Privacy Policy

Sinewy Shop (“we”, “us”, “our”) is a multi-tenant SaaS eCommerce platform operated by Sinewy Technologies. Each merchant on the platform (“Merchant”) operates an independent storefront that we host and provide tooling for; their customers (“Shoppers”) interact with the Merchant's storefront, while we provide the underlying infrastructure.

This policy covers data that Sinewy Technologies handles as the platform operator. Individual Merchants may have their own privacy practices in addition to this; check the Merchant's storefront for their policy.

From Merchants signing up:

• Name, email address, and contact information you provide during onboarding.
• Shop configuration: shop name, URL slug, branding colours, currency, product catalogue, etc.
• Authentication data (hashed passwords, session tokens) managed by our auth provider.

From Shoppers visiting a Merchant's storefront:

• Anonymous request metadata (IP address, user-agent) for security, abuse prevention, and usage analytics.
• Cart contents stored in your browser's local storage. This data never leaves your device until you check out.
• At checkout: email and shipping address you provide. We share this with the Merchant so they can fulfil your order.

• To operate, maintain, and improve the platform.
• To send transactional emails (account creation, password reset, order confirmations).
• To protect the platform against abuse, fraud, and security threats.
• To comply with legal obligations and respond to lawful requests.

We do not sell personal data, run third-party advertising on storefronts, or use Shopper data for marketing without explicit opt-in.

Data is stored in encrypted Postgres databases (Supabase) and object storage (Cloudflare R2). Email is sent via OneSignal. Payment processing, when enabled, runs through the Merchant's chosen provider (Paystack, Flutterwave, Stripe). We never store payment card details ourselves.

You can request access to, correction of, or deletion of your personal data by emailing [email protected]. We respond to verifiable requests within 30 days. If you are a Shopper, contact the Merchant directly for data the Merchant collected through their storefront.

Essential cookies. We use a small number of essential cookies needed for authentication (signed-in customers and admins) and cart functionality. These are set only when you take an action that needs them (e.g. signing in, placing an order). They do not require your consent. We do not use third-party advertising or cross-site tracking cookies.

Analytics cookies (consent-gated). When you first visit any site on the platform we show a cookie banner with two equal buttons: Accept and Decline. Your choice is stored in your browser's local storage so we don't prompt again on the next visit.

• If you click Accept, each merchant storefront sets one first-party cookie (named sinewy.vid, a random identifier that lasts up to 30 days) so we can give the merchant basic visit counts on their own admin dashboard. On the sinewyshop.com marketing site we also load Microsoft Clarity, which records anonymised heatmaps and session replays of how visitors use the home page. None of this is shared across shops; the cookie is scoped to the subdomain you're on.
• If you click Decline, no analytics cookie is set and no pageviews are recorded for your visit. You can still browse, sign in, and place orders normally; only the analytics layer is suppressed.

You can change your choice at any time by clearing your browser's site data, which removes the stored decision and will trigger the banner again on your next visit.

We will update this page when our practices change. Material changes will be announced via email to active Merchants and posted here with a new “Last updated” date.

Questions about privacy: email [email protected].