Get Started

Privacy Policy | HumSync Epicor P21 Shopify App

Epicor P21 Integration for Shopify

Last Updated: April 2026

1. Introduction

This Privacy Policy describes how the HumSync app (“we,” “our,” or “the App”), developed and operated by HumCommerce, collects, uses, and protects your information when you use our Shopify application that integrates your Shopify store with your Epicor P21 ERP system.

By installing and using this App, you agree to the collection and use of information in accordance with this policy.

Important: We do not sell, rent, or monetize your merchant or customer data. We act solely as a data processor to facilitate integration between your Shopify store and your Epicor P21 ERP system.

2. Information We Collect

2.1 Shopify API Permissions

During installation, the App requests the following Shopify API access scopes to function properly:

  • read_products, write_products: To sync product information (names, descriptions, prices, SKUs, barcodes, variants) with Epicor P21
  • read_orders, write_orders: To sync orders, order statuses, and pick ticket information between Shopify and P21
  • read_customers, write_customers: To sync customer and company information bi-directionally
  • read_inventory, write_inventory: To synchronize real-time inventory levels from P21
  • read_fulfillments, write_fulfillments: To sync shipment, fulfillment, and pick ticket status updates from P21 back to Shopify
  • read_locations: To access store and warehouse location information
  • read_price_rules: To access pricing rules and customer-specific pricing from P21

You explicitly grant these permissions during the OAuth installation process. You can revoke access at any time by uninstalling the App.

2.2 Shopify Store Data

Based on the granted permissions, we collect and process the following data from your Shopify store through the Shopify API:

Products

  • Product information (names, descriptions, prices, SKUs, barcodes)
  • Product variants, inventory levels, and warehouse-specific stock quantities
  • Product faceting, sorting, and list price data

Orders

  • Order details (order numbers, dates, statuses, selected warehouse)
  • Order line items and quantities
  • Financial status and payment information
  • Fulfillment, shipment, and pick ticket status information

Customers and Companies

  • Customer names, email addresses, and phone numbers
  • Customer addresses (billing and shipping)
  • Company information, contacts, and locations
  • Customer purchase history and order associations

Inventory and Pricing

  • Real-time inventory levels per warehouse location
  • Customer-specific and list pricing from P21
  • Pricing rules and warehouse selection per session

Fulfillments

  • Fulfillment orders and shipment status
  • Pick ticket status updates from P21
  • Shipping and delivery tracking information

Store Configuration

  • Store location and warehouse mapping information
  • Access tokens and session data
  • Store subscription and plan information

2.3 Epicor P21 Connection Data

To establish integration with your Epicor P21 ERP system, we collect:

  • P21 server connection details and authentication tokens
  • P21 user credentials (stored in encrypted format via AWS Secrets Manager)
  • P21 warehouse configuration and mapping information

Note: P21 credentials are encrypted and stored securely using AWS Secrets Manager. We do not have access to your unencrypted P21 credentials.

2.4 Merchant Account Information

When you install the App, we collect:

  • Your Shopify shop domain
  • Merchant email address and name
  • Shopify access tokens (for API communication)
  • Session information and authentication data
  • Store subscription status and plan details
  • Locale, timezone, and currency preferences

2.5 Sync and Mapping Data

We store mapping relationships between:

  • Shopify product IDs and P21 product/item IDs
  • Shopify customer IDs and P21 customer/company IDs
  • Shopify order IDs and P21 order/pick ticket IDs
  • Warehouse and location mapping data
  • Inventory and fulfillment synchronization status

2.6 Logs and Activity Data

We maintain logs of:

  • Integration activities and synchronization events
  • Error messages and troubleshooting information
  • API calls and responses between Shopify, the Core App, and P21
  • System performance metrics

3. How We Use Your Information

3.1 Core Functionality

  • Product and Pricing Sync: Synchronize product data, inventory levels, and pricing between Shopify and P21 (scheduled every 24 hours for bulk sync, real-time for pricing and inventory)
  • Order Processing: Automatically create and sync orders in P21 when orders are placed in Shopify, including selected warehouse information
  • Customer and Company Sync: Bi-directionally sync customer, company, contact, and location data between Shopify and P21
  • Inventory Management: Provide real-time inventory availability per warehouse via cached pricing files and Redis
  • Fulfillment and Shipment Tracking: Sync shipment status, fulfillment updates, and pick ticket status from P21 back to Shopify via webhooks

3.2 Service Improvement

  • Troubleshooting: Diagnose and resolve integration issues
  • Performance Monitoring: Monitor sync performance and optimize operations
  • Feature Development: Understand usage patterns to improve the App

3.3 Compliance and Legal

  • Privacy Requests: Respond to customer data requests and deletion requests as required by law
  • Legal Compliance: Comply with applicable privacy laws and regulations

