Security

Your data, your control.

You're In Control

Sync As A Service puts users in control of their purchase data:

You Control

How It Works

Which retailers to connect

Choose only the retailers you want to share

What data is shared

Only purchase history—never payment info

Who sees your data

Only the app you're using, with your permission

When to disconnect

Remove any retailer connection at any time

Your account

Sign out or delete your data whenever you want

✅ Shared With Partner Apps

Product names and prices
Order dates
Retailer names
Delivery status

❌ Never Shared

Credit card numbers
Billing addresses
Shipping addresses
Payment methods
Passwords (never stored)

Your financial and personal address information stays private.

Your Credentials Are Safe

When you connect a retailer account:

You enter your credentials directly in the secure widget
Credentials are encrypted and used once to verify your account
Then immediately discarded — we never store your passwords
You stay logged in via secure tokens (not your password)

We never see, store, or have access to your retailer passwords.

Portable Identity

Your phone number is your identity across all Sync As A Service-powered apps:

One account — Connect retailers once, use everywhere
Your choice — Decide which apps can access your data
Easy to manage — See all connected apps in one place

If you connect Amazon in App A, you don't need to re-enter credentials in App B—your connections travel with you (with your permission).

Data Deletion

You can delete your data at any time:

Disconnect a retailer — Removes that connection and related data
Sign out — Ends your session
Delete account — Removes all your data permanently

Contact the app you're using or reach out to us directly for account deletion.

For Partners: Security Best Practices

Token Handling

// Recommended - httpOnly cookie
res.cookie("bc_token", token, {
  httpOnly: true,
  secure: true,
  sameSite: "strict",
});

API Security

All API communication uses TLS 1.2+ encryption
HTTPS only — HTTP is not supported
Short-lived tokens — Access tokens expire in 1 hour
Token revocation available for immediate invalidation

Compliance

Sync As A Service is working toward:

SOC 2 Type II certification
GDPR compliance
CCPA compliance

Questions?

For security inquiries or to report concerns, contact your integration partner or see our security policy.

PreviousWebhooks NextTroubleshooting

Last updated 1 month ago

hashtagYou're In Control

hashtagWhat We Share (And What We Don't)

hashtag✅ Shared With Partner Apps

hashtag❌ Never Shared

hashtagYour Credentials Are Safe

hashtagPortable Identity

hashtagData Deletion

hashtagFor Partners: Security Best Practices

hashtagToken Handling

hashtagAPI Security

hashtagCompliance

hashtagQuestions?