1. Introduction

SynthCommerce ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our AI commerce monitoring and QA platform, including our free scanning tools and SaaS services.

This policy applies to all users of our services, including visitors to our website, users of our free scanner, and customers of our paid SaaS platform.

SynthCommerce is the data controller for personal data processed through our services. We are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

2.1 Information You Provide

Account Information: Name, email address, and password when you create an account
Workspace Information: Workspace name, member information, and role assignments
Store Information: E-commerce store URLs (e.g., Shopify stores) for scanning and monitoring
OAuth Data: OAuth tokens and store identifiers when connecting e-commerce platforms
Communication: Messages, feedback, and support inquiries

2.2 Information We Collect Automatically

Usage Data: Pages visited, features used, time spent, and actions taken
Device Information: Browser type, operating system, and device identifiers
Log Data: IP address, access times, and referral sources
Scan Reports: Results from commerce validation scans and compliance checks

2.3 Cookies and Tracking

We use cookies and similar technologies to:

Authenticate users and maintain sessions
Analyze usage patterns and improve our services
Remember user preferences and settings
Track marketing campaign effectiveness

See our Cookie Policy for more details.

3. How We Use Your Data

We process your personal data for the following purposes:

Service Provision: To provide and operate our commerce scanning and monitoring services
Authentication: To verify your identity and manage access to your account
Store Integration: To connect with e-commerce platforms for scanning and monitoring
Analytics: To understand how our services are used and improve functionality
Security: To detect, prevent, and address technical issues and security threats
Communications: To send service updates, alerts, and support responses
Legal Compliance: To comply with legal obligations and enforce our terms

Legal Basis for Processing

Under the GDPR, we rely on the following legal bases:

Contract: Processing necessary to fulfill our service agreement
Legitimate Interest: Processing for security, analytics, and service improvement
Consent: Processing where you have given explicit consent
Legal Obligation: Processing to comply with applicable laws

4. Data Sharing and Disclosure

We may share your data with the following categories of recipients:

Service Providers: Third-party services that help us operate our platform (see below)
Workspace Members: Other users within your workspace with appropriate access permissions
E-commerce Platforms: When you connect your store (e.g., Shopify via OAuth)
Legal Authorities: When required by law or to protect our rights

Third-Party Service Providers

We use the following trusted third-party services:

Supabase: Database hosting and authentication (United States)
Inngest: Workflow orchestration and job scheduling (United States)
Shopify: E-commerce platform integration (Canada/United States)
Posthog: Product analytics (United States)
Sentry: Error monitoring and observability (United States)
Resend: Email delivery services (United States)

All third-party processors are carefully vetted and bound by contractual obligations to protect your data.

5. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. Our primary data processing occurs in the United States.

When transferring data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
EU-US Data Privacy Framework participation (where applicable)
Other legally recognized transfer mechanisms

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data: Retained while your account is active, plus a reasonable period after closure
Scan Reports: Retained according to your subscription tier
Monitoring Data: Retained based on your retention settings and plan limits
Logs: Typically retained for up to 90 days for security purposes
Analytics: Anonymized after aggregation; raw data retained per our analytics provider policies

Upon account deletion, we will delete or anonymize your personal data unless retention is required by law.

7. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Access: Request a copy of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data
Right to Portability: Request your data in a structured, machine-readable format
Right to Restrict: Request restriction of processing
Right to Object: Object to processing based on legitimate interest
Right to Withdraw Consent: Withdraw consent at any time
Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at privacy@synthcommerce.com. We will respond within 30 days of receiving your request.

8. Data Security

We implement industry-standard security measures to protect your data:

Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
OAuth Tokens: Stored encrypted using encryption keys
Access Controls: Role-based access control (RBAC) for internal systems
Audit Logging: Comprehensive logging of data access and modifications
Redaction: Automatic redaction of sensitive data from logs and artifacts
RLS Policies: Row-Level Security ensures workspace data isolation

Despite our efforts, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we discover that we have inadvertently collected such data, we will delete it immediately.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or prominent notice on our website. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

11. Contact Us

For questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:

Email: hello@synthcommerce.com
Website: https://www.synthcommerce.com
Address: Contact us for our physical address

If you are located in the EEA, you have the right to lodge a complaint with your local data protection authority.

1. Introduction

This policy applies to all users of our services, including visitors to our website, users of our free scanner, and customers of our paid SaaS platform.

