Legal

Privacy Policy

Last updated: 22 June 2026 · Effective date: 22 June 2026

Contents

Who we are
What data we collect
How we use your data
Data we do not store
Credential security
Shopify API access
Third-party services
Data retention
Your rights
Cookies
Children's privacy
Changes to this policy
Contact us

Summary: SyncA2Z is a data-movement tool. We store the minimum configuration needed to run your sync jobs. We do not sell your data, we do not store your Shopify product or order data permanently, and all credentials are encrypted at rest.

1Who We Are

SyncA2Z ("we", "our", "us") is a Shopify app. We provide bulk data import, export, and synchronisation services for Shopify merchants through the Shopify App Store.

If you have questions about this policy, contact us at privacy@synca2z.com.

2What Data We Collect

We collect only the data necessary to operate the app:

Shop information — your Shopify store domain and shop ID, collected automatically when you install the app.
Shopify access token — an access token granted by Shopify during installation, stored encrypted, to enable background scheduled jobs.
Integration configurations — the settings you create in the app: mode, data type, field mappings, filter rules, schedule, and source configuration (with passwords encrypted).
Run history — timestamps, status (SUCCESS / PARTIAL / ERROR / CANCELLED), row counts, and error messages for each job run. Row-level data from your files or Shopify store is not stored in run logs.
Source credentials — FTP, SFTP, and API credentials you enter for import/export sources. These are encrypted at rest before being written to the database.
App settings — any preferences you configure in the Settings section of the app.

3How We Use Your Data

We use the data we collect solely to operate and improve SyncA2Z:

To authenticate your app session and connect to the Shopify Admin API on your behalf.
To run scheduled and manual integration jobs, including reading from your configured sources and writing to your Shopify store.
To display run history and reports inside the app.
To send transactional emails (e.g. run failure alerts) if you opt into notifications.
To diagnose and fix bugs using anonymised error logs.

We do not use your data for advertising, profiling, or any purpose unrelated to operating the app.

4Data We Do Not Store

We are explicit about what we do not retain:

Your Shopify product, order, inventory, or collection data — this data passes through our servers during a job run and is processed in memory. It is not written to our database.
Import file contents — files fetched from your FTP/SFTP/URL source are processed in memory and discarded after the job completes. Debug downloads (for diagnosing issues) are only saved temporarily when explicitly enabled by you and are never accessible to anyone else.
Export file contents — export files are generated on demand and made available for download briefly after a job run. They are not stored indefinitely.
Payment information — billing is handled entirely by Shopify. We never see or store your payment card details.

5Credential Security

All sensitive credentials stored by SyncA2Z are encrypted before being written to the database:

Encrypted fields: FTP passwords, SFTP passwords, API keys, connector secrets, and Shopify access tokens
Decryption occurs server-side only, at the moment the credential is needed (e.g. when connecting to your FTP server to fetch a file)
Credentials are never sent to the browser in plain text — even in edit mode, password fields display a placeholder and not the actual value
Config exports strip all encrypted values before download — no credentials are ever included in exported JSON files

6Shopify API Access

SyncA2Z accesses your Shopify store using the permissions you grant during installation. We request only the scopes required for the app's features:

read_products, write_products — to import and export product data
read_inventory, write_inventory — to update inventory quantities
read_orders, write_orders — to export orders and import tracking numbers
read_locations — to identify inventory locations for stock updates

We use a Shopify access token so scheduled background jobs can run without requiring you to be logged into Shopify at the time. This token is encrypted at rest and maintained automatically.

You can revoke our access at any time by uninstalling SyncA2Z from your Shopify admin under Settings → Apps and sales channels.

7Third-Party Services

SyncA2Z connects to third-party services only at your direction:

FTP / SFTP servers — servers you configure as import sources or export destinations. We connect using credentials you provide.
HTTP/HTTPS URLs — URLs you configure as download sources. We fetch the file on your behalf.
Predefined connector APIs (Tradebox, Linnworks, etc.) — connected using credentials you enter for that connector. Data flows directly between that system and your Shopify store.

We do not share your data with any advertising networks, analytics companies, or data brokers.

8Data Retention

Active installations — your integration configurations, run history, and settings are retained for as long as the app is installed on your store.
After uninstalling — all data associated with your store (configurations, run logs, credentials, access tokens) is permanently deleted within 48 hours of uninstallation, in line with Shopify's app data retention requirements.
Run logs — individual run history records older than 90 days are automatically purged to keep your history manageable.
Export files — generated export files are available for download for 24 hours after job completion, then deleted.

9Your Rights

Depending on your location, you may have rights under applicable privacy laws (including GDPR, UK GDPR, and similar legislation) including:

Right to access — request a copy of the data we hold about your store.
Right to rectification — request correction of inaccurate data.
Right to erasure — request deletion of your data. Uninstalling the app triggers automatic deletion within 48 hours; you can also email us to request immediate deletion.
Right to data portability — your integration configurations can be exported at any time using the Export Config feature in the app.
Right to object — object to any processing of your data that you believe is not justified.

To exercise any of these rights, email privacy@synca2z.com with the subject line "Privacy Request". We will respond within 30 days.

10Cookies

SyncA2Z is a Shopify embedded app — it runs inside your Shopify admin iframe and uses Shopify's session mechanism for authentication. We do not set third-party tracking cookies. Session cookies required to keep you logged in are set by Shopify's infrastructure, not by us.

This marketing website (synca2z.com) does not use tracking or advertising cookies. Only essential cookies for basic site functionality may be used.

11Children's Privacy

SyncA2Z is a business tool intended for Shopify merchants. We do not knowingly collect any personal information from individuals under the age of 18. If you believe a minor has provided personal information to us, please contact us and we will delete it promptly.

12Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you via email or an in-app notice.

Your continued use of SyncA2Z after a policy update constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

13Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please get in touch:

SyncA2Z

Privacy enquiries: privacy@synca2z.com

General support: support@synca2z.com

Website: synca2z.com

This policy was last reviewed and updated on 22 June 2026. For previous versions, contact us at privacy@synca2z.com.