tcgsync

Privacy Policy

Last updated: May 3, 2026

Information we process

tcgsync connects to Shopify through OAuth and processes the store, product, order, customer, and store credit data needed to synchronize merchant records with the external tcgsync sync system. This OAuth app stores installation sessions, shop connection status, webhook forwarding metadata, and privacy request metadata in SQLite.

How information is used

Data is used to authenticate the merchant, synchronize Shopify resources, troubleshoot webhook delivery, support merchants, comply with legal obligations, and protect the app from abuse. tcgsync does not sell merchant or customer personal data.

Retention and deletion

Installation sessions are removed when the app is uninstalled. Local OAuth/session metadata, webhook forwarding metadata, and privacy request metadata are deleted when Shopify sends the required shop redaction webhook, unless retention is required by law.

Security

tcgsync uses Shopify OAuth, signed webhook verification, encrypted HTTPS transport in production, and database-backed session storage. Production deployments should use encrypted database storage, encrypted backups, limited staff access, and monitored access logs.

Data rights requests

tcgsync subscribes to Shopify's mandatory privacy webhooks for customer data requests, customer redaction, and shop redaction. These webhooks are used to receive, track, and process privacy requests from merchants and customers.

Contact

For privacy questions or data requests, contact the tcgsync support team at admin@tcgsync.com.