2. Data We Collect

2.1 Information You Provide

Account Information: Name, email address, and password when you create an account
Workspace Information: Workspace name, member information, and role assignments
Store Information: E-commerce store URLs (e.g., Shopify stores) for scanning and monitoring
OAuth Data: OAuth tokens and store identifiers when connecting e-commerce platforms
Communication: Messages, feedback, and support inquiries

2.2 Information We Collect Automatically

Usage Data: Pages visited, features used, time spent, and actions taken
Device Information: Browser type, operating system, and device identifiers
Log Data: IP address, access times, and referral sources
Scan Reports: Results from commerce validation scans and compliance checks

2.3 Cookies and Tracking

We use cookies and similar technologies to:

Authenticate users and maintain sessions
Analyze usage patterns and improve our services
Remember user preferences and settings
Track marketing campaign effectiveness

See our Cookie Policy for more details.

3. How We Use Your Data

We process your personal data for the following purposes:

Service Provision: To provide and operate our commerce scanning and monitoring services
Authentication: To verify your identity and manage access to your account
Store Integration: To connect with e-commerce platforms for scanning and monitoring
Analytics: To understand how our services are used and improve functionality
Security: To detect, prevent, and address technical issues and security threats
Communications: To send service updates, alerts, and support responses
Legal Compliance: To comply with legal obligations and enforce our terms

Legal Basis for Processing

Under the GDPR, we rely on the following legal bases:

Contract: Processing necessary to fulfill our service agreement
Legitimate Interest: Processing for security, analytics, and service improvement
Consent: Processing where you have given explicit consent
Legal Obligation: Processing to comply with applicable laws

4. Data Sharing and Disclosure

We may share your data with the following categories of recipients:

Service Providers: Third-party services that help us operate our platform (see below)
Workspace Members: Other users within your workspace with appropriate access permissions
E-commerce Platforms: When you connect your store (e.g., Shopify via OAuth)
Legal Authorities: When required by law or to protect our rights

Third-Party Service Providers

We use the following trusted third-party services:

Supabase: Database hosting and authentication (United States)
Inngest: Workflow orchestration and job scheduling (United States)
Shopify: E-commerce platform integration (Canada/United States)
Posthog: Product analytics (United States)
Sentry: Error monitoring and observability (United States)
Resend: Email delivery services (United States)

All third-party processors are carefully vetted and bound by contractual obligations to protect your data.

5. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. Our primary data processing occurs in the United States.

When transferring data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
EU-US Data Privacy Framework participation (where applicable)
Other legally recognized transfer mechanisms

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data: Retained while your account is active, plus a reasonable period after closure
Scan Reports: Retained according to your subscription tier
Monitoring Data: Retained based on your retention settings and plan limits
Logs: Typically retained for up to 90 days for security purposes
Analytics: Anonymized after aggregation; raw data retained per our analytics provider policies

Upon account deletion, we will delete or anonymize your personal data unless retention is required by law.

7. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Access: Request a copy of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data
Right to Portability: Request your data in a structured, machine-readable format
Right to Restrict: Request restriction of processing
Right to Object: Object to processing based on legitimate interest
Right to Withdraw Consent: Withdraw consent at any time
Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at privacy@synthcommerce.com. We will respond within 30 days of receiving your request.

8. Data Security

We implement industry-standard security measures to protect your data:

Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
OAuth Tokens: Stored encrypted using encryption keys
Access Controls: Role-based access control (RBAC) for internal systems
Audit Logging: Comprehensive logging of data access and modifications
Redaction: Automatic redaction of sensitive data from logs and artifacts
RLS Policies: Row-Level Security ensures workspace data isolation

Despite our efforts, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

10. Changes to This Policy

11. Contact Us

For questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:

Email: hello@synthcommerce.com
Website: https://www.synthcommerce.com
Address: Contact us for our physical address

If you are located in the EEA, you have the right to lodge a complaint with your local data protection authority.

Privacy Policy

1. Introduction

2. Data We Collect

2.1 Information You Provide

2.2 Information We Collect Automatically

2.3 Cookies and Tracking

3. How We Use Your Data

Legal Basis for Processing

4. Data Sharing and Disclosure

Third-Party Service Providers

5. International Data Transfers

6. Data Retention

7. Your GDPR Rights

8. Data Security

9. Children's Privacy

10. Changes to This Policy

11. Contact Us

Privacy Policy

1. Introduction

2. Data We Collect

2.1 Information You Provide

2.2 Information We Collect Automatically

2.3 Cookies and Tracking

3. How We Use Your Data

Legal Basis for Processing

4. Data Sharing and Disclosure

Third-Party Service Providers

5. International Data Transfers

6. Data Retention

7. Your GDPR Rights

8. Data Security

9. Children's Privacy

10. Changes to This Policy

11. Contact Us