Privacy Policy

Techfleet Inc. is a Canadian corporation (Business Number 763 777 620 RT 0001) registered in Manitoba. We operate the Techfleet Sync platform at sync.techfleet.dev and techfleet.ca. Techfleet Sync is a B2B SaaS platform that helps used-device merchants manage inventory, set pricing, synchronize product listings across third-party sales channels, generate shipping labels, and create live buyer-facing storefronts.

This Privacy Policy applies to all data processed through the Techfleet Sync platform, including data collected when merchants create accounts, connect third-party sales channels (such as Facebook, eBay, Shopify, and others), process shipments, and use the buyer-link checkout experience. It does not apply to the independent privacy practices of connected third-party platforms.

When you register, we collect your name, work email address, company name, and a password (stored as a salted hash via Clerk, our authentication provider). We do not store plaintext passwords. If you authenticate via a third-party identity provider (e.g., Google), we receive only the identity claims that provider issues.

You upload or sync product records to our platform, including device SKUs, IMEI or serial numbers, condition grades, pricing, stock quantities, images, and descriptions. This data belongs to you. We process it exclusively to deliver the service and do not use it for any other purpose.

When you connect a sales channel — such as Facebook Commerce, Instagram Shopping, eBay, Shopify, Back Market, Walmart, Mirakl, or TikTok Shop — we store the OAuth access tokens or API keys required to interact with that platform on your behalf. These credentials are stored encrypted and are used only to execute the actions you authorize: listing products, updating prices and stock, retrieving inbound orders, and managing your catalog.

When you connect your Facebook Business account, we request and receive: (a) a long-lived User Access Token scoped to catalog_management, business_management, pages_show_list, and instagram_basic; (b) your Facebook Business ID and business name; (c) your Facebook Product Catalog ID (or we create one on your behalf if none exists); and (d) product catalog data submitted by you through our sync engine. This data is used solely to create, update, and delete product listings in your Facebook and Instagram Shopping catalog as directed by you. We do not use Meta Platform Data for advertising, profiling, or any purpose unrelated to the catalog management service you have authorized.

Subscription billing and one-time charges are handled entirely by Stripe. We do not store credit card numbers, CVVs, or bank account details on our servers. We receive from Stripe a customer ID, subscription status, and the last four digits and card brand associated with your payment method for display purposes only.

When you create a shipping label through our ShipEngine integration, we collect the origin address, destination address, package dimensions, weight, and selected carrier and service. Shipment records, tracking numbers, label download URLs, and label cost are stored in your merchant database. Return labels and void operations are also logged.

We collect information about how you use the platform: pages visited, features used, API call volume, error events, and performance metrics. This is collected via PostHog, an analytics platform, and is used to identify bugs, improve reliability, and prioritize product development. We do not sell this data.

If you contact us by email, live chat, or our contact form, we retain those communications to respond to your inquiry and improve our support quality. Transactional emails (billing receipts, sync alerts, security notices) are delivered via Resend.

We use your information to create and manage your account, operate the inventory management and pricing engine, synchronize your product listings with connected channels, generate buyer links and checkout experiences, process shipping labels, and deliver real-time notifications about sync status and orders.

We use your Facebook access token and catalog ID exclusively to (a) submit product listings to your catalog via the Meta Catalog Batch API, (b) update prices and availability in response to changes you make in Techfleet Sync, and (c) delete listings from your catalog when instructed. We do not access your Facebook friends list, personal timeline, ad accounts, or any data outside the catalog_management, business_management, pages_show_list, and instagram_basic permission scopes.

We use your Stripe customer information to charge for subscription plans, apply usage-based overages, issue refunds where applicable, and send billing receipts. We use your subscription status to enforce plan limits and grant or restrict access to features.

We send service-related emails including account confirmations, password resets, billing receipts, sync failure alerts, and security notices. These are non-optional and necessary for the service. With your explicit consent, we may also send product updates and promotional communications. You can unsubscribe from marketing emails at any time via the unsubscribe link in each email.

Aggregated and anonymized usage data helps us understand which features merchants rely on, identify performance bottlenecks, and plan roadmap priorities. Individual usage records are not sold or shared with third parties for their own commercial use.

