MirrorSync — Privacy Policy
Last updated: July 2026
MirrorSync keeps inventory and product data in sync between two or more Shopify stores owned by the same merchant. This policy explains what the app accesses and stores.
What we access
With the merchant's permission, MirrorSync reads and writes inventory levels, product details (title, price, tags, images, metafields), and store locations, using the Shopify Admin API. These permissions are requested at install and used only to perform the sync the merchant configured.
What we store
We store the minimum needed to sync reliably: store domains, the mapping between matched products/variants across stores, sync settings, a record of recent changes for drift detection, and a plain-language activity log. We store an offline access token per store so background syncing can run. We do not access, request, or store any customer personal information — no names, emails, addresses, or orders.
Data location and retention
Data is stored in a Postgres database (Supabase). Operational records (change history, activity log) are pruned automatically over time. When the app is uninstalled we delete the store's access token and disable its connections; on Shopify's shop/redact request (48 hours after uninstall) we permanently delete all of that store's data.
Sharing
We do not sell or share merchant data with third parties. Data is only transmitted between the merchant's own Shopify stores and our hosting/database providers to operate the service.
GDPR / compliance
MirrorSync handles Shopify's mandatory compliance webhooks (customers/data_request, customers/redact,shop/redact). Because we store no customer data, data and redaction requests have nothing to return; shop redaction purges the store's records.
Contact
Questions about this policy or your data: mirrorsync@proton.me.