๐Ÿ”’ Privacy Policy

Your privacy, plainly explained

We collect only what we need to run Syncstocky. We never sell your data. This policy explains exactly what we collect, why, and how you can control it.

Last updated: January 2025 ยท Effective: January 2025

1. Who we are

Syncstocky is a product of Algostack Private Limited, a software company registered in Karachi, Pakistan. When this policy refers to "Syncstocky", "we", "us", or "our", it means Algostack Private Limited operating the Syncstocky service at syncstocky.com.

You can contact us about privacy matters at: privacy@syncstocky.com

2. What data we collect

Account data

When you create an account, we collect your email address, name, and a hashed password (or your Google OAuth identity). We use this to authenticate you and identify your account.

Store and channel data

When you connect a sales channel (Shopify, Amazon, eBay, Etsy, Walmart), we store:

  • OAuth access tokens required to call the channel's API on your behalf
  • Your store name, domain, and basic store metadata
  • Product data: SKUs, titles, inventory quantities, variant information
  • Order data required to trigger inventory sync events

We access this data only to perform inventory synchronisation and the features you've explicitly enabled. We do not read your customers' personal information beyond what is strictly necessary to process sync events (e.g. order quantities).

Sync and usage data

We log every sync event: timestamp, channel, SKU, quantity change, and success/failure status. This data powers your Sync Log and is retained for 90 days. After 90 days, detailed event logs are automatically deleted.

Billing data

Payments are processed by Paddle. Syncstocky never sees or stores your credit card number. We receive confirmation of your plan, billing status, and subscription history from Paddle's webhook events. Paddle's privacy policy governs how your payment information is handled.

AI forecasting data

If you use Sync+AI features, inventory and sales data is sent to the Anthropic Claude API to generate forecasts and recommendations. We send only aggregated SKU-level data โ€” no personally identifiable customer information. Claude API data handling is governed by Anthropic's privacy policy. We store one forecast row per SKU and overwrite it on each refresh.

Technical data

We collect standard server logs including IP addresses, browser type, and page requests. These are used for security monitoring and debugging and are not linked to your account for marketing purposes.

3. How we use your data

  • To provide the service โ€” syncing inventory across your connected channels in real time
  • To authenticate you โ€” keeping your account secure
  • To generate AI forecasts โ€” sending SKU data to Claude API on Sync+AI plans
  • To process billing โ€” communicating subscription status with Paddle
  • To send transactional emails โ€” sync failure alerts, low stock notifications, trial reminders
  • To improve the product โ€” understanding which features are used and where errors occur

We do not use your data for advertising. We do not sell your data to third parties. We do not profile your customers.

4. Data sharing

We share data with the following categories of third parties, strictly to operate the service:

  • Paddle โ€” payment processing and subscription management
  • Anthropic โ€” Claude API for AI forecasting features (Sync+AI plan only)
  • Supabase โ€” database and authentication infrastructure
  • Render โ€” cloud hosting of the Syncstocky application
  • Shopify, Amazon, eBay, Etsy, Walmart โ€” your connected channels, which receive inventory update calls on your behalf

We do not share data with analytics companies, advertising networks, or data brokers.

5. Data retention

  • Sync event logs โ€” 90 days, then auto-deleted nightly
  • Order line items โ€” 12 months
  • AI forecasts โ€” 1 row per SKU, overwritten on each new forecast
  • Notifications โ€” 30 days
  • Account data โ€” retained while your account is active; deleted within 30 days of account deletion request

6. Your rights

You have the right to:

  • Access โ€” request a copy of all data we hold about you
  • Correction โ€” ask us to correct inaccurate data
  • Deletion โ€” request deletion of your account and associated data
  • Export โ€” download your sync history and SKU mappings as CSV from your dashboard at any time
  • Disconnect channels โ€” revoke Syncstocky's access to any channel at any time from your Channels page

To exercise any of these rights, email privacy@syncstocky.com. We respond within 14 days.

7. Security

All data is encrypted in transit (TLS 1.2+). OAuth tokens are stored encrypted at rest. We use Supabase Row Level Security to ensure each user can only access their own data. Paddle webhooks are verified using HMAC-SHA256 signatures. We conduct periodic security reviews of our infrastructure and dependencies.

8. Cookies

Syncstocky uses a single session authentication cookie to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. The session cookie is essential for the service to function.

9. Children

Syncstocky is a business tool not intended for use by anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it promptly.

10. Changes to this policy

If we make material changes to this policy, we will notify you by email at least 14 days before the change takes effect. The updated policy will always be available at syncstocky.com/privacy.

11. Contact

For privacy questions, data requests, or concerns: