Privacy policy

Last updated: June 12, 2026

1. Who we are

Ventorify is operated by Cem Altay (sole proprietorship), Hauptstraße 46, 22967 Tremsbüttel, Germany ("we", "us"). You can reach us at support@ventorify.com.

Ventorify is a Shopify app that keeps inventory in sync between a Shopify store and external sales channels (Amazon, eBay, Etsy). For the store and order data we process to provide that service, the merchant is the controller and we act as processor under Art. 28 GDPR. For our own account, billing and support data, we are the controller.

2. Data we process

• Shopify store data. Shop name and domain, store contact email, products, variants, SKUs, inventory levels and locations.
• Order data. Orders and refunds, including line items, quantities and order status, to the extent needed to adjust stock and count plan usage. Buyer names and addresses contained in order records are not used beyond sync processing.
• Marketplace credentials. OAuth tokens for Amazon (SP-API), eBay and Etsy. We never see or store your marketplace passwords. Tokens are stored encrypted at rest.
• Account and usage data. Plan, settings, sync logs and technical logs (timestamps, error messages) needed to operate and debug the service.
• Support communication. Emails you send us, including their content and your email address.

3. Purposes and legal bases

• Providing the sync service, alerts, forecasting and purchase orders — performance of contract, Art. 6(1)(b) GDPR.
• Service emails about sync problems, plan limits and billing — performance of contract, Art. 6(1)(b) GDPR.
• Security, abuse prevention and debugging — legitimate interest, Art. 6(1)(f) GDPR.
• Optional product update emails — consent, Art. 6(1)(a) GDPR, revocable at any time.

4. Subprocessors and recipients

• Railway Corp. (USA) — application hosting and databases. Data may be processed in a third country; transfers are safeguarded by EU Standard Contractual Clauses.
• Resend, Inc. — transactional email delivery (alerts, service notices).
• Shopify International Ltd. — platform and billing; Shopify processes payment data, we never see card details.
• Amazon, eBay, Etsy — we transmit stock quantities and listing identifiers to the channels you connect. Each marketplace processes that data under its own terms.

Where a subprocessor is located outside the EU/EEA, transfers are protected by EU Standard Contractual Clauses or an adequacy decision. A current list of subprocessors is available on request.

5. Retention and deletion

• While the app is installed, we keep the data above to provide the service.
• When you uninstall, sync stops immediately. Store, order and credential data is deleted within 30 days, in line with Shopify's mandatory data deletion webhooks.
• Encrypted backups are kept for a technically limited rotation period and then deleted.
• Billing records are kept as long as German commercial and tax law requires (§ 257 HGB, § 147 AO).

We also honor Shopify's customer data redaction requests (customers/redact, shop/redact) within 30 days.

6. Your rights

Under the GDPR you have the right to access, rectification, erasure, restriction of processing, data portability and objection, and the right to withdraw consent with effect for the future. Contact support@ventorify.com to exercise them. You may also lodge a complaint with a supervisory authority; the authority responsible for us is the Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD), Kiel — www.datenschutzzentrum.de.

If your data reached us through a merchant's store, please contact that merchant first — they are the controller for store and order data.

7. Security

Data is encrypted in transit (TLS) and at rest. Marketplace tokens are additionally encrypted at the application level. Access to production systems is limited to people who need it to operate the service.

8. Changes

We will update this policy when the service or the law changes and post the new version here with a new date. Material changes are announced by email.