Privacy Policy - Doleray Sync

At Doleray, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Doleray Sync service.

1. Information We Collect

Account Information

When you register for an account, we collect:

Email address
Name (first and last)
Password (stored as bcrypt hash)
Account preferences and settings

API Credentials

To provide synchronization services, we collect and store:

TikTok Shop API credentials (encrypted with AES-256-GCM)
WooCommerce API credentials (encrypted with AES-256-GCM)
Connection names and configurations

Usage Data and Analytics

We automatically collect certain information when you use our Service:

Synchronization operations and results
API usage statistics
Error logs and diagnostic information
Feature usage patterns

Connection Information

For security and audit purposes, we log:

IP addresses
User agent information
Session data
Login timestamps and locations

2. How We Use Your Information

We use the collected information for the following purposes:

Service Operation: To provide, maintain, and improve our synchronization services
Security and Fraud Prevention: To detect, prevent, and address security issues and fraudulent activity
Product Improvement: To understand how users interact with our Service and identify areas for improvement
Communication: To send important service updates, security alerts, and administrative messages
Support: To respond to your requests and provide customer support
Compliance: To comply with legal obligations and enforce our terms

3. Data Security Measures

We implement industry-leading security measures to protect your data:

Encryption

At Rest: All API credentials are encrypted using AES-256-GCM encryption
In Transit: All data transmission uses HTTPS/TLS encryption
Password Storage: Passwords are hashed using bcrypt with salt rounds

Access Controls

Role-based access control (RBAC) for user permissions
Multi-factor authentication support
Session management with automatic expiration
CSRF token protection on all state-changing operations

Monitoring and Logging

Comprehensive audit logging of all user actions
Real-time security monitoring and alerts
Regular security assessments and penetration testing

4. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Specific retention periods:

Account Data: Retained while your account is active and for 30 days after deletion
API Credentials: Immediately deleted upon connection removal
Audit Logs: Retained for 90 days for security and compliance purposes
Analytics Data: Anonymized after 12 months

5. Third-Party Services

Our Service integrates with the following third-party platforms:

TikTok Shop: We use TikTok Shop API to access and sync your product data. TikTok's privacy policy applies to their services.
WooCommerce: We access your WooCommerce store data through their API. WooCommerce's privacy policy applies to their services.

We do not sell or share your personal information with third parties for their marketing purposes.

6. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

Right to Access

You can request a copy of your personal data at any time through your account dashboard or by contacting us.

Right to Delete

You can request deletion of your account and all associated data. We will process this within 30 days.

Right to Export

You can export your data in a machine-readable format (JSON/CSV) from your account settings.

Right to Object

You can object to certain data processing activities. Contact us to exercise this right.

7. Cookie Policy

We use cookies and similar technologies to:

Essential Cookies: Required for authentication and security (session cookies)
Analytics Cookies: Help us understand how you use the Service
Preference Cookies: Remember your settings and preferences

You can control cookie preferences through your browser settings, but note that disabling essential cookies may affect Service functionality.

8. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction. We ensure appropriate safeguards are in place for such transfers.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: contact@doleray.com
Website: https://doleray.com

Your Privacy Matters: We are committed to protecting your privacy and ensuring the security of your data. If you have any concerns or questions, please don't hesitate to reach out.