Privacy Policy

1. Introduction

AutoSync ("we", "our", or "us") operates the AutoSync Shopify application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install and use our application.

By installing AutoSync from the Shopify App Store, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Shopify Store Data

When you install AutoSync, we access the following from your Shopify store:

• Products: Title, description, price, vendor, product type, images, SKU, barcode, tags, and metafields
• Collections: Smart collection names and rules created by AutoSync
• Store information: Shop domain, plan information, and installation date

2.2 Vehicle Fitment Data

We process and store vehicle compatibility data (Year/Make/Model/Engine) that you configure for your products. This data is generated from your product information and our vehicle database.

2.3 Analytics Data

We collect anonymised storefront usage data including search queries (make, model, year selections), product views, and add-to-cart events from customers using the YMME widgets on your store. This data is used solely to power your analytics dashboard.

2.4 What We Do NOT Collect

• Customer personal information (names, emails, addresses)
• Payment or financial data
• Customer order details
• Cookies or tracking pixels on your customers

2.5 AI Fitment Resolution

To map products to vehicles, AutoSync sends each product's title and a short description excerpt to our AI provider (see Service Providers in section 5). We retain an anonymised, one-way hashed record of the AI's fitment conclusion in a shared cache. This cache contains no merchant identity, no store domain, and no customer data, only a cryptographic hash of the product text and the resulting vehicle-compatibility verdict. It lets us avoid re-running (and re-charging for) identical AI lookups across stores.

3. How We Use Your Information

We use the collected information to:

• Extract and map vehicle fitment data to your products
• Generate Shopify tags, metafields, and smart collections
• Power the YMME search widget on your storefront
• Provide analytics and reporting in your dashboard
• Manage your subscription and billing through Shopify
• Improve and maintain the application

4. Data Storage and Security

Your data is stored securely on Supabase (PostgreSQL) servers. All data transmission uses HTTPS encryption. We use Shopify's OAuth 2.0 and session tokens for authentication.

All data is tenant-isolated - your store data is never accessible to other merchants using AutoSync.

5. Data Sharing

We do not sell, trade, or otherwise transfer your information to third parties. We may share data only in the following circumstances:

• Shopify: We interact with Shopify's APIs as required to deliver our service
• Legal requirements: If required by law, court order, or governmental authority
• Service providers: We use Supabase for database hosting and Vercel for application hosting, both of which maintain their own privacy standards
• AI provider: We use OpenAI models via the Vercel AI Gateway to generate vehicle-fitment suggestions from product text. Only the product title and a short description excerpt are sent; no customer or personal data is transmitted.

6. GDPR Compliance

For merchants and customers in the European Economic Area (EEA) and UK:

• We process data based on legitimate interest (providing our service) and your consent (installing the app)
• You can request deletion of all your data by uninstalling the app
• We respond to Shopify GDPR webhooks (customer data requests, customer data erasure, shop data erasure)
• You have the right to access, rectify, or delete your data at any time

7. Data Retention

We retain your data for as long as you have the app installed. Upon uninstallation, Shopify sends us a shop/redactwebhook approximately 48 hours later (per Shopify's mandatory GDPR timeline). On receipt, we permanently delete all of your tenant data from our database in a single transaction. Analytics event data (search events, conversion events) is automatically purged after 90 days independent of installation state.

Shopify-owned data (session tokens, offline access tokens) is deleted immediately when your app is uninstalled, via theapp/uninstalled webhook.

Exception: an anonymised, hashed cache of AI fitment conclusions (containing no merchant or customer identifiers) is retained beyond uninstall to keep the service efficient. Because it cannot be linked back to your store, it is not deleted by the shop/redactprocess and is not personal data under GDPR.

8. Your Rights

You have the right to:

• Access and export your data via the Analytics page
• Request deletion of your data by uninstalling the app or contacting us
• Opt out of analytics tracking by disabling the storefront widgets
• Request a copy of all data we hold about your store

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date. Continued use of AutoSync after changes constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

• Email: support@autosync.app
• Company: PerformanceHQ, Derby, United Kingdom