Privacy Policy
Krenovate Solutions Pvt. Ltd. (“Krenovate,” “we,” “us,” or “our”), operating under the brand LinkZoho, values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect information in connection with our products and apps — LZ Books (“Automate Your Accounting”), which syncs your store’s sales into Zoho Books, and LZ SKU Sync (“Master Your Inventory”), which syncs Zoho Inventory products and stock into your store — each of which we offer as both a WooCommerce plugin and a Shopify app. By purchasing, installing, or using any of our products, apps, or websites, you agree to the practices described below.
1. Who We Are
Our products act as a secure bridge between your online store and your Zoho account, operated by Krenovate Solutions Pvt. Ltd. (brand: LinkZoho), based in India. Our Shopify apps are embedded apps that run inside your store’s admin; our WooCommerce products are plugins installed on your WordPress site. Our apps do not interact with your end customers (shoppers) directly — all interactions are with your store’s admin and your Zoho account.
When you install one of our apps on your store, you (the merchant) are the data controller for the customer data passed through the app, and we act as a data processor on your behalf.
2. What Data We Collect
Depending on the product you use, we receive and store the following categories of data:
Merchant account and installation data
- Your store address — your
myshopify.comdomain (Shopify) or your site URL (WooCommerce). - The session and authorization tokens issued during installation, used to authenticate requests to your store.
- For Shopify online sessions: your first name, last name, email, account-owner status, locale, and email-verified flag, as provided by Shopify.
Zoho connection data
- Your Zoho OAuth access and refresh tokens, which are encrypted at rest using AES-256-CBC.
- Your Zoho organization ID and name, the API endpoint / data-center region you choose, and organization metadata such as currency and country returned by Zoho.
Order and customer data (LZ Books)
When an order is created, updated, or refunded, your store sends us the order payload, which we cache to perform the sync to Zoho Books. This can include:
- Customer fields: name, email, phone, and billing and shipping addresses.
- Order fields: order number, line items, totals, taxes, shipping, discounts, payment gateway, fulfillment status, and financial status.
- For Mexican stores: SAT/RFC tax-related metafields registered at install.
Product and inventory data (LZ SKU Sync)
- Product and inventory information read from your Zoho Inventory account — such as SKUs, titles, descriptions, prices, stock levels, variants, and images — which we use to create or update the matching products in your store.
- LZ SKU Sync does not access your store’s customers or orders; it works only with product and inventory data.
Configuration data
- The settings you configure — such as template selections, tax mappings, payment-gateway-to-bank-account mappings, custom-field mappings, salesperson selection, warehouse-to-location mappings, sales-channel selections, and per-field sync preferences.
Sync state and audit logs
- For each item processed: the Zoho record IDs created (such as contact, sales order, invoice, payment, credit note, or product), the sync status (pending / success / partial / failed), retry attempt counts, and the log entries shown to you in the app.
- Receipts of the privacy-compliance webhooks Shopify sends us, retained for audit purposes.
Billing data
- Your active plan, total and used credits, billing-cycle dates, and a record of each charge you approve (charge ID, plan name, credits granted, and timestamp).
We do not collect or store payment-card numbers, CVVs, full bank-account details, passwords, or biometric data.
3. Why We Collect It
We use the data above strictly to:
- Authenticate your app installation.
- Make API calls to your Zoho account on your behalf.
- Create and maintain the records in Zoho or in your store that mirror your data (accounting records for LZ Books; product and inventory records for LZ SKU Sync).
- Apply your preferences when generating those records.
- Show you the status of each sync and provide retry, update, and delete actions on failures.
- Bill you for app usage.
- Comply with legal obligations, including the Shopify privacy-compliance webhooks.
We do not sell, rent, or trade any personal data to third parties, and we do not use this data for advertising, profiling, or any purpose beyond providing the product to you.
4. Where It’s Stored and How It’s Secured
- Database: PostgreSQL, hosted alongside the application; the connection string is held only as an environment variable on the server.
- Encryption at rest: Zoho access and refresh tokens are encrypted using AES-256-CBC with a key held only as an environment variable on the server. Where we keep anonymized purchase-history rows, the shop identifier is hashed using HMAC-SHA256 with a secret salt.
- Encryption in transit: all traffic between your store, our app, and Zoho uses TLS / HTTPS.
- Webhook authenticity: every Shopify webhook is HMAC-verified before it is processed.
- Access control: database access is restricted to the application service; there is no public administrative interface to the database.
