Data Deletion

1. How to Delete Your Account and Data

1.1 In-App (Self-Service)

Sign in to OpSyncPro and navigate to Settings → Account → Delete Account. Confirm the prompt to start the deletion. The in-app flow is the fastest path and does not require human review.

1.2 Email Request

Send an email to privacy@opsyncpro.io with the subject line "Delete my account" from the email address associated with your account. We will respond within seventy-two (72) hours and confirm the deletion within the timelines described in Section 3.

1.3 Programmatic Deletion via Meta (Facebook, Instagram, Threads)

When you remove the OpSyncPro app from your Facebook, Instagram, or Threads account — for example, via Settings → Apps and Websites on Facebook, or via the equivalent setting in the Instagram or Threads app — Meta automatically sends OpSyncPro a data-deletion signal. We honor that signal automatically and no further action is required from you. You will receive an email with a confirmation code as described in Section 5.

2. What Gets Deleted

When we process a deletion request, we permanently delete the following categories of data associated with your account:

• Account profile, email address, password hash, and authentication records;
• Connected-integration metadata for every Third-Party Platform you have linked, including OAuth refresh tokens, access tokens, and per-workspace API keys;
• Posts, scheduled posts, drafts, comments, and direct-message threads handled through the Inbox feature;
• Order, shipment, and tracking records ingested via Gmail, AfterShip, Amazon SP-API, or other connected systems;
• Catalog products, listings, repricing rules, sourcing leads, spider results, and Product Launch dashboard data;
• Uploaded media (videos, thumbnails, attachments) stored in Supabase Storage;
• Cached metrics, analytics, and AI-generated artifacts tied to your account.

In addition, we revoke the OAuth grants we hold for your connected Third-Party Platforms by calling each platform’s revocation endpoint. This invalidates the access we previously held; the underlying data on those platforms remains under your control.

Encrypted database backups follow our rolling 30-day retention window described in Section 4.

3. Timeline

• Standard requests. Within thirty (30) calendar days of a verified request.
• Meta data-deletion callback. Within ninety (90) days, consistent with Meta Platform Policy.
• California (CCPA / CPRA). Within forty-five (45) calendar days, with one extension of up to forty-five (45) additional days where reasonably necessary.
• European Economic Area, United Kingdom, Switzerland (GDPR / UK GDPR). Without undue delay and within thirty (30) calendar days.

We will not extend any of the above timelines without notifying you in writing.

4. What We Retain

A limited set of data persists after account deletion, in each case for a specific and lawful purpose:

• Audit logs and tax/billing records. Retained for seven (7) years to satisfy United States Internal Revenue Service retention rules and comparable obligations in other jurisdictions.
• Aggregated, de-identified analytics. Statistical metrics that contain no Personal Data and cannot reasonably be re-identified.
• Encrypted database backups. Retained for a rolling thirty (30) days, then permanently purged.
• Legal-hold material. Where a litigation hold, subpoena, regulatory investigation, or comparable legal obligation requires continued retention, the affected records will be retained only for the period required and no longer.

None of the retained categories above include OAuth tokens, message bodies, Buyer PII, or any data we use to operate features on your behalf.

5. Confirmation Mechanism

When your deletion request is processed, you will receive an email confirming completion. The confirmation email contains:

• A unique confirmation_code identifying your request;
• The date and time the deletion was completed;
• A status URL where you can view request status for thirty (30) days after completion.

If you initiated the deletion via Meta’s data-deletion callback, the confirmation_code returned to Meta in the callback response matches the code in your confirmation email and can be cross-referenced.

6. Contact