Privacy Policy

Last Updated: January 12, 2026

Controller Information

Image Sync is a Shopify application developed and operated by EFSETECH. For controller details, please refer to the developer information in the Shopify Partner account or contact us at support@efsetech.com.

Source & Scope of Data

Image Sync synchronizes product images from external storage providers (Amazon S3, Azure Blob Storage, Google Drive) to your Shopify store. The application collects and processes the following data:

Configuration Data: Storage provider credentials (encrypted), sync settings, matching preferences, and connector configurations.
Sync Logs: Operation logs, sync history, success/failure records, and performance metrics.
Product & Variant Data: Product SKUs, variant IDs, and image metadata necessary for synchronization (accessed via Shopify API).
Image Metadata: File names, file sizes, modification dates, and storage paths from your configured storage providers.

Important: Image Sync does not store actual image files. Images remain in your storage providers and are accessed via secure, time-limited URLs during synchronization. The application only processes image metadata and facilitates the transfer to Shopify.

Purpose & Legal Basis

Data is processed for the following purposes:

To fulfill the service contract by synchronizing images between your storage providers and Shopify.
To maintain sync logs and operation history for troubleshooting and service improvement.
To comply with legal obligations and pursue legitimate business interests.
To provide billing and usage tracking for usage-based pricing.

The legal basis for processing is the performance of the service contract between you and Image Sync, as well as legitimate interests in providing and improving the service.

Retention & Deletion

Data retention policies:

Configuration Data: Retained while your subscription is active. Deleted within 30 days after app uninstallation or subscription cancellation.
Sync Logs: Retained for up to 90 days for troubleshooting purposes, then automatically purged.
Billing & Usage Data: Retained as required by law for accounting and tax purposes, typically 7 years in applicable jurisdictions.

Upon app uninstallation or subscription cancellation, all configuration data and sync logs are deleted within 30 days, except where retention is required by law.

Third-Party Services & Data Transfers

Image Sync integrates with the following third-party services:

Shopify: Product and variant data is accessed via Shopify's API in accordance with Shopify's terms of service and API usage policies.
Storage Providers: Your configured storage providers (Amazon S3, Azure Blob Storage, Google Drive) are accessed using the credentials you provide. Image Sync does not store or share your storage credentials with third parties.
Infrastructure Provider: Application servers and databases are hosted on Railway infrastructure. Data is stored in EU data centers where possible.

Data is not shared with third parties except as necessary to provide the service (e.g., accessing your storage providers and Shopify as configured by you).

International Transfers

Application servers are hosted in data centers provided by Railway, which may include EU and US locations. Where data is transferred internationally, Standard Contractual Clauses (SCCs) are applied to ensure adequate data protection measures.

Data Subject Rights

You have the following rights regarding your personal data:

Right to Access: Request a copy of all personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data (subject to legal retention requirements).
Right to Data Portability: Request your data in a structured, machine-readable format.
Right to Object: Object to processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us at support@efsetech.com. We will respond to your request within 30 days.

Security Measures

We implement the following security measures to protect your data:

Encryption at Rest: Configuration data and logs are encrypted using AES-256 encryption.
Encryption in Transit: All data transmissions use TLS 1.2 or higher.
Credential Security: Storage provider credentials are encrypted before storage and never stored in plain text.
Access Controls: Access to data is restricted to authorized personnel and systems necessary for service operation.
Secure API Access: All API communications with Shopify and storage providers use secure, authenticated connections.

Cookies & Tracking

Image Sync uses session cookies and authentication tokens required for Shopify app authentication and session management. These are essential for the app to function and are not used for tracking or advertising purposes.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data subject rights, please contact us:

Email: support@efsetech.com