Privacy Policy
This Privacy Policy explains how SyncMyPayout collects, uses, stores, and shares information when you use our websites and bookkeeping software for Shopify sellers and their advisors.
Last updated: July 17, 2026
1. Overview
SyncMyPayout (“we,” “us”) provides software that categorizes ecommerce payouts and posts approved journal entries to connected accounting systems. This policy covers syncmypayout.com, the SyncMyPayout application, and related APIs and webhooks.
For firm / bookkeeper processing arrangements, see our optional Data Processing Addendum. Terms of use are in our Terms of Service.
2. Information we collect
Account and organization
- Name, email address, password (stored as a secure hash)
- Organization / store or brand name
- Optional multi-factor authentication secrets (encrypted at rest)
- Role within the organization (for example owner)
Financial and bookkeeping data
- Shopify Payments payout amounts, currencies, arrival dates, statuses, fee and line breakdowns, and related source payloads used for categorization
- Chart-of-accounts mappings (category → QuickBooks account identifiers and names)
- Journal posting metadata (for example QuickBooks journal IDs, post/reopen history, bank-match memos, approval timestamps)
- Close-period status, anomaly flags, rules-based payout summaries and confidence scores
- Audit events of in-app actions (who did what, when)
- Accounting method preference (for example cash vs accrual balancing)
Integration / OAuth credentials
- Shopify and QuickBooks Online access tokens and refresh tokens, encrypted at rest
- Connection metadata: shop domain or realm ID, display name, connection status, token expiry, provider metadata
- We never store your Shopify or QuickBooks login password. You authorize access through their OAuth flows.
Billing
- Stripe customer and subscription identifiers, plan name, trial end date
- Payment card details are collected and stored by Stripe; we do not store full card numbers on SyncMyPayout servers
Technical and usage
- Session cookies required for authentication and OAuth state (CSRF) protection
- Server logs, IP address, user agent, and rate-limit signals for security and reliability
- Sync job status and error messages
Shopify end-customer PII: SyncMyPayout is built around payout-level bookkeeping data. We do not maintain a general store of your storefront customers’ profiles for marketing. If limited customer identifiers appear inside a payout payload, they are processed only as needed for bookkeeping and compliance webhooks—not for advertising.
3. How we use information
- Provide core product features: sync, categorize, explain, approve, post, reopen, close checklists, and CPA-style PDF exports
- Authenticate users and protect accounts (including optional MFA)
- Bill subscriptions and communicate about product, billing, and support
- Prevent abuse, debug failures, and improve accuracy and UX
- Comply with law and respond to Shopify mandatory GDPR webhooks
We do not sell your personal information. We do not use Shopify customer data for advertising.
4. Legal bases (EEA/UK where applicable)
Where GDPR/UK GDPR applies, we rely on:
- Contract — to provide the Service you signed up for
- Legitimate interests — security, product improvement, fraud prevention (balanced against your rights)
- Legal obligation — when we must retain or disclose data under law
- Consent — where required (for example certain cookies or marketing emails, if introduced)
5. Sharing and subprocessors
We share data only as needed to run the Service:
- Hosting & database — cloud application hosting (e.g. Railway) and Postgres (e.g. Neon)
- Stripe — payment processing
- Shopify & Intuit QuickBooks Online — as you authorize, to pull payouts/accounts and post journals
- Email provider — transactional email when configured (e.g. Resend)
- Professional advisors / law enforcement — when required by law or to protect rights and safety
If you invite a bookkeeper or firm user into your organization, they can access organization bookkeeping data according to their role.
6. Shopify compliance webhooks
We process Shopify mandatory topics, including customers/data_request, customers/redact, shop/redact, and app/uninstalled. On shop redact / uninstall flows we disconnect tokens and, where applicable, remove Shopify-sourced payout data for that shop as described in our product handlers—while retaining records we must keep for legal, security, or billing purposes (for example audit logs of the request itself).
7. Security
OAuth tokens and certain sensitive fields (for example raw payout payloads and MFA secrets) are encrypted at rest using application-level encryption. Connections use least-privilege OAuth scopes. Organization owners approve journal posts before they are sent to QuickBooks. Login and sensitive APIs are rate-limited. Optional authenticator-based MFA is available under Settings.
No security program is perfect. Report suspected vulnerabilities to security@syncmypayout.com.
8. Retention
- Account and bookkeeping data are retained while your organization is active and for a reasonable period after closure for backups, dispute resolution, and legal compliance
- Billing records may be retained longer as required by tax and accounting law
- Shopify shop redact requests trigger deletion of shop-scoped tokens and Shopify-sourced payouts as implemented in product
- You may request export or deletion of your account data by contacting privacy (subject to legal holds and residual backup cycles)
9. International transfers
We may process data in the United States and other countries where our providers operate. Where required, we use appropriate transfer mechanisms (for example standard contractual clauses) with subprocessors.
10. Your rights
Depending on your location, you may have rights to access, correct, delete, or export personal data, object to or restrict certain processing, and lodge a complaint with a supervisory authority. Contact privacy@syncmypayout.com. We will verify requests as appropriate.
11. Children
The Service is not directed to children under 16 (or higher age if required by local law). We do not knowingly collect personal information from children.
12. Changes
We may update this policy. We will revise the “Last updated” date and, for material changes, provide additional notice where appropriate.
13. Contact
Privacy questions: privacy@syncmypayout.com
After you form a legal entity, add the controller’s legal name and postal address here.