Synchronity
Merchant Portal

Privacy Policy

Last updated: June 11, 2026

Synchronity is AI-powered commerce infrastructure operated by Themewire (“we”, “our”, or “us”). This Privacy Policy explains what we collect, how we use and share it, and the choices you have when you interact with our gateway APIs, MCP servers and interactive cards, connectors, dashboard, and ChatGPT custom actions.

1. Information We Collect

  • Account & identifiers: Email address, Agent Identity Tokens (AIT), and delegation tokens. Connector keys are received transiently at site registration; we retain only a one-way hash, never the raw key.
  • Transaction & cart data: Items, variants, prices, store metadata, coupons, and order totals as you search, build carts, and check out.
  • Shipping information: Names, physical addresses, postal codes, phone numbers, and email addresses you provide during checkout.
  • Payment information: The payment method type and provider session references needed to complete an order. We do not store raw card numbers; card and mobile-money details are handled by the payment provider.
  • Public submissions: If you post to the shoutout wall, your handle and message are public. We store a one-way hash of the submitting IP address for abuse prevention — never the raw IP.
  • Audit & system logs: Request timestamps, IP addresses, user agents, endpoints called, and tamper-evident audit records used to enforce scopes and delegation.

2. How We Use Your Information

  • Enable autonomous product search, cart sync, checkout, and order tracking across connected stores.
  • Securely process payments and forward shipping details to the specific merchant you are buying from.
  • Gate sensitive actions behind human approval (OAuth device flow or an emailed one-time passcode) and keep an audit trail proving agents act only within granted scopes.
  • Monitor performance, enforce rate limits, screen public submissions, and prevent fraud or abuse.

3. How We Share Your Information

We only share data as needed to run the service:

  • Connected storefronts: When you cart or purchase on a merchant store (Shopify, WooCommerce, or a custom connector), we transmit your cart and shipping data to that merchant’s API to fulfil your request.
  • Payment processors: Payment details are passed to the relevant provider (e.g. mobile-money or card processors such as Paystack) to authorize and settle transactions.
  • Service providers: Infrastructure and email providers that host the gateway and deliver approval passcodes, bound by confidentiality obligations.
  • Legal & security: Where required by law, or to defend the safety, security, and integrity of our platform.

We do not sell, rent, or trade your personal information to advertisers or data brokers.

4. Payments

Synchronity facilitates payments but is not the merchant of record. We never store raw card numbers or full mobile-money credentials on our gateway; those are processed directly by the payment provider. Spending money always requires explicit human approval via delegation.

5. Public Content (Shoutouts)

Shoutouts are public and auto-published. Do not include personal or sensitive information in a submission. Handles and messages are validated and screened, and we may remove content that is abusive, deceptive, or violates these terms. To request removal of a shoutout, contact us.

6. Data Retention

We keep information for as long as needed to provide the service and meet legal, security, and audit obligations, then delete or anonymize it. Audit logs are retained only as long as required for security and legal purposes, as a tamper-evident record.

7. Data Security

  • All traffic is encrypted in transit via TLS/HTTPS.
  • Access is cryptographically verified with signed tokens (AIT); scopes are enforced server-side before any connector is touched.
  • Connector keys are stored only as HMAC hashes; raw keys never leave the gateway→connector wire.
  • Delegation tokens are single-use and short-lived.

8. Your Rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal information, and you may object to or restrict certain processing. To exercise these rights, contact us using the details below.

9. Children

Synchronity is not directed to children under 16, and we do not knowingly collect their personal information.

10. Changes

We may update this policy from time to time. Material changes are reflected by the “Last updated” date above; continued use after a change constitutes acceptance.

11. Contact Us

Questions, concerns, or data requests? Contact us at [email protected].