← CountProof

Privacy Policy

Last updated: 6 July 2026

CountProof ("we", "us") is an inventory and order synchronisation service for online sellers, operated by Benjamin Horne (sole trader, Australia; ABN 49 452 393 782). This policy explains what data we handle when you connect your Shopify store and sales channels (eBay, Amazon), and how we protect it.

1. What we collect

What we do NOT collect: we do not store your customers' names, shipping addresses, emails, phone numbers, or payment details. Order records are trimmed to SKU and quantity before storage.

2. How we use it

Solely to provide the service: keeping stock levels consistent across your channels in real time, importing orders for fulfilment, generating your sync audit log, and supporting you when you ask. We do not sell data, and we do not use it for advertising.

3. Where it's stored

Data is stored in PostgreSQL databases hosted by Supabase, encrypted at rest (AES-256), and transmitted only over TLS. Our application is hosted on Vercel. Both are established infrastructure providers with SOC 2 compliance. Payment for subscriptions is handled by Shopify's billing system; we never see your card details.

4. Who we share it with

We do not share your data with third parties except the infrastructure subprocessors above (Supabase, Vercel) and the platforms you explicitly connect (Shopify, eBay, Amazon), and only as required to run the sync you asked for. We may disclose data if required by law.

5. Retention & deletion

We keep your data only while your app is installed and your subscription is active. When you uninstall CountProof or cancel, we revoke and delete your connection credentials, and your product/order/audit records are deleted on request. You can request full deletion at any time by emailing us.

6. Your rights

You can request a copy of your data, correction, or deletion at any time. For merchants and their customers in jurisdictions with data-protection laws (e.g. GDPR, the Australian Privacy Act), we honour access, rectification, and erasure requests. Platform-mandated data-deletion webhooks (e.g. Shopify's customers/redact, shop/redact) are handled automatically.

7. Security

Access to stored data is restricted to our server-side application via a single privileged role; there is no direct end-user database access. Credentials live as encrypted platform secrets, never in source control. Errors are monitored without capturing personal data or tokens.

8. Changes

We'll update this page if our practices change and revise the date above. Material changes affecting connected merchants will be communicated by email.

9. Contact

Questions or requests: ben@countproof.com. Written replies come from the founder, usually within a few business days.