We may process your information to comply with applicable law, respond to valid legal process (such as court orders or subpoenas), enforce our Terms of Service, prevent fraud or abuse, and protect the safety of our platform and its users.

Our platform runs on Cloudflare's global network, including Cloudflare Workers (serverless compute), Cloudflare D1 (relational database), Cloudflare R2 (object storage), and Cloudflare KV (key-value store). Data is stored and processed within Cloudflare's infrastructure. Cloudflare processes data under its Data Processing Addendum.

User identity and session management is provided by Clerk, Inc. Clerk processes authentication data (email, password hash, session tokens) on our behalf under a data processing agreement.

All payment card processing is handled by Stripe, Inc. Stripe is a PCI DSS Level 1 certified payment processor. We share your billing information with Stripe solely for the purpose of processing payments.

Shipping label creation and carrier rate shopping is powered by ShipEngine. When you create a label, we transmit the shipment details (addresses, dimensions, weight) to ShipEngine, who processes this data under their privacy policy and passes it to the selected carrier.

When you sync products to a connected channel (Facebook, eBay, Shopify, Back Market, Walmart Marketplace, Mirakl, TikTok Shop), your product data is transmitted to that platform as required to complete the sync. You control which channels are connected and can disconnect any channel at any time.

Aggregated, pseudonymized usage events are processed by PostHog, Inc. for product analytics. PostHog does not receive personally identifiable information beyond a pseudonymous user identifier.

Transactional and marketing emails are delivered via Resend, Inc. Resend processes your email address solely for the purpose of delivering messages you have a legitimate interest in receiving.

If Techfleet Inc. is acquired, merged with another company, or substantially all of its assets are transferred, your data may be transferred as part of that transaction. We will provide notice of any such transfer and any change in applicable privacy policy before it takes effect.

We may disclose your information if required by applicable law, regulation, legal process, or governmental request, or where disclosure is necessary to protect the rights, property, or safety of Techfleet, our merchants, or the public.

We do not sell, rent, or trade your personal information, inventory data, or Meta Platform Data to third parties for their own use. This applies regardless of the definition of 'sale' under any applicable law, including the California Consumer Privacy Act.

Via the permissions you grant during Facebook OAuth, we access your Facebook Business ID, Business name, User Access Token, and Product Catalog ID. Through the Catalog Batch API, we submit the product records you have in Techfleet Sync to your catalog. We do not access your personal Facebook profile, News Feed, friends, messages, or any data outside the authorized permission scopes.

Your Facebook access token and catalog credentials are stored encrypted in your merchant database (Cloudflare D1), using AES-256 encryption at rest. Tokens are never logged in plaintext and are not stored in browser cookies or local storage.

We retain your Facebook access token and catalog ID for as long as your Facebook channel is connected in Techfleet Sync. If you disconnect your Facebook channel or delete your Techfleet account, your access token and associated catalog credentials are deleted from our systems within 30 days.

You can request deletion of all Meta Platform Data associated with your account at any time by disconnecting your Facebook channel in the Channels settings, or by contacting us at hello@techfleet.ca. Upon receiving a deletion request, we will remove your access token, catalog ID, and all associated sync records within 30 days and provide written confirmation.

Meta Platform Data is not used for advertising, re-targeting, audience building, profiling, or any purpose other than operating the catalog sync feature you have authorized. It is not combined with data from other sources for any purpose that is not disclosed in this policy.

You can revoke Techfleet Sync's access to your Facebook account at any time through Facebook's App Settings (facebook.com/settings?tab=applications). Upon revocation, any subsequent attempts by our system to use the revoked token will fail, and our system will mark your channel as disconnected.

We retain your account data, inventory records, sync history, and order records for as long as your account is active. We keep this data to ensure continuity of service and to allow you to access historical sync logs and order history.

OAuth tokens and API keys for connected channels are retained for as long as the channel is connected. Disconnecting a channel removes the associated credentials from our active database within 24 hours.

