Privacy Policy

1. Overview

eBay Xero Sync ("we," "our," or "us") provides a service that synchronizes transaction data from your eBay account to your Xero accounting system. This Privacy Policy explains how we collect, use, process, and protect your personal information in compliance with applicable privacy laws (including GDPR and CCPA), the eBay Developer Program Terms, Data Processing Addendum, Privacy Notice, and Xero API Terms of Use.

Please also review our Terms & Conditions and Cookies Policy for additional information about your rights and how our service operates.

2. Information We Collect

2.1 eBay Transaction Data

When you connect your eBay account, we may access:

• Transaction details (sale amounts, dates, item information)
• Buyer information (usernames, transaction IDs)
• Fee information (eBay fees, payment processing fees)
• Order and fulfillment data

2.2 Xero Account Data

When you connect your Xero account, we access only what is required to create accurate records, including:

• Organization details
• Chart of accounts
• Contact information for invoice creation

2.3 Service Usage Data

We collect limited technical logs (e.g., sync status, error logs) to operate and improve the service. This includes OAuth session cookies used solely for maintaining secure connections to Xero accounts.

3. How We Use Your Information

We use your information to:

• Provide synchronization between eBay and Xero
• Maintain and improve our service
• Comply with eBay's Developer Terms, Xero API Terms, and applicable laws

Legal Bases (GDPR):

• Performance of a contract (Article 6(1)(b) GDPR) to provide synchronization services
• Legitimate interests (Article 6(1)(f) GDPR) in maintaining and improving our service

4. Data Retention & Deletion

We retain eBay and Xero data only as long as necessary to provide the service or as required by law. Data will be deleted when:

• You disconnect our service
• You request deletion
• eBay requests deletion
• Data is no longer needed for synchronization
• Our eBay Developer participation ends

Xero data is treated separately and will be deleted immediately upon disconnection or request, or when no longer required to provide synchronization services.

5. Your Rights

Under GDPR:

You may request:

• Access to your data
• Correction of inaccurate data
• Deletion of your data
• Restriction or objection to processing

Under CCPA (for California residents):

• Right to know what personal information is collected
• Right to request deletion of personal information
• Right to opt out of the sale/sharing of personal information

We do not sell or share personal information as defined under CCPA.

You may also revoke access at any time via your eBay account settings.

6. Security

We use industry-standard measures to protect your information, including:

• Encryption in transit and at rest
• Secure token storage
• Access controls limiting who can see data
• Regular monitoring and auditing

Third-party processors:

• Xero (ISO 27001 certified) for accounting integration
• Hosting providers (industry-standard security practices)

These providers are bound by contractual obligations to protect your data.

7. International Transfers

If data is transferred outside the UK/EEA, we rely on Standard Contractual Clauses (SCCs), UK Addendum, or equivalent safeguards.

8. Data Protection Contact

We have appointed a Data Protection Contact responsible for overseeing privacy matters. You can reach them at:

9. Cookies

We use only necessary cookies to maintain login sessions and OAuth connections to Xero. We do not use tracking or advertising cookies. For more details, please see our Cookies Policy.

10. Compliance with eBay & Xero

Our processing of eBay user data strictly adheres to:

• eBay Developer Program Terms of Use
• eBay Data Processing Addendum
• eBay User Privacy Notice

Our processing of Xero account data strictly adheres to:

• Xero API Terms of Use
• GDPR and CCPA requirements

11. Children's Privacy

Our service is not intended for children under 18, and we do not knowingly process children's data.

12. Changes

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Updated versions will be posted here, with a "last updated" date displayed. Please review our Terms & Conditions for updates affecting your rights.

13. Contact Us

For privacy questions or requests, contact our Data Protection Contact: