Privacy Policy

Introduction

Welcome to TrustSync, a web application that provides an online reviews and marketing solution owned and operated by Storeware (‘we’, ‘us’, ‘our’).

This Privacy Policy (for Merchants and Website Visitors) (the ‘Policy‘), which is incorporated into our Terms of Service, describes what personal information we collect and the policies and procedures we use regarding your personal information (‘You‘, ‘Merchant‘ and ‘Website Visitor‘) through our trustsync.io website and also through our web application (Together – the ‘Service’).

We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), UK GDPR and the California Privacy Rights Act (CPRA).

The Service is not directed to Merchants or Website Visitors under 18. We do not knowingly collect information or data from children under the age of 18 or knowingly allow children under the age of 18 to use the Service.

This Policy may be amended from time to time. We will post any change to this Policy on our Service at a reasonable time before the effective date of the change, and we will also make efforts to proactively notify you by email of the changes if we have your email address.

What We Collect and Why

ScenarioPurposesCategories of information processed
When you install or access the ServiceTo identify you and to operate the Service and provide you with its features and functionality; To provide you with technical support and assistance, such as sending you updates and other communications related to the Service.Information we obtain from your Shopify account: your full name, address, email address and cell phone number. We have also obtained details about your Shopify store.
When you use the Service – your device information, analyticsFor security and monitoring purposes, To understand how you interact with the Service so that we can personalize, develop and improve itMeta Data – information about your computer or mobile device, your operating system and your browser.‍Analytics Information – information about your use of the Service. For example, we may record the frequency and scope of your use, actions taken while using the Service and the interactions you make with the Service. We also collect Analytic information about your store.
Contacting us with an inquiry through our Service or when you ask to obtain a referral link to share with othersTo operate the Service and provide you with its features and functionality, responding to your inquiry, our business developmentInquiry Information – Full Name, Email, URL, Business type, and any additional information you may add. You do not have a legal obligation to provide your Inquiry Information; however, if you choose to not share this information with us, you will not be able to receive our response.
When you consent to use your information for marketing purposesOur marketing purposesWe will use your information to send you marketing communications about our services, including updates about new services that we believe may be suitable for you. You may ‘opt out’ of using your information for marketing communications by contacting us at: https://storeware.io/support or as otherwise provided in our marketing communications. By doing so, we will only delete or stop processing the information that is required to contact you for marketing communications, while the rest of the Information that is necessary to provide you with the Service will continue to be processed and used.
Use of cookies on the ServiceFacilitate a Service feature that the Website Visitor specifically requested, analyze the Service usage to evaluate and improve its performance, improve the Website Visitor experience on the Service, inform and serve personalized ads more relevant to the Website Visitor’s interests The IP address from which you access the Service, time and date of access, type of device and browser used, the language used, links clicked via a mouse or a touch screen, and actions taken while using the Service.

Methods and Sources for Collecting Your Personal Information

We collect the personal information from several sources:

  • Directly from Shopify when you install and use the Service through the Shopify app store, or directly from you when you provide your personal information to us through our Service contact forms and email communications. 
  • From Shopify store customers when they use the service or leave a review on the Merchant’s store.
  • From our service providers helping us to operate the Service.
  • Through the device you use to access our Service, including through third-party cookies and analytics tools, and our own internal event tracking system. 
  • You are not legally obligated to provide us with your personal information, but if you do not, we will not be able to handle or respond to your inquiry or fulfill your request to access or use our Service functionalities.

Sharing Your Personal Information

We will not share your information with third parties, except in the events listed below or when you provide us with your explicit and informed consent.

ScenarioPurposesThird parties involved
We will share your personal information with our service providers, who will use it only as necessary to assist us in the internal operations of our business and the Service, and not for their own promotional purposes.Operating the Service and our business.
The service providers we use.
If you violate the law, we will share your information with competent authorities
Responding to, handling, and mitigating suspected violations of law in connection with our business.
Competent authorities, legal counsels, and advisors.
If a judicial, governmental, or regulatory authority requires us to disclose your information.Complying with a binding request from a competent authority.
Competent authorities.
If the operation of the Service or our business is organized within a different framework, or through another legal structure or entity.Enabling a structural change in the operation of the Service and our business.
The target entity of the merger or acquisition, legal counsels, and advisors.

Data Retention and Security

We retain your information for the duration we need it to operate the Service and our business, to interact with you, and thereafter as needed for record-keeping matters.

We will retain your information for the duration needed to support our ordinary business activities operating the Service and interacting with you. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements. The overall period of retention is approximately 7 years.

We implement measures to secure your information

We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.

Additional Information for Individuals in the EU or UK

Controller, GDPR and UK representatives

TrustSync is the Data Controller for the personal information described in this Policy, such as personal information it collects from its Website Visitors.

TrustSync is the Data Processor for the personal information it processes on the User’s behalf, as described in our Privacy Policy.

International Data Transfers

If we transfer your information from within the EU to the United States or other countries, that are not recognized by the European Commission as having adequate protection for personal data, we will endeavor to do so under the terms of a data transfer agreement that contains standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.

Legal Basis for Processing Your Personal Data

Purpose or ScenarioLegal Basis
Operate the Service and provide its features and functionalityPerformance of our Terms of Service contract with you and our legitimate interest in the operation of the Service
Provide you with technical support and assistanceOur legitimate interest in promoting our business by updating Merchants and Website Visitors of new features of the Service and other information pertaining to the Service
Marketing purposesExplicit consent
Security and monitoring purposesOur legitimate interests in monitoring and securing our Service
Develop and improve the ServiceOur legitimate interest in promoting our business by updating Merchants and Website Visitors of new features of the Service and other information about the Service
To allow you to subscribe to the Service and link your chosen plan to your accountPerformance of our contract, our legitimate interest in providing you with the Service you requested
Responding to your inquiry or referral requestTo operate the Service and provide you with its features and functionality, responding to your inquiry, our business development
When you provide us with your feedback and reviewsOur legitimate interest in developing and enhancing our business and the Service, responding to your feedback or reviews
Use of cookies on the ServiceOur legitimate interest in providing you with the Service you requested, tailoring the Service to your preferences 
Marketing and third party cookiesConsent
Responding to, handling, and mitigating suspected violations of law in connection with our businessLegitimate interests in defending and enforcing against violations and breaches that are harmful to our business
Complying with a binding request from a competent authorityLegitimate interests in complying with mandatory legal requirements imposed on us
Enabling a structural change in the operation of the Service and our businessLegitimate interests in our business continuity

Data Subject Rights

If you are in the EU or the UK, you have the following rights under the GDPR:

Right to Access and receive a copy of your personal information that we process.

Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.

Right to easily and at any time withdraw your consent to us processing your data to email you our marketing purposes or to the use of non-essential cookies on our Service. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right to Data Portability, that is, to receive the personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your personal information transmitted directly from us to the person or entity you designate. 

Right to Object to our processing of your personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such personal information for the establishment, exercise, or defense of legal claims. 

Right to Restrict us from processing your personal information (except for storing it): (a) if you contest the accuracy of the personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the personal information rather than requiring the deletion of such data by us; (c) if we no longer need the personal information for the purposes outlined in this Policy, but you require the personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).

Right to be Forgotten Under certain circumstances, such as when you object to our processing of your personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your personal information. However, notwithstanding such a request, we may still process your personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.

When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. If we are not able to provide you with the information that you have asked for, we will explain the reason.

Subject to applicable law, you have the right to complain with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can complain to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, visit: http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061

If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.

Additional Information for Individuals in California

If you are an individual residing in California, we provide you with the following information under the California Privacy Rights Act (CPRA). We do not sell or share your personal information for cross-behavioral advertising and have not done so in the past 12 months.

Categories of personal information (under the CPRA)Specific types of personal information collectedSpecific business or commercial purpose for collecting personal information from consumers
IdentifiersFull name, address, e-mail address and cell phone number, details of your Shopify store, IP addressProviding you with the functionality of our Service to you.Performing services on behalf of the Merchants and Website Visitors, including maintaining or servicing accounts, and providing customer service.
Professional or employment-related informationInformation you provide as part of your Inquiry InformationDetecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity
Internet or other electronic network activity informationTime and date of access, type of device and browser used, language used, links clicked via a mouse or a touch screen, and actions taken while using the Service Protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity. Undertaking activities to verify or maintain the quality of the service and to improve, upgrade or enhance the service. Auditing related to a current interaction with you, including, counting ad impressions, verifying positioning and quality of ad impressionsDebugging to identify and repair errors

Disclosures to third parties

The chart below explains what personal information we disclosed for business purpose to third parties in the preceding 12 months.

Categories of personal information (under the CPRA)Categories of third parties to whom we disclose your information and the specific business or commercial purpose for the disclosure
IdentifiersThird-party cookie providers, for the same purposes indicated in the chart above.
Internet or other electronic network activity informationCompetent authorities, legal counsels, and advisors if you abused your rights to use the Service or violated any applicable law in the course of doing business with us.Judicial, governmental, or regulatory authority if they require us to disclose your informationTarget entity of the merger or acquisition, legal counsels, and advisors If the operation of the Service or our business is organized within a different framework, or through another legal structure or entity.Other users of our Service, to provide you with the functionality of our service

Your Rights under the CPRA if You are a Resident of California

Knowing the personal information we collect about you

You have the right to know: 

  • The categories of personal information we have collected about you.
  • The categories of sources from which the personal information is collected.
  • Our business or commercial purpose is to collect personal information.
  • The categories of third parties with whom we share personal information, if any.
  • The specific pieces of personal information we have collected about you.

Right to deletion

Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

  • Delete your personal information from our records; and
  • Direct any service providers to delete your personal information from their records.

Please note that we may not delete your personal information if it is necessary to:

  • Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted following federal law, and provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us.
  • Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
  • Debug to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act.
  • Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete such research, provided we have obtained your informed consent.
  • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us and compatible with the context in which you provided the information.
  • Comply with an existing legal obligation. 

We also will deny your request to delete if it proves impossible or involves disproportionate effort, or if another exception to the CPRA applies. We will provide you with a detailed explanation that includes enough facts to give you a meaningful understanding of why we cannot comply with the request to delete your information.

Right to correct inaccurate personal information

If we receive a verifiable request from you to correct your information and we determine the accuracy of the corrected information you provide, we will correct inaccurate personal information that we maintain about you.

In determining the accuracy of the personal information that is the subject of your request to correct, we will consider the totality of the circumstances relating to the contested personal information.

We also may require that you provide documentation if we believe it is necessary to rebut our own documentation that the personal information is accurate.

We may deny your request to correct in the following cases:

  • We have a reasonable and documented belief that your request to correct is fraudulent or abusive.
  • We determine that the contested personal information is more likely than not accurate based on the totality of the circumstances.
  • Conflict with federal or state law.
  • Other exceptions to the CPRA.
  • Inadequacy in the required documentation
  • Compliance proves impossible or involves disproportionate effort.

We will provide you with a detailed explanation that includes enough facts to give you a meaningful understanding of why we cannot comply with the request to correct your information.

Protection against discrimination

You have the right to not be discriminated against by us because you exercised any of your rights under the CPRA. Exercising your CPRA rights by yourself or through an authorized agent

If you would like to exercise any of your CPRA rights as described in this Policy, please contact us at: https://storeware.io/support/ 

We will ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require and the nature of your request.

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require.

You may also designate an authorized agent to make a request under the CPRA on your behalf. To do so, you need to provide the authorized agent with written permission to do so and the agent will need to submit to us proof that they have been authorized by you. We will also require that you verify your own identity, as explained below.

If you are a Merchant’s Customer and would like to exercise any of your CPRA rights regarding the Information we collect about you on behalf of the Merchant. Please note that we are merely a service provider for that information that follows the Merchant’s instructions. You should submit the request directly to the Merchant, not us.

Do Not Track notice

We do not currently respond or take any action concerning web browser ‘do not track‘ signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of Personal Data about a Merchant’s and Website Visitors’ online activities over time and across third-party web sites or online services. We do allow third parties who provide us with analytics tools, to collect Personal Data about a Merchant’s and Website Visitors’ online activities when a Merchant or a Website Visitor uses the Service. 

Contact Us

If you have any questions, comments or concerns regarding this Policy or our processing of your personal information, please contact us at: https://storeware.io/support/