When you delete your Techfleet Sync account, we will delete your personal information, inventory data, and all connected channel credentials within 30 days of account closure. Billing records and transaction history may be retained for up to 7 years as required by Canadian tax and accounting regulations.

Deleted data may persist in encrypted, off-site backup snapshots for up to 90 days following deletion, after which it is irreversibly purged as part of our standard backup rotation schedule.

All communications between your browser and our platform are encrypted using TLS 1.3. Data stored in our Cloudflare D1 databases and R2 object storage is encrypted at rest using AES-256. OAuth tokens, API keys, and other credentials are stored encrypted and are never exposed in plaintext in logs or error messages.

We operate entirely on Cloudflare's globally distributed infrastructure, which provides built-in DDoS protection, Web Application Firewall (WAF), and isolated execution environments via Cloudflare Workers. Production database access requires authenticated API tokens scoped to specific operations.

Access to production systems and databases is restricted to a small number of authorized personnel. All access is authenticated via hardware security keys and MFA. No production credentials are stored in version control or configuration files committed to source repositories.

In the event of a security incident affecting your personal data or channel credentials, we will notify you at your registered email address within 72 hours of becoming aware of the breach, in compliance with PIPEDA, GDPR Article 33, and applicable Canadian provincial laws.

You can export your product inventory and order history at any time from your account settings in CSV or JSON format. You can also request a copy of all personal information we hold about you by contacting hello@techfleet.ca.

You can update your name, email, and company information at any time through the account settings in Techfleet Sync. If you believe any information we hold is inaccurate, contact us and we will correct it within 5 business days.

You can request deletion of your account and all associated data at any time through the account settings or by emailing hello@techfleet.ca. We will confirm receipt within 2 business days and complete deletion within 30 days.

If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. This includes the right to access your personal information, challenge its accuracy, and withdraw consent for its use (subject to legal or contractual obligations). Contact our privacy officer at hello@techfleet.ca to exercise these rights.

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation including the right to access, rectify, erase, restrict processing of, and port your personal data, and the right to object to processing and to lodge a complaint with your local supervisory authority. Our lawful basis for processing is primarily contract performance (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)). Contact hello@techfleet.ca to exercise GDPR rights.

California residents have the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To submit a verifiable request under the CCPA, contact hello@techfleet.ca.

In addition to the rights above, you may revoke Techfleet Sync's access to your Facebook account at any time through Facebook's App Settings. You may also request deletion of all Meta Platform Data we hold by contacting hello@techfleet.ca. See Section 5 for details.

We use cookies that are strictly necessary for the platform to function: session authentication tokens issued by Clerk, CSRF protection tokens, and user preference settings. These cookies cannot be disabled while using the platform.

With your consent, we use PostHog to collect anonymized usage data via first-party cookies. PostHog events are processed on our behalf and are not shared with advertising networks. You can disable analytics tracking through your browser's cookie controls or by contacting us.

We do not use advertising cookies, Facebook Pixel, Google Ads tags, or any tracking technology for the purpose of advertising or remarketing. We do not pass identifiers to ad networks.

Techfleet Sync is a business-to-business platform intended for use by companies and their authorized representatives. We do not knowingly collect personal information from individuals under the age of 16. If we become aware that we have inadvertently collected information from a minor, we will delete it promptly. Contact hello@techfleet.ca if you believe this has occurred.

We may update this Privacy Policy from time to time as our services evolve or applicable laws change. If we make material changes — particularly to how we handle personal information or Meta Platform Data — we will notify you by email to your registered address and display a prominent notice in the Techfleet Sync dashboard at least 14 days before the changes take effect.

Continued use of the service after the effective date of an updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you may close your account prior to the effective date.

For questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at hello@techfleet.ca. We will acknowledge your request within 2 business days and provide a substantive response within 30 days.

Techfleet Inc., 1855 Ness Ave Unit 4, Winnipeg, MB R3J 0Y5, Canada. Business Number: 763 777 620 RT 0001.

For requests specifically related to data received from Meta or Facebook — including access, correction, or deletion of Facebook catalog credentials — email hello@techfleet.ca with the subject line 'Meta Data Request'. We will process your request within 30 days and provide written confirmation of the action taken.