Privacy Policy

1. Introduction

Indexync is committed to protecting your privacy. This Privacy Policy (the “Policy”) explains how we collect, use, disclose, and safeguard your information when you use the Indexync website, Indexync web application, related e-commerce and inventory management tools and services operated or provided by Indexync and related services (including but not limited to any APIs, integrations, plugins, extensions, beta features, mobile applications, dashboards, documentation and support services provided by Indexync) (collectively, the “Service”).

By accessing or using our Service, you accept and agree to this Policy. If you do not agree, please do not use the Service.

In this Policy, “Indexync”, “we”, “us” and “our” refer to INDEXYNC PTE. LTD. “User”, “you” and “your” refer to the individual or entity accessing or using the Service. Headings are for convenience only and do not affect interpretation. Other capitalized terms not defined therein shall have the meanings given in the Terms of Service (the “Terms”).

For order and customer information processed through integrations you connect, you generally determine the purposes of processing. Indexync processes that data on your instructions under our Data Processing Agreement or Terms. This Policy applies to Indexync’s processing as controller for your account, billing, support and Service usage data.

2. Information We Collect

2.1 Personal Information

We collect information you voluntarily provide when you register or contact us. This includes your name, email address, business information, account settings, and subscription details.

Payment information is handled by our payment processing partners (including where you subscribe through an app marketplace). We receive only payment status and billing metadata needed to run your subscription. We do not store full card numbers.

2.2 Information Automatically Collected

When you use the Service, we collect technical and usage information such as browser type, operating system, IP address, pages viewed, timestamps, and feature usage.

2.3 Information from Third Parties

We receive data from third parties when you use integrations, including connected e-commerce platforms (such as Shopify, Shopee, Lazada, and TikTok Shop), authentication providers, and payment processors, to operate the Service.

2.4 Multi-Store Connection Data

When you connect stores, we sync store identifiers, access tokens, product and inventory data, order data, and related customer shipping details contained in those orders. Each store connection is handled separately.

3. How We Use Your Information

We use your information to operate and improve the Service (including analytics and performance monitoring), manage accounts, process billing, sync data across platforms, provide support, prevent abuse, and comply with legal obligations. We may create and use aggregate or de-identified information that does not identify you or your customers for analytics, benchmarking and product improvement.

4. How We Share Your Information

We share data only as needed to operate the Service, including with:

• Infrastructure and hosting providers that run our cloud systems
• Payment processing partners that handle subscription charges and provide payment status
• Connected e-commerce platforms you authorize us to access and update
• Service providers that help us deliver the Service (for example, email delivery)
• Authorities or parties where required by law, or to protect rights, safety, and security

Connected platforms you authorise (e.g., marketplaces) have their own privacy practices; Indexync does not control them and is not responsible for their acts or omissions.

We may disclose information where required by law, to protect rights, safety and security, or in connection with a merger, acquisition, financing or sale of assets.

5. Data Storage and Security

We store data using cloud infrastructure. We use reasonable administrative and technical safeguards such as encrypted connections (HTTPS) and access controls.

We do not claim that Indexync is certified to any particular security standard unless we explicitly state so in writing.

No method of transmission or storage is 100% secure.

You are responsible for securing your credentials and systems used to access the Service.

6. International Data Transfers

As a cloud service, data may be processed outside your country, including in locations where our service providers operate. Where required under applicable law, we take steps designed to ensure a comparable standard of protection for cross-border transfers. You acknowledge that cross-border transfers are necessary to provide the Service.

7. Your Privacy Rights

Depending on your location and applicable law, you may request access to or correction of your personal data that we hold (such as your account information). Contact us at hello@indexync.com.

We will reasonably verify your identity before acting on a request and may refuse or limit requests to the extent permitted by applicable law where an exemption applies, where requests are manifestly unfounded or excessive, or where we process data on a merchant’s behalf. We may charge a reasonable fee where permitted by law.

We do not currently offer self-service account deletion. If you request deletion, we will review your request and respond, but we may not be able to fully delete all data until deletion tooling is implemented. We may also need to retain certain records for legal, security, fraud prevention, or billing reasons.

For customer shipping details contained in your orders, you (as the merchant) are typically best placed to respond to your customers’ requests. If needed, we can work with you to support reasonable requests relating to data processed through the Service.

8. Cookies and Tracking Technologies

Use of Cookies. We use cookies and similar technologies (including pixels and local storage) to collect information when you use our Site and Service. We use these for essential functionality (such as keeping you signed in), to measure performance and usage, to enable analytics — including session-replay technology (provided by PostHog) that records your interactions with the Service, such as clicks, scrolls, mouse movements, and form interactions, to help us diagnose issues and improve the Service. Sensitive input fields (such as passwords and payment information) are masked by default. We also use these technologies to measure the effectiveness of our marketing.

Third-Party Cookies, Pixels and Retargeting. We allow selected third-party partners, including analytics, advertising, and payment providers, to place cookies and pixels on your browser when you visit our Site or use our Service. These may collect information such as your IP address, browser type, pages visited, and interactions with our Site, and may be used to deliver advertising about Indexync on other websites and platforms (“remarketing” or “retargeting”). We may also share hashed identifiers (such as your email, phone number, or user ID) with these partners through their server-to-server APIs to measure conversions and improve our marketing.

Cookie Settings. You can disable or restrict cookies via your browser settings. Disabling cookies may limit certain features of the Service, including sign-in. You can also opt out of personalised advertising through the privacy settings of the relevant third-party platforms.

Third-Party Practices. We are not responsible for the privacy practices of third parties. Their use of your personal data is governed by their own privacy policies.

9. Analytics Services

We use analytics and performance monitoring tools to understand how users engage with the Service and to improve reliability and performance. These tools may collect information such as IP address, browser type, pages viewed, and event data.

10. Children’s Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.

11. Data Retention

We retain personal information only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements and maintain security.

Access tokens are deleted when a store is disconnected; other synced data is currently retained and is not automatically deleted.

Aggregated or de-identified information may be retained without time limit. Residual copies in backups may persist for a limited period.

Retention practices may change over time as deletion tooling and features are implemented, subject to the Terms of Service.

12. Changes to This Policy

We may update this Policy from time to time by posting an updated version and updating the “Last Updated” date.

13. Southeast Asia Laws and Regulations

Indexync is built for merchants in Singapore and Southeast Asia and aims to handle personal data in a way that aligns with the Personal Data Protection Act 2012 of Singapore and similar privacy expectations in the region.

14. Contact Us

If you have questions about this Policy, contact us at hello@indexync.com.