Privacy Policy

How InventorySync.io collects, uses, and protects your information.

Effective date: March 1, 2026

InventorySync.io ("we," "us," or "our") operates a multi-channel inventory synchronization service for e-commerce sellers. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our website and application (collectively, the "Service").

By using our Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Account Information

When you create an account, we collect your name and email address through our authentication provider, Clerk. This information is used to identify you and manage your account.

Payment Information

Subscription payments are processed by Stripe. We do not store, process, or have access to your full credit card number, expiration date, or CVV. Stripe handles all payment data in accordance with PCI-DSS standards. We receive only a transaction reference, subscription status, and billing email from Stripe.

Platform Data

When you connect e-commerce platforms (Shopify, eBay, Etsy, WooCommerce) to our Service, we collect and store:

  • OAuth access tokens and refresh tokens (encrypted at rest)
  • Shop or store names
  • Product SKUs, titles, and pricing information
  • Inventory quantities across connected platforms
  • Sales event data (order amounts, quantities sold, timestamps)
  • Sync history and audit logs

Automatically Collected Information

We may collect standard technical information such as your IP address, browser type, and referring URL when you visit our website. We do not use third-party analytics or tracking tools at this time.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the inventory synchronization service
  • Synchronize inventory quantities across your connected e-commerce platforms
  • Generate analytics and insights about your product performance
  • Send transactional emails including sync alerts, token expiry notifications, monthly inventory reports, and contact form confirmations
  • Process subscription payments and manage your billing
  • Respond to your support requests and inquiries
  • Detect and prevent technical issues, abuse, or fraud

3. Third-Party Services

We rely on the following third-party services to operate. Each has its own privacy policy governing the data they process:

  • Clerk — Authentication and user management. Processes your name, email, and session data. Clerk Privacy Policy
  • Stripe — Payment processing. Handles all credit card and billing data. Stripe Privacy Policy
  • Resend — Transactional email delivery. Receives your email address to deliver alerts, reports, and contact confirmations. Resend Privacy Policy
  • Railway — Backend application hosting. Railway Privacy Policy
  • Cloudflare — Frontend hosting (Cloudflare Pages) and DNS/CDN. Cloudflare Privacy Policy
  • Shopify, eBay, Etsy, WooCommerce — E-commerce platforms you connect to our Service. We access your store data via their APIs using OAuth tokens you authorize.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Data Security

We take the security of your data seriously and implement the following measures:

  • All OAuth tokens and platform credentials are encrypted at rest using AES-256-GCM encryption
  • All data in transit is encrypted via TLS/HTTPS
  • Database access is restricted to the application layer with no public exposure
  • Authentication sessions are managed by Clerk with industry-standard security practices
  • Payment data is handled entirely by Stripe and never touches our servers

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Data Retention

  • Account data — Retained for as long as your account is active. Deleted upon account deletion request.
  • Sync history and audit logs — Retained indefinitely to provide a complete audit trail for your records.
  • Monthly report PDFs — Retained for 12 months, then automatically deleted.
  • Cache data — Stored in Redis with automatic expiration (typically seconds to hours, depending on the data type).
  • Platform tokens — Stored encrypted for as long as the platform connection is active. Deleted when you disconnect a platform or delete your account.

6. Your Rights

For All Users

Regardless of your location, you have the right to:

  • Access your data — Request a copy of the personal data we hold about you
  • Export your data — Receive your data in a portable format
  • Delete your data — Request deletion of your account and associated data
  • Disconnect platforms — Revoke access to any connected e-commerce platform at any time

European Economic Area (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation, including the right to access, rectification, erasure, data portability, restriction of processing, and the right to object to processing. Our legal basis for processing your data is (a) your consent when connecting platforms, (b) performance of a contract (providing the Service), and (c) our legitimate interests in operating and improving the Service.

California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act grants you the right to know what personal information we collect, request deletion of your data, and opt out of the sale of your information. We do not sell your personal information. You will not be discriminated against for exercising your CCPA rights.

To exercise any of these rights, please contact us at support@inventorysync.io.

7. Cookies

Our Service uses cookies strictly for authentication and session management, provided by Clerk. These are essential cookies required for the Service to function properly.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not participate in cross-site tracking.

8. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete that information promptly. If you believe a child has provided us with their data, please contact us at support@inventorysync.io.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the effective date at the top of this page and, where appropriate, sending a notification to the email address associated with your account.

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, please contact us: