Privacy Policy
1. Overview #
FeedSync Pro ("we", "us", "our") is a product feed management application operated by FeedSync Pro, Inh. Napolitano, located at Vogelsanger Str. 39c, 58135 Hagen, Germany.
We provide feed import, transformation, export, and synchronization services for Shopify merchants and other e-commerce businesses. This privacy policy applies to all users of our application, including merchants who install FeedSync Pro from the Shopify App Store.
By installing or using FeedSync Pro, you agree to the collection and use of information as described in this policy.
2. Data We Collect #
Account Information
- Name and email address (provided during registration or Shopify install)
- Shopify store domain (e.g., your-store.myshopify.com)
- Billing and subscription information (processed by Stripe or Shopify Billing)
Usage Data
- Pages visited and features used within the app
- Feed import/export activity and sync history
- Error logs and performance metrics (via Sentry)
- IP address and browser user-agent string
3. Shopify Store Data #
When you install FeedSync Pro from the Shopify App Store, we request access to specific store data through Shopify's OAuth system. We only request the minimum scopes necessary to provide our services:
| Data Type | Purpose | Access Scope |
|---|---|---|
| Products | Import, transform, and export product feed data | read_products, write_products |
| Shop information | Display store name, configure locale and currency | read_shop (implicit) |
| App metafields | Store feed configuration as a backup | App-owned metafields (no extra scope) |
OAuth Access Tokens
We store an encrypted Shopify API access token for each connected shop. This token is used exclusively to make authorized API calls on your behalf. Tokens are encrypted at rest and are revoked when you uninstall the app.
Webhooks
We subscribe to Shopify webhooks (product updates, app lifecycle events, GDPR compliance events) to keep feed data in sync and fulfill our compliance obligations. Webhook payloads are processed in real time and not stored beyond what is necessary for feed synchronization.
4. How We Use Your Data #
- Provide and maintain our service — importing, transforming, and exporting your product feeds
- Sync product data — keeping feeds up to date when products change in your Shopify store
- AI-powered enrichment — generating product descriptions, SEO metadata, and tags (only when you explicitly use these features)
- Billing and subscription management — processing payments via Stripe or Shopify Billing
- Customer support — responding to your requests and troubleshooting issues
- Service improvement — analyzing aggregated, anonymized usage patterns to improve the application
- Security and fraud prevention — detecting and preventing unauthorized access
We do not sell, rent, or share your personal data or store data with third parties for their marketing purposes.
5. Data Sharing & Third Parties #
We share data only with the following service providers, who act as data processors under our instructions:
| Provider | Purpose | Location |
|---|---|---|
| Shopify Inc. | E-commerce platform, OAuth, Billing API | Canada / USA |
| Stripe, Inc. | Payment processing | USA (EU-US DPF) |
| Hetzner Online GmbH | Application hosting and data storage | Helsinki, Finland (EU) |
| Sentry (Functional Software, Inc.) | Error tracking and monitoring | USA (EU-US DPF) |
| Apple Inc. | iCloud Mail SMTP relay | USA (EU-US DPF) |
All processors are bound by data processing agreements. For US-based providers, adequate safeguards are in place via the EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs).
6. Data Retention #
| Data Category | Retention Period |
|---|---|
| Account and shop data | Until you delete your account or uninstall the app |
| Product feed data | Until feed is deleted or account is closed |
| Shopify access tokens | Revoked and deleted upon app uninstall |
| Error and audit logs | 90 days |
| Billing records | As required by tax law (typically 10 years under German law) |
When you uninstall FeedSync Pro, we process the app/uninstalled webhook and begin data deletion. Shop data, access tokens, and feed configurations are removed. Billing records are retained only as required by law.
7. Data Security #
We implement appropriate technical and organizational measures to protect your data:
- All data in transit is encrypted via TLS 1.2+
- Shopify API access tokens are encrypted at rest
- Application hosted in EU data centers (Hetzner, Helsinki)
- Access to production systems is restricted and audited
- Regular security updates and dependency monitoring
- HMAC signature verification on all Shopify webhooks
- Content Security Policy (CSP) headers on all responses
While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We promptly notify affected users and relevant authorities in the event of a data breach, as required by GDPR.
8. Your Rights (GDPR) #
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access (Art. 15) — request a copy of all personal data we hold about you
- Right to rectification (Art. 16) — correct inaccurate or incomplete data
- Right to erasure (Art. 17) — request deletion of your personal data
- Right to restriction (Art. 18) — limit how we process your data
- Right to data portability (Art. 20) — receive your data in a machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interests
- Right to withdraw consent (Art. 7) — where processing is based on consent
To exercise any of these rights, contact us at privacy@feedsync.pro. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence or place of work.
9. Shopify GDPR Compliance #
FeedSync Pro implements all mandatory Shopify GDPR webhooks:
| Webhook | Action |
|---|---|
customers/data_request |
We compile and return all personal data associated with the requesting customer |
customers/redact |
We delete all personal data associated with the specified customer |
shop/redact |
We delete all shop data within 48 hours of receiving the request |
These webhooks are registered automatically when you install the app and are processed by background tasks with retry logic to ensure reliable execution.
11. Children's Privacy #
FeedSync Pro is a business-to-business service designed for e-commerce merchants. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, please contact us at privacy@feedsync.pro and we will delete such data promptly.
12. Changes to This Policy #
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For Shopify merchants, significant changes will also be communicated through the app interface.
13. Contact Us #
If you have any questions about this privacy policy or our data practices, please contact us:
- Privacy inquiries: privacy@feedsync.pro
- General support: support@feedsync.pro
- Postal address: FeedSync Pro, Inh. Napolitano, Vogelsanger Str. 39c, 58135 Hagen, Germany
For the full German-language legal documentation including Terms of Service, Data Processing Agreement, and Impressum, please visit our Legal Information page.