Systerra ERP

Privacy Policy

Last updated: May 2, 2026·sys-terra.com/privacy-policy
01

Introduction

This Privacy Policy describes how Systerra (“we,” “us,” or “our”) collects, uses, and handles data when you install and use the Systerra Shopify Connector (the “App”). The App integrates your Shopify store with the Systerra ERP platform to synchronize product, order, and customer data.

By installing the App, you agree to the practices described in this policy. If you do not agree, please uninstall the App and contact us to request deletion of your data.

02

Data We Collect from Shopify

When you connect your Shopify store, the App accesses the following data through the Shopify API using only the permissions required for the integration to function:

Products

Title, description, vendor, product type, tags, status, price, compare-at price, SKU, barcode, weight, variant options (e.g., size, color), and product images. Used to create and maintain item records in the Systerra inventory module.

Orders

Order number, line items, quantities, unit prices, order status, financial status, fulfillment status, shipping address, billing address, discount codes, and the associated customer reference. Used to create sales order records in Systerra.

Customers

First name, last name, email address, phone number, and default shipping and billing addresses. We do not collect payment card details — these remain with Shopify's payment processing infrastructure.

03

Data We Send to Shopify

The App pushes the following data from Systerra back to your Shopify store:

Inventory Levels

Available stock quantities per product variant, calculated in real time from Systerra's inventory module. This keeps your Shopify storefront accurate and prevents overselling. We do not push any customer, order, or financial data back to Shopify.

04

How We Use Your Data

  • Syncing your Shopify product catalog into the Systerra item master
  • Creating and updating sales order records from incoming Shopify orders
  • Creating and updating customer records within Systerra
  • Pushing accurate stock levels back to your Shopify storefront
  • Providing support and responding to technical issues with the integration

We do not use your data for advertising, profiling, or any purpose beyond operating the integration. The App does not use tracking cookies or third-party analytics tools.

05

Data Sharing

We do not sell, rent, or share your data with third parties for marketing or advertising purposes. Data may be shared only in the following limited circumstances:

  • Infrastructure providers: The Systerra platform is hosted on Railway (EU region). Railway processes data solely on our behalf and under confidentiality obligations.
  • Legal requirements: We may disclose data if required by Egyptian law, court order, or other legal process.
06

Data Retention

Data synced from your Shopify store is retained for as long as your Systerra account is active. When you close your account, we will delete all associated data within 30 days. When you uninstall the App, we will delete all associated Shopify store data within 30 days of receiving the shop/redact webhook from Shopify. To request earlier deletion, contact us at [email protected].

07

Security

  • TLS encryption for all data in transit between Shopify, your browser, and our servers
  • Encryption at rest for stored data
  • Role-based access controls — users can only access data belonging to their organization
  • Short-lived authentication tokens with automatic rotation
  • Brute-force protection on all authentication endpoints
08

Shopify Mandatory Data Requests

As required by Shopify's API Terms of Service, the App responds to the following mandatory GDPR webhooks:

Customer Data Request

customers/data_request

When a customer requests a copy of the data a merchant holds about them, we will provide a summary of the relevant customer record stored in Systerra within 30 days.

Customer Redact

customers/redact

When a merchant requests deletion of a customer's personal data, we will remove that customer's record from Systerra within 30 days.

Shop Redact

shop/redact

Sent by Shopify 48 hours after a merchant uninstalls the App. We will delete all data associated with that store within 30 days.

To submit a data request directly, contact [email protected] with the subject line “Data Request.”

09

Your Rights

Under applicable data protection regulations, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Deletion: request erasure of your personal data
  • Portability: request an export of your data in a machine-readable format
  • Objection: object to processing based on legitimate interest

To exercise any of these rights, contact [email protected]. We will respond within 30 days.

10

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 14 days before the changes take effect. Continued use of the App after the effective date constitutes acceptance of the updated policy.

11

Contact

For any questions, data requests, or privacy concerns:

Systerra

[email protected]

Cairo, Egypt