Privacy Policy
This Privacy Policy explains how LZ SKU Sync (operated by LinkZoho, "we", "us", "our") collects, uses, stores, and shares information when a Shopify merchant installs and uses the LZ SKU Sync app.
1. Who this policy applies to
This policy applies to Shopify merchants who install LZ SKU Sync and to the data we receive from Shopify and from Zoho on the merchant's behalf. It does not apply to end customers of the merchant's store — LZ SKU Sync does not collect, process, or store customer personal data.
2. Data we collect
2.1 Shopify merchant data
When a merchant installs the app, we receive and store:
- Shop identifier (e.g.
my-shop.myshopify.com) - Shopify session/access tokens issued via OAuth, stored encrypted at rest
- App billing records (active plan, charge ID, credits used, purchase date)
- App configuration (sync preferences, warehouse-to-location mappings, sales channel selections)
- Operational logs (sync run history, webhook error logs, sync session state)
2.2 Zoho integration data
When a merchant authorizes Zoho via OAuth, we receive and store:
- Zoho organization ID and selected data center
- Zoho access and refresh tokens, stored encrypted at rest
- Webhook and workflow rule IDs created by the app inside the merchant's Zoho organization
2.3 Product and inventory data (transient)
During sync, the app reads product and inventory data from Zoho and writes it to Shopify (or the reverse, where applicable). This includes SKUs, product titles, descriptions, prices, stock levels, variants, and product images. This data flows through the app and is written to your Shopify store; we do not retain product catalogs as a separate long-term dataset beyond what is needed for sync logging.
2.4 What we do NOT collect
LZ SKU Sync does not collect, request, or store any of the following:
- Customer names, emails, addresses, or phone numbers
- Order history or order line items
- Payment information, card data, or billing addresses
- Browsing behavior, cookies for tracking, or analytics on customers
This is enforced in the app's GDPR webhook handlers, which return empty acknowledgements for customer-data requests because no such data exists.
3. How we use the data
- To authenticate the merchant's Shopify store and the connected Zoho organization
- To synchronize product, variant, image, and inventory data between Zoho and Shopify according to the merchant's configuration
- To honor Shopify's billing flow and track plan credit usage
- To diagnose sync failures, retry transient errors, and surface logs to the merchant inside the app
- To respond to merchant support requests
4. Data sharing and sub-processors
We share data only with the parties strictly necessary to operate the service:
- Shopify Inc. — receives all data we write to your Shopify store, in accordance with your Shopify configuration.
- Zoho Corporation — receives requests we make to Zoho Inventory / Zoho Books on your behalf, including OAuth and webhook setup.
- Render Inc. — our application hosting provider, which processes requests and stores the application database.
We do not sell, rent, or share data with third-party advertisers or data brokers.
5. Data retention and deletion
- While installed: we retain your shop, configuration, sync logs, billing records, and Zoho tokens for as long as the app is installed.
- On uninstall: sync logs, webhook error logs, sync sessions, sync preferences, inventory overviews, and app configuration are deleted. Aggregate billing records are retained briefly so a reinstalled merchant keeps remaining credits.
- On Shopify shop-redact webhook (sent ~48 hours after uninstall): remaining shop identifiers in billing records and purchase history are anonymized. Active sessions are deleted. After this point, we no longer hold identifiable data tied to your shop domain.
- Zoho cleanup: webhook and workflow rules created in your Zoho organization are deleted on uninstall (when valid Zoho credentials are still available).
6. Security
- All traffic to and from the app uses TLS (HTTPS).
- Authentication uses OAuth (Shopify and Zoho). The app does not handle, store, or transmit user passwords.
- Access and refresh tokens are stored in our application database and used only for the integration purposes described above.
- The app uses the Shopify GraphQL Admin API exclusively, with App Bridge session token authentication for embedded admin requests.
7. Your rights
As a merchant, you can request access to or deletion of the data we hold about your shop at any time. The standard mechanisms are:
- Uninstall the app from your Shopify admin to trigger the deletion flow described above.
- Email us at [email protected] to request access, correction, or expedited deletion of any data associated with your shop.
- Use Shopify's built-in customer data request and shop redact webhooks — we honor both. Note that customer data requests will return an empty payload because we do not store customer data.
8. Children's privacy
The app is intended for use by Shopify merchants, not by individuals under the age of 16. We do not knowingly collect data from children.
9. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated through the app's settings page or by email to the merchant contact on file.
10. Contact
Questions about this policy or about data we hold can be sent to [email protected].