While we work hard to safeguard your information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
5. How Long We Keep It
Different categories of data have different retention rules:
- While the app is installed: we retain the data necessary to operate the product for as long as you remain installed and connected.
- On uninstall (Shopify apps): when you uninstall the app, we immediately delete your Shopify session, app settings, and Zoho connection. Order sync state and billing records are retained for up to 48 hours to allow a seamless reinstall, so that reinstalling within that window does not lose your sync history or credits.
- 48 hours after uninstall (Shopify shop/redact): on receipt of Shopify’s mandatory shop-redaction webhook, we hard-delete your Shopify session, app settings, Zoho connection, order sync state, billing record, and privacy audit log. We retain anonymized purchase-history rows for aggregate financial reporting; the shop identifier in those rows is replaced with an irreversible HMAC-SHA256 hash so the rows can no longer be linked back to you.
- Customer data deletion (Shopify customers/redact): on receipt of Shopify’s customer-redaction webhook, we null the cached order payload for the listed orders within 30 days. Any records already created in your Zoho account remain there and are yours to manage. Because LZ SKU Sync does not hold customer data, such requests return no personal information for it.
- Customer data requests (Shopify customers/data_request): on receipt of a customer data request, we provide you with the data we hold for the listed orders within 30 days, via the in-app GDPR Requests page, so you can combine it with your own store data export and forward it to the customer.
- WooCommerce plugins: disconnecting your Zoho account revokes the authorization tokens and stops all syncing, and deactivating or deleting the plugin ends further data collection; you can contact us to request deletion of any associated records we hold.
- Legal retention: we also retain information for as long as necessary to meet legal, tax, and legitimate business obligations.
6. Who We Share It With
We share data only with the service providers needed to operate our products:
- Shopify Inc. — the commerce platform for our Shopify apps and the source of your Shopify store and order data (and, for Shopify purchases, in-app billing). Subject to Shopify’s Privacy Policy.
- Zoho Corporation — Zoho Books and Zoho Inventory, the source or destination of the records you sync, acted upon at your instruction. Subject to Zoho’s Privacy Policy.
We do not share data with any other third parties, with one exception: we may disclose data if required by a valid legal order (for example, a subpoena or court order). In any such case, we will notify the affected merchant unless we are legally prohibited from doing so. We do not sell your personal information or share it with advertisers or data brokers.
7. Your Rights Under GDPR and Similar Laws
If you are an end customer of a merchant using our products, the merchant — not us — is your primary point of contact for data rights, because the merchant is the data controller. Depending on your jurisdiction, you may have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate personal data.
- Right to erasure (“right to be forgotten”) — request deletion of your personal data.
- Right to restrict processing — request that we limit how your data is used.
- Right to data portability — receive your data in a commonly used format.
- Right to object — object to certain types of processing.
- Right to withdraw consent — where processing is based on consent.
- Right to lodge a complaint with a supervisory authority.
8. How to Exercise Your Rights
End customers: contact the merchant whose store you purchased from. They can issue a customer data request or customer erasure request through their store admin, which is automatically forwarded to us, and we will fulfill our part within 30 days.
Merchants: uninstalling the app triggers deletion of your data on the timelines described in section 5. To request immediate deletion or to exercise other rights, contact us at [email protected].
9. Cookies and Tracking
Our embedded Shopify apps use only the session cookies set by Shopify and Shopify App Bridge to maintain your admin session; they do not set first-party tracking, analytics, or advertising cookies, and they do not include third-party analytics scripts. Our websites use cookies and similar technologies to run the site, remember your preferences, and understand how the site is used, as described in our Cookie Policy.
10. Children’s Privacy
Our products are B2B integrations intended for use by store owners and are not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal information, please contact us so we can remove it.
11. Changes to This Policy
We may update this policy from time to time to reflect changes in our products, technology, or legal requirements. The “Last updated” date below reflects the most recent revision. For material changes, we will post the revised version on this page and notify merchants via the in-app dashboard at least 14 days before the changes take effect. Your continued use of our products and apps after changes take effect constitutes acceptance of the updated policy.
12. Related Policies
Please also review our related policies, which govern your use of our products:
13. Contact
If you have questions about this Privacy Policy or how we handle your information, please contact us:
- Krenovate Solutions Pvt. Ltd. (brand: LinkZoho), India
- Privacy and data requests: [email protected]
- General and sales enquiries: [email protected]
Last updated: 9 July 2026