4. Data Storage and Security

4.1 Data Storage

  • All data is stored securely on our servers using industry-standard encryption
  • P21 credentials are encrypted at rest using AWS Secrets Manager
  • Real-time pricing and inventory data is cached using Redis with appropriate expiration policies
  • Sync mapping and configuration data is stored in MongoDB with access controls
  • Static assets (JS, pricing files) are stored on Amazon S3 / Google Cloud Platform
  • Database access is restricted and monitored

4.2 Security Measures

  • Encryption: Sensitive data, including P21 credentials and access tokens, is encrypted using secure encryption algorithms
  • Access Controls: Access to your data is restricted to authorized personnel only
  • Secure Transmission: All data transmitted between our servers, Shopify, and P21 uses HTTPS/TLS encryption
  • Token Management: Shopify access tokens and P21 auth tokens are securely stored and managed via AWS Secrets Manager
  • Monitoring: We monitor our systems for security threats and unauthorized access

4.3 Data Location

Your data is stored on secure cloud servers (AWS / GCP). The exact location may vary based on our hosting infrastructure, but we ensure compliance with applicable data protection laws.

5. Third-Party Integrations

5.1 Shopify

  • The App integrates with Shopify to access your store data via Shopify’s APIs
  • We only access data that you authorize through the Shopify OAuth process
  • Your relationship with Shopify is governed by Shopify’s Terms of Service and Privacy Policy

5.2 Epicor P21

  • The App connects to your Epicor P21 ERP system using credentials you provide
  • Data is transmitted between our Core Application and your P21 instance via authenticated API calls
  • We act as a data processor, transferring data between Shopify and your P21 system as instructed by you
  • Your use of Epicor P21 is governed by Epicor’s terms and privacy policies

5.3 Cloud Infrastructure Providers

  • We use Amazon Web Services (AWS) for secrets management, asset storage, and hosting
  • We use Google Cloud Platform (GCP) for asset storage where applicable
  • These providers act as sub-processors and are contractually bound to protect your data

5.4 No Other Third Parties

We do not sell, rent, or share your data with any third parties except as necessary to provide the App’s core functionality (Shopify, your P21 instance, and our cloud infrastructure providers).

6. Merchant Data vs. Customer Data

6.1 Merchant Data

  • Definition: Data related to you as the store owner (shop configuration, P21 credentials, app settings, sync preferences, warehouse mappings)
  • Control: You are the data owner; we are the data processor
  • Usage: Used solely to provide the integration service
  • Not Sold: We never sell, rent, or monetize merchant data

6.2 Customer Data

  • Definition: Data related to your store’s customers (names, emails, addresses, order history, company associations)
  • Control: You are the data controller; we are the data processor acting on your behalf
  • Usage: Processed only to synchronize with your P21 system as instructed by you
  • Not Sold: We never sell, rent, or monetize customer data
  • GDPR Rights: Customer data deletion requests are honored automatically via Shopify’s mandatory compliance webhooks

6.3 Data Controller and Processor Relationship

Under GDPR and similar privacy laws:

  • You (the Merchant) are the Data Controller for your customer data
  • We (HumCommerce) are the Data Processor acting on your instructions
  • We process data only as necessary to provide the integration service
  • We do not use customer data for any purpose other than facilitating the Shopify–P21 synchronization

7. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal data to third parties, except:

  • To Your P21 System: Data is transferred to your Epicor P21 ERP system as part of the integration functionality
  • To Shopify: Data access is through Shopify’s API as authorized by you
  • Legal Requirements: We may disclose data if required by law or in response to valid legal requests
  • Service Providers: We use trusted cloud infrastructure providers (AWS, GCP) to operate our services; they are contractually bound to protect your data

8. Your Rights and Choices

8.1 Access to Your Data

  • You can access your store’s sync data through the HumSync Dashboard
  • You can view synchronization logs and activity history
  • You can export your mapping data and sync status

8.2 Data Deletion

  • Uninstall the App: When you uninstall the App from your Shopify store, we will delete your data as required by Shopify’s policies
  • Shop Redaction: After app uninstallation, Shopify sends a shop redaction request, and we will permanently delete your data within the required timeframe
  • Customer Redaction: We honor customer data deletion requests received through Shopify’s privacy webhooks
  • Manual Deletion: You can contact us to request deletion of your data

8.3 Data Correction

  • You can update your P21 connection credentials at any time through the App settings
  • Sync errors and issues can be resolved through the Dashboard interface

8.4 Revoke Access

  • You can revoke App access at any time by uninstalling the App from your Shopify admin
  • Uninstalling will stop all data synchronization and initiate data deletion procedures

9. Data Retention

  • Active Accounts: We retain your data for as long as the App is installed and active on your Shopify store
  • After Uninstallation: After you uninstall the App, we retain data only as necessary to complete pending sync operations, comply with legal obligations, and resolve disputes. Data is then permanently deleted within 48–72 hours of uninstallation (as per Shopify’s shop redaction webhook)
  • Logs: Error logs and activity logs may be retained for a limited period (up to 90 days) for troubleshooting and service improvement purposes
  • Cached Data: Real-time pricing and inventory data in Redis cache is automatically expired based on configured TTL policies

10. Privacy Requests (GDPR / CCPA Compliance)

We comply with data protection regulations including GDPR, CCPA/CPRA, and other applicable privacy laws. Our App implements Shopify’s mandatory compliance webhooks to handle privacy requests automatically:

10.1 Customer Data Requests (customers/data_request)

  • When a customer requests their data from your store through Shopify, we receive an automated webhook notification
  • We will provide all customer data stored by the App within 30 days of the request
  • Data provided includes: customer profile information, associated orders, company associations, and synchronization history

10.2 Customer Data Deletion (customers/redact)

  • When a customer requests deletion of their data through Shopify, we receive an automated webhook notification
  • We will permanently delete all customer information from our systems within 30 days
  • Deleted data includes: customer profiles, contact information, order associations, company mappings, and any personally identifiable information
  • Once deleted, the data cannot be recovered

10.3 Shop Data Deletion (shop/redact)

  • When you uninstall the App, Shopify sends us a shop redaction webhook request
  • We will permanently delete all associated shop data within 48 hours of receiving the request
  • Deleted data includes: all store data, products, orders, customers, inventory mappings, P21 credentials, access tokens, warehouse configurations, and all settings
  • This deletion is automatic and permanent

10.4 Manual Privacy Requests

You can also submit privacy requests directly to us via our Contact Us page at humcommerce.com/contact-us. We will process manual requests within the same timeframes as webhook-based requests.

11. Cookies and Tracking Technologies

11.1 Session Cookies

  • We use session cookies to maintain your login state and authenticate requests to Shopify
  • These cookies are essential for the App to function properly
  • Session cookies are automatically deleted when you close your browser or log out

11.2 Client-Side Caching

  • The App uses IndexedDB (client-side browser storage) to cache real-time pricing and warehouse selection data for performance
  • This data is stored locally on the customer’s device and is not transmitted to third parties

11.3 Authentication Tokens

  • We store Shopify OAuth access tokens securely to communicate with your store
  • These tokens are encrypted and stored server-side only

11.4 No Third-Party Tracking

  • We do not use analytics cookies, advertising cookies, or third-party tracking pixels
  • We do not track customer behavior on your storefront for advertising purposes
  • We do not share tracking data with advertisers or marketing platforms

12. Children’s Privacy

Our App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, as our cloud infrastructure (AWS, GCP) may operate across multiple regions. These countries may have data protection laws that differ from those in your country. By using the App, you consent to the transfer of your data to these countries. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable law.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the “Last Updated” date at the top of this policy
  • Notifying you through the App interface or via email if significant changes are made

Your continued use of the App after changes are made constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

HumCommerce

  • Website: humcommerce.com/contact-us

For privacy-related requests, please include your Shopify store domain, the nature of your request, and any relevant order or customer information.

We will respond to your inquiry within 30 days.

16. Your Consent

By installing and using the HumSync App, you consent to:

  • The collection and use of information as described in this Privacy Policy
  • The transfer of data between Shopify and your Epicor P21 ERP system via our Core Application
  • The processing and storage of data as necessary to provide the App’s functionality

If you do not agree with this Privacy Policy, please do not install or use the App.

17. Additional Information

17.1 Shopify Partner Requirements

This App is developed as a Shopify Partner application and complies with:

  • Shopify’s App Store requirements
  • Shopify’s Privacy Policy requirements
  • Shopify’s mandatory webhook requirements for data requests and redaction
  • Shopify API Terms of Service
  • All applicable data protection and privacy regulations

17.2 Epicor P21 Integration

  • This App facilitates data transfer between Shopify and your Epicor P21 instance via our Core Application
  • We are not responsible for how Epicor P21 handles or stores your data once it is transferred
  • Please review Epicor’s privacy policy and terms of service for information about Epicor’s data practices

17.3 Shopify Consumer Privacy Policy

For information about how Shopify collects and uses customer personal data and customers’ privacy rights with Shopify, please refer to the Shopify Consumer Privacy Policy at: https://www.shopify.com/legal/privacy

17.4 No Warranty

While we implement security measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

18. Summary of Key Points

  • What we collect: Store data from Shopify, P21 connection credentials, sync mapping data, activity logs
  • Why we collect it: To synchronize data between your Shopify store and Epicor P21 ERP
  • We don’t sell your data: We never sell, rent, or monetize merchant or customer data
  • Your rights: Access, correction, deletion, and data portability
  • GDPR/CCPA compliance: Automatic handling via Shopify’s mandatory webhooks (customers/data_request, customers/redact, shop/redact)
  • Data deletion: 48 hours for shop data after uninstall; 30 days for customer data requests
  • Security: Encryption at rest and in transit, AWS Secrets Manager for credentials, secure access controls
  • Contact: Contact Us Page on humcommerce.com/contact-us