SyncMe Privacy Policy
SyncMe ("SyncMe," "we," "our," or "us") is operated by SyncMe Ltd., a company registered in the Abu Dhabi Global Market (ADGM), Registration No. 21220. SyncMe is a multi-channel e-commerce platform that synchronizes inventory, orders, and product listings across connected sales channels (including Shopify, Amazon, eBay, Noon, Salla, Trendyol, and WooCommerce).
This Privacy Policy explains what information we collect, why we collect it, the legal bases for processing it, who we share it with, how long we keep it, and the rights and choices you have. It covers our website, our application, our API, and our integrations with AI assistants such as ChatGPT (OpenAI) and Claude (Anthropic), described in Section 5.
If you do not agree with this Policy, please do not use SyncMe.
1. Who this Policy applies to
- Merchants | businesses and individuals who create a SyncMe account and connect their sales channels.
- End-customers | the customers of our Merchants, whose order and contact data flows through SyncMe so that orders can be synchronized across channels.
- Website visitors | anyone who visits syncme.io.
Controller / processor roles. For Merchant account data, SyncMe is the data controller. For End-customer data that flows through a Merchant's connected channels, the Merchant is the controller and SyncMe acts as a processor on the Merchant's behalf and under the Merchant's instructions. Merchants are responsible for having a lawful basis to share their customers' data with us. A Data Processing Agreement (DPA) is available to Merchants on request at Hello@SyncMe.io.
2. Information we collect
2.1 Account and billing information
- Name, email address, phone number, business name, and country.
- Authentication data (hashed passwords, OAuth tokens for connected channels).
- Subscription plan, billing records, and transaction history. Payment card details are processed by our payment provider and are not stored by SyncMe.
2.2 Connected store data (Merchant data)
When you connect a sales channel, we collect and synchronize:
- Product data | titles, descriptions, SKUs, variants, pricing, images, and inventory levels.
- Order data | order IDs, line items, quantities, prices, order status, and fulfilment information.
- Customer data (End-customer personal data) | names, email addresses, phone numbers, and shipping/billing addresses associated with orders, where the channel provides them.
- Channel and sales metrics | revenue, order counts, items sold, and related analytics derived from the above.
2.3 Usage and technical data
- Log data, IP address, device and browser type, pages viewed, and actions taken in the app.
- Cookies and similar technologies (see Section 9).
3. How we use your information
We use the information above to:
- Provide and operate the SyncMe service, including synchronizing inventory, orders, and listings across your connected channels.
- Authenticate you and secure your account.
- Process subscriptions and payments.
- Provide customer support and respond to your requests.
- Monitor, debug, secure, and improve the service.
- Send service and transactional communications, and, where permitted, marketing communications you can opt out of at any time.
- Comply with legal obligations and enforce our agreements.
We process Merchant and End-customer store data only to deliver the synchronization service you have configured, and (for End-customer data) only under the Merchant's instructions.
4. Legal bases for processing (GDPR / UK GDPR)
Where the EU or UK GDPR applies, we rely on the following legal bases:
- Performance of a contract | to provide the service you have signed up for (Art. 6(1)(b)).
- Legitimate interests | to secure, debug, and improve the service, and to communicate with you about it, balanced against your rights (Art. 6(1)(f)).
- Consent | for optional features such as the AI assistant integration (Section 5), non-essential cookies, and marketing. You may withdraw consent at any time (Art. 6(1)(a)).
- Legal obligation | to meet tax, accounting, and regulatory requirements (Art. 6(1)(c)).
For End-customer personal data processed on a Merchant's behalf, the Merchant is responsible for establishing the legal basis.
5. AI assistant integrations (ChatGPT, Claude, and MCP)
SyncMe offers an optional integration that lets you access your SyncMe data through third-party AI assistants using the Model Context Protocol (MCP). Supported assistants currently include OpenAI's ChatGPT and Anthropic's Claude. This integration is off by default and is only activated when you explicitly connect SyncMe to an AI assistant and authorize access.
5.1 What happens when you use it
When you ask a connected AI assistant a question that requires your SyncMe data, the assistant calls SyncMe tools over our MCP server. To answer your request, the relevant data is transmitted to the AI provider you have connected (OpenAI and/or Anthropic) and processed by that provider's systems to generate a response.
5.2 What data the tools can read
The currently available tools are read-only and can retrieve:
- Orders and order details, order status, and order sync events.
- Products and product details, and product sync events.
- Customers and customer details (which may include End-customer personal data), and customer statistics.
- Sales channels and per-channel sales overviews.
- Dashboard and analytics metrics.
5.3 What data the tools can change
One tool, update_product, can modify data: it updates an existing product in SyncMe and propagates that change to your connected sales channels, which may alter publicly visible listings on those marketplaces. This is treated as a write/destructive action, and the AI host will ask you to confirm before it runs.
