Data Processing
How GhostSync processes merchant data
This page summarizes GhostSync's processor role, subprocessors, and the retention and deletion rules that apply to merchant data.
Last updated: April 3, 2026
Controller and processor roles
GhostSync acts as the controller for its own account, billing, and support data. For merchant inventory workflows, GhostSync acts as a processor that handles supplier files and Shopify inventory data on the merchant's behalf.
Review the EU/UK privacy procurement packet for the current customer DPA template, transfer addendum, subprocessor appendix, and the steps GhostSync uses to issue executed paperwork before production use.
What we process
- Merchant account details needed to operate GhostSync.
- Supplier email attachments and extracted inventory rows.
- Shopify catalog identifiers and inventory quantities.
- Operational sync logs, support context, and billing status metadata.
Subprocessors
| Provider | Purpose | Categories | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, storage, compute, messaging, and encryption support. | merchant account data, supplier uploads, sync logs, application telemetry | United States |
| Shopify | Product catalog reads and inventory quantity updates through the Shopify Admin API. | product catalog data, inventory quantities | Canada / United States |
| Stripe | Subscription checkout, billing portal, and payment processing. | billing customer IDs, subscription status, payment records | United States |
| SendGrid | Inbound supplier email parsing and optional transactional email delivery. | supplier email envelopes, inbound attachments, transactional email metadata | United States |
| Amazon SES | Primary outbound email delivery for transactional notifications. | notification email metadata | United States |
| OpenAI | Supplier template generation during onboarding only. | sample onboarding files | United States |
| Plausible Analytics | Cookieless marketing-site analytics. | anonymous page analytics | European Union |
Retention and deletion
- Raw supplier uploads: Deleted after 24 hours.
- Merchant data: Core merchant records are retained until a verified deletion request is processed. Some billing, support, security, audit, and provider-side records may follow separate retention rules.
- Account deletion: The current deletion flow removes core merchant records immediately, but some supporting, provider-side, finance, support, and log records may follow separate retention or manual cleanup workflows.
- Shopify uninstall: GhostSync blocks further live syncs as soon as Shopify sends
app/uninstalled, requests end-of-period cancellation for any active paid subscription, and finishes merchant-data deletion when Shopify later sendsshop/redact. - Sync logs: Operational sync history remains available for the currently covered merchant records. Self-serve export currently includes the last 90 days of sync logs, not a full system-wide archive.
Export and contact
GhostSync's current self-serve export covers the merchant profile, supplier configuration, unknown SKU history, subscription history, up to 200 billing events, support requests, approval requests, current team records and invite history, the last 90 days of sync logs, and the newest 365 days of merchant-facing audit events. It is still not a full provider-side or system-wide archive.
Merchants can request privacy help through privacy@ghostsync.io. Security details and current deletion posture are also documented on the Security page.