not intended for use by children under the age of 16. We do not knowingly collect personal information from children.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
We encourage you to review this Privacy Policy periodically for any changes.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Shopify Data Protection
As a Shopify app, we comply with Shopify's data protection requirements and the Shopify API Terms of Service. We implement all required webhooks for data privacy compliance, including:
- Customer data request handling
- Customer data erasure
- Shop data erasure