Privacy Policy

Introduction

We are UniSync ("we", "us", or "our"). This Privacy Policy explains how we collect, use, and protect your personal data, as well as the rights you have over your data as a visitor, customer, or merchant. In this Privacy Policy, "you" and "your" refer to any user of our services or any individual whose data we process according to this policy.

By accessing or using our website, apps, or any services, you agree to comply with the terms of this Privacy Policy and other policies available on our website. If you do not agree with these terms, please refrain from using our services.

From time to time, we may revise this Privacy Policy to reflect changes in our practices, operations, or legal obligations. Significant updates will be communicated to you through our website or other appropriate channels. Continued use of our services after these updates indicates your acceptance of the revised policy.

Information Collected from Merchants

When you install our app, we may automatically gather certain information from your Shopify account. This information is essential for us to provide our services, such as verifying your identity, maintaining communication, offering support, and delivering targeted marketing and advertising materials.

Information Collected from Merchants’ Customers

We do not collect personal data from the customers of our merchants. Our focus is exclusively on supporting merchants and does not involve gathering data about their customers.

Information Collected When You Visit Our Website

When you visit our website, we automatically collect certain information about your device, such as your browser type, IP address, time zone, and cookies installed on your device. This data is collected using technologies like cookies, log files, web beacons, tags, and pixels.

Our website may include links to third-party sites. If you follow these links, please review the privacy and security policies of those sites. We are not responsible for the privacy or security practices of these external sites.

How We Share Information

We do not sell your personal data to other organizations for commercial purposes. However, we may share your information with certain third-party services that assist us in delivering our services. These include, but are not limited to, Mixpanel, Clarity, Zendesk, and Customer.io.

• Mixpanel: We use Mixpanel to understand how customers use our app. Learn more about their data practices at Mixpanel Privacy Policy.

• Clarity: We use Clarity for app analytics insights. Learn more at Clarity Privacy Policy.

• Zendesk: We use Zendesk for communication and support. Learn more at Zendesk Privacy Notice.

• Customer.io: We use Customer.io for email marketing and managing customer lists. Learn more at Customer.io Privacy Policy.

Cross-Border Transfer

Please be aware that your personal information may be transferred, stored, and processed outside your home country, including the United States. Your data is also processed by our staff and third-party service providers in these locations.

Use of UniSync by Children

UniSync is not intended for use by children. If you are under 13, you may only use our site and services under the supervision of a parent or guardian.

Your Rights

We respect your rights over your personal information and take reasonable steps to enable you to access, correct, delete, or restrict the use of your data. If you are a merchant and wish to exercise these rights, please contact us at robertvu.work@gmail.com. We may require verification of your identity before granting access to your data.

If you are a customer of a merchant using UniSync and want to exercise your rights, please contact the merchant directly. We act as a processor on their behalf and will forward your request to them.

Retention

We understand the importance of data retention. Your personal data and store data will be deleted within 30 days after uninstalling the app. If you require immediate removal of your data, please contact us at robertvu.work@gmail.com, and we will assist you after verifying your identity.

We are committed to ensuring the security and privacy of your data, handling it in compliance with applicable laws and regulations.

Security Incident Response Policy

Our policy aims to establish a structured approach to identifying, reporting, evaluating, and addressing security incidents. The goal is to mitigate the impact of these incidents on our operations, reputation, and assets, ensuring we effectively manage and respond to security events.

Incident Severity Scales

• Level 1 (Low): Minor incidents resolved quickly without significant impact.

• Level 2 (Moderate): Noticeable impact requiring immediate attention to prevent further damage.

• Level 3 (High): Severe impact requiring immediate action to contain and resolve the incident.

Roles and Responsibilities

• Incident Response Team (IRT): Responsible for handling security incidents, comprising IT staff, security personnel, and other relevant stakeholders.

• Incident Coordinator: Oversees the incident response process, coordinating with the IRT and ensuring an efficient response.

• IT/Security Staff: Identifies, investigates, and resolves security incidents, restoring normal operations swiftly.

Escalation Paths

• Incident Reporting: Incidents must be reported to the IRT via a dedicated system, email, or phone, with a description and impact details.

• Initial Assessment: The IRT assesses the incident’s severity and decides on further escalation if necessary.

• Level 1 Escalation: Low-severity incidents resolved by the IRT.

• Level 2 Escalation: Moderate incidents escalated to the Incident Coordinator, involving additional resources.

• Level 3 Escalation: High-severity incidents escalated to senior management, potentially activating the emergency response plan.

Evidence Collection

All relevant systems, devices, and logs will be secured to prevent data alteration or deletion. This includes collecting and preserving electronic data like system logs and network traffic for further investigation.

Required Actions

• Incident Identification: Employees are trained to detect and report security incidents.

• Incident Categorization: The IRT assesses and categorizes the incident based on severity.

• Incident Containment: Immediate actions are taken to contain the incident and prevent further damage.

• Incident Analysis: The IRT analyzes the root cause and indicators of compromise.

• Incident Response: A response plan is developed, including clear procedures for communication and collaboration.

• Incident Recovery: The IRT works to restore normal operations while ensuring system and data security.

• Incident Review: After resolution, a post-incident review identifies lessons learned for future improvements.

Contact Information

For any questions about your personal data or this Privacy Policy, or to file a complaint, please contact us at robertvu.work@gmail.com.