5.4 Provider responsibility and your control
- When you use this integration, the AI provider you connect (OpenAI and/or Anthropic) becomes a recipient of the data needed to answer your request, including, where applicable, End-customer personal data returned by the read tools above. Each provider's use of data is governed by its own terms and privacy policy (see OpenAI's and Anthropic's respective privacy policies).
- SyncMe does not send your data to an AI provider except in response to requests you initiate through the integration.
- You can disconnect the AI integration at any time from your SyncMe account settings or from within the AI assistant; doing so stops further data from being shared.
5.5 Changes to available tools
The set of tools and their behavior may change over time. We will update this Section to reflect the current tools, what they read, and which tools can write data, before or as such changes take effect.
6. Who we share information with
We share information only as described here. We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under applicable law.
- Connected sales channels | to perform synchronization, we exchange data with the marketplaces and stores you connect (e.g., Shopify, Amazon, eBay, Noon, Salla, Trendyol, WooCommerce), as directed by you.
- AI providers | when you use the AI integration in Section 5, with providers such as OpenAI and Anthropic, limited to the data needed to fulfil your request.
- Service providers (subprocessors) | hosting, infrastructure, analytics, payment processing, email, and customer-support vendors who process data on our behalf under contract. A current list of subprocessors is available on request at Hello@SyncMe.io.
- Legal and regulatory authorities | where required by applicable law, regulation, legal process, or to protect our rights, our users, or the public.
- Business transfers | in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
7. Data retention
- Account and billing data | retained for the life of your account and for a reasonable period afterward to meet legal, tax, and accounting obligations.
- Connected store data (products, orders, customers, metrics) | retained while your account is active and the relevant channel is connected. When you disconnect a channel or delete your account, this data is deleted or anonymized within 90 days, except where we must retain it to comply with a legal obligation, resolve a dispute, or enforce our agreements.
- Data transmitted to AI providers | once data is sent to a third-party AI provider to fulfil your request, its retention is governed by that provider's policies; we do not control it.
- Logs and technical data | retained for up to 12 months.
8. Your rights and choices
Depending on your jurisdiction (including under the EU/UK GDPR and the California CCPA/CPRA), you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate data.
- Delete your data ("right to be forgotten").
- Export / portability | receive your data in a usable format.
- Object to or restrict certain processing.
- Opt out of "sale" or "sharing" and of certain profiling (note: we do not sell or share personal data as defined under the CCPA/CPRA).
- Withdraw consent at any time, where processing is based on consent.
- Opt out of marketing | via the unsubscribe link in our emails or by contacting us.
- Non-discrimination | we will not discriminate against you for exercising any of these rights.
You can also, at any time:
- Disconnect a sales channel to stop syncing that channel's data.
- Disconnect the AI integration to stop sharing data with AI providers.
- Delete your account, which triggers deletion as described in Section 7.
To exercise any right, contact Hello@SyncMe.io. We will respond within the timeframe required by applicable law (generally within 30 to 45 days). We may need to verify your identity first. You also have the right to lodge a complaint with your local data protection or privacy authority.
End-customers: if you are a customer of a Merchant using SyncMe and want to exercise rights over data held about you, please contact the Merchant (the controller). We will assist the Merchant in fulfilling your request.
9. Cookies and tracking
We use cookies and similar technologies to operate the site, remember your preferences, and measure usage. We may use third-party tools (e.g., analytics and advertising tags). You can control cookies through your browser settings or our cookie banner where provided; disabling some cookies may affect site functionality.
10. Automated decision-making
We do not use your personal data to make decisions that produce legal or similarly significant effects about you based solely on automated processing without human involvement. AI assistant responses (Section 5) are generated in response to your own requests and are not used by SyncMe to make automated decisions about you.
11. Data security
We implement technical and organizational measures designed to protect your data, including encryption in transit, access controls, and secure storage of OAuth tokens and credentials. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Breach notification. If we become aware of a personal-data breach likely to result in a risk to your rights, we will notify the affected parties and the relevant authorities as required by applicable law.
12. International data transfers
SyncMe operates from the United Arab Emirates (ADGM) and uses service providers that may be located in other countries. Where we transfer personal data internationally, including outside the EU/EEA or UK, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable) or an applicable adequacy decision.
13. Children
SyncMe is a business tool not intended for individuals under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.
14. Changes to this Policy
We may update this Policy from time to time. Material changes will be posted on this page with a revised "Last updated" date and, where appropriate, communicated to you directly. Your continued use of SyncMe after changes take effect constitutes acceptance.
15. Contact us
SyncMe Ltd.
Abu Dhabi Global Market (ADGM)
Email: Hello@SyncMe.io