SoleSync
TermsPrivacySign in

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy explains what data SoleSync ("we", "us") collects, how we use it, and what rights you have. It applies to everyone who uses solesync.xyz, the SoleSync app, the consignor portal, and any related services.

1. What we collect

Account data

When you sign up, we collect:

  • Your name and email address
  • A bcrypt hash of your password (we never store your password in plain text)
  • Your store name and the industry / category you sell in

Store data you enter

Anything you (or your team) put into SoleSync — products, units, sales, consignors, customers, warehouses, audits, AI conversations. This is your data; we process it on your behalf to provide the Service.

Data from third-party integrations

If you connect Shopify, we receive product, variant, inventory, order, and customer data for the store you authorize. We don't store or process payment-card numbers — those are handled by your connected commerce platform (e.g. Shopify) directly.

Operational data

  • IP address and basic browser/device info, for rate limiting and abuse detection
  • Audit logs of who did what inside your store, for your own compliance and security
  • Login history (failed attempts, lockout events) for security investigations
  • Error reports from the app, scrubbed of personal data where possible

2. How we use it

  • To provide the Service — render your dashboard, sync your inventory, send your emails
  • To keep your account and data secure (rate limiting, lockout, anomaly detection)
  • To debug issues and improve the product
  • To communicate with you about your account (security alerts, billing, product updates) — no marketing emails without your consent
  • To comply with legal obligations (tax records, lawful requests from authorities)

3. AI Assistant data handling

When you talk to the AI Assistant, your messages and the relevant context from your store (the data the AI needs to answer your question) are sent to Anthropic for inference, governed by Anthropic's API data-handling policy. We don't train any model on your store data or AI conversations. AI conversations are scoped to your store — the AI cannot read, write, or reference data from other stores on the platform.

4. Who we share data with

We share your data only with these categories of recipients:

  • Service providers: Vercel (hosting), Prisma Postgres (database), Anthropic (AI inference), Resend (email), Cloudinary (image storage), Sentry (error reporting). Each is bound by their own data-processing terms.
  • Integrations you connect: Shopify and similar platforms receive only the data needed to fulfill the integration you set up.
  • Your consignors: When a consignor logs into the consignor portal, they see their own units, sales, and payouts on your store — not other consignors' data.
  • Authorities: If we receive a lawful request (subpoena, court order), we comply only to the extent required and tell you about it unless legally prohibited.

We don't sell your data. We never have, we never will.

5. Where we store data

Data is stored on infrastructure operated by Vercel and Prisma in the United States. Backups are encrypted at rest. Communications between you and SoleSync use HTTPS with modern TLS.

6. How long we keep it

  • Active store data: as long as your account is active
  • Cancelled account data: up to 30 days, then deleted
  • Operational logs (rate limits, error reports): typically 30–90 days
  • Audit logs inside your store: kept indefinitely so you can investigate historical events; you can export them at any time

7. Your rights

You can:

  • Access and export your data from the Settings page
  • Edit or delete records inside your store
  • Cancel your account, which triggers deletion within 30 days
  • Request a copy of all data we hold about you, request correction of inaccurate data, or request deletion outside of the standard cancellation flow — email privacy@solesync.xyz

If you're in the EU/UK, you have additional rights under GDPR including the right to data portability and the right to object to processing. If you're in California, you have CCPA rights including the right to know what personal information we collect. Use the email above for any of these requests.

8. Cookies

We use cookies that are strictly necessary for the Service: a session cookie to keep you logged in, a CSRF token cookie to protect form submissions, and a separate cookie for the consignor portal. We don't use third-party advertising cookies or cross-site tracking pixels.

9. Children

SoleSync is for businesses and isn't directed at children. We don't knowingly collect data from anyone under 18. If you believe a child has provided us data, email us and we'll delete it.

10. Security

We take security seriously: passwords are bcrypt-hashed, sessions expire after a fixed window, account lockout protects against brute force, all data in transit is TLS-encrypted, and every query is scoped to your store to prevent cross-tenant access. If we discover a breach affecting your data, we'll notify affected users promptly once we've confirmed the scope.

11. Changes to this policy

We'll update this policy as the product evolves. Material changes will be announced by email or in-app banner before they take effect.

12. Contact

Privacy questions: privacy@solesync.xyz
General support: support@solesync.xyz