Data Security

Last updated: November 27, 2025

1. Overview

Cart Sync (“we”, “our”, or “us”) is committed to maintaining the highest standards of security, confidentiality, and integrity for all data processed through our platform. We safeguard Meta Ads data, server-side event data, and customer information using industry-leading security practices. We do not sell, rent, or trade customer data—ever.

2. Encryption Standards

We use modern encryption protocols to protect all forms of data handled by Cart Sync:

  • Data in Transit: All communication between clients, servers, and APIs is protected using SSL/TLS encryption.
  • Data at Rest: Sensitive information, including OAuth tokens and hashed identifiers, is encrypted using AES-256.
  • Hashed Customer Data: Any customer identifiers (such as email or phone) sent to Meta are hashed using industry-standard hashing algorithms before transmission.

3. Secure Infrastructure

Cart Sync’s infrastructure is designed for resilience, scalability, and compliance. All servers and storage are hosted on enterprise-grade cloud providers with the following certifications:

  • ISO 27001
  • SOC 2 Type II
  • GDPR-ready systems

Daily backups are performed to ensure business continuity, allowing us to restore critical systems in case of unexpected failures.

4. System Monitoring & Reliability

Our systems are continuously monitored to detect performance issues, security anomalies, or unusual activity. This proactive monitoring enables our engineering team to resolve issues before they impact customers.

5. Access Control & Authentication

Access to Cart Sync’s internal systems is strictly controlled:

  • Authentication is required for all internal access, and passwords are securely hashed using bcrypt.
  • Only authorized staff with a direct operational need can access customer data.
  • Sensitive data is automatically masked where possible to reduce exposure risk.
  • OAuth tokens for Meta Ad Accounts are encrypted and stored securely with restricted access.

6. Customer Data Controls

We empower Cart Sync users with full control over what data is collected and processed:

  • Configuration options within our plugins allow customers to customize which events and parameters are transmitted server-side.
  • Any data shared with Meta follows the permissions granted through OAuth and Meta API scopes.
  • Customers may request data deletion or modification at any time.

7. Contact Us

If you have questions regarding Cart Sync’s data security practices, please contact our security team at: security@cartsync.org .