Privacy at Tyria.
This policy explains what data Tyria Technologies handles, and how, in connection with the Tyria Serial Inventory Trace WooCommerce plugin, the marketplace OAuth broker that powers its eBay and Amazon connections, and this website (tyria.tech). Our design goal is deliberately narrow: sync inventory quantities across your sales channels using the least data required, and never touch buyer personal information.
01 Who we are
Tyria Technologies ("Tyria," "Tyria Tech," "we," "us," or "our") provides the Tyria Serial Inventory Trace WooCommerce plugin and the marketplace OAuth broker described below. This policy applies to those products and to this website.
For the store data the plugin processes to perform inventory sync, we act as a service provider / data processor on the merchant's behalf — the merchant remains the controller of their own store and customer records. For the marketplace connection records our OAuth broker stores (encrypted tokens and marketplace account identifiers), we act as a data controller.
Questions about this policy or your data can be sent to [email protected].
02 What the service does
Tyria Serial Inventory Trace is a WooCommerce plugin for hardware and GPU resellers. It does two things:
- Serial-number inventory tracking — recording and tracing serial numbers against products and stock within your own WooCommerce store.
- Multi-channel marketplace inventory sync — keeping your WooCommerce stock levels in sync with your eBay and Amazon listings, so a sale on one channel updates availability on the others.
To connect to eBay and Amazon, the plugin uses a Tyria-operated OAuth broker — a Cloudflare Worker at marketplace-oauth.tyriatech.com. The broker performs the OAuth 2.0 handshake with each marketplace, holds the resulting connection securely, and issues short-lived access tokens to the plugin on demand. This means the plugin never has to store your marketplace passwords or long-lived credentials.
03 Information we collect & process
We process only what's needed to keep inventory in sync:
- Merchant store data — product and SKU data, serial numbers, inventory / stock levels, and order references (order identifiers used to adjust stock). This lives in your WooCommerce database; the plugin reads and updates it to perform sync.
- Marketplace listing mappings — the associations between your WooCommerce products and their marketplace listings (channel SKUs, listing/offer identifiers, and order references) needed to route quantity updates to the right listing.
- Marketplace OAuth tokens — held by the OAuth broker (see Section 04), never the raw passwords.
- Marketplace account identifiers — such as your eBay and Amazon seller IDs, used to associate a connection with the correct marketplace account.
We do not collect buyer personal information — no buyer names, shipping/billing addresses, contact details, or payment data. We request only non‑PII scopes and roles: eBay sell.inventory; Amazon Selling Partner API roles "Inventory and Order Tracking" and "Product Listing." We do not request or use Amazon Restricted Data Tokens (RDT), and we do not access Amazon Personally Identifiable Information.
04 How OAuth credentials are handled
Marketplace connections are made with OAuth 2.0, handled entirely by the Tyria OAuth broker. The model is designed to minimize what is stored and where:
- You authenticate directly with eBay or Amazon; Tyria never sees or stores your marketplace password.
- The broker stores each connection's refresh token encrypted at rest (AES‑GCM) in a Cloudflare D1 database.
- The broker mints short-lived access tokens on demand for the plugin — the plugin holds only a transient token, never a long-lived credential.
- Each connection uses per-connection secrets, isolated from other merchants' connections.
- A connection is revocable at any time by disconnecting it in the plugin, which deletes the stored token for that connection.
05 How we use data
We use this data solely to provide the inventory-sync service you enabled.
Concretely, that means reading your stock levels and listing mappings and pushing quantity updates to your connected eBay and Amazon listings so availability stays consistent across channels.
- We never sell your data.
- We never use it for advertising, marketing profiles, or any purpose unrelated to inventory sync.
- We share it only with the connected marketplaces (to carry out the sync you requested) and the infrastructure providers listed in the next section.
06 Third parties & subprocessors
Providing the service involves the following parties. Each handles data under its own privacy policy:
These infrastructure providers and the connected marketplaces may process and store data in the United States and other countries where they operate.
07 Data security
- Encryption in transit — all connections use HTTPS/TLS.
- Encryption at rest — stored refresh tokens are encrypted with AES‑GCM.
- CSRF protection — the OAuth flow uses a signed state parameter to prevent request forgery.
- Least-privilege scopes — we request only the non‑PII marketplace roles needed for inventory sync (see Section 03).
- Access controls — connection records and secrets are access-controlled and isolated per connection.
No system is perfectly secure, but we design for the smallest possible blast radius: the least data, the shortest-lived credentials, and encryption wherever data is stored.
08 Data retention & deletion
Marketplace connection records (encrypted tokens and account identifiers) are retained only while the connection is active. They are deleted when you:
- Disconnect a marketplace connection in the plugin, or
- Uninstall the plugin.
Your store data (SKUs, serials, inventory) lives in your own WooCommerce database under your control. The OAuth broker retains only what's needed to operate connections — encrypted tokens and marketplace account identifiers — not a copy of your catalog. To request deletion of any data we hold, or to ask a question about retention, email [email protected] and we will act on verified requests promptly.
09 Marketplace compliance
We operate in accordance with each marketplace's developer terms, including the eBay API License Agreement and Amazon's Acceptable Use Policy and Data Protection Policy.
Consistent with those terms, it is our policy to honor marketplace-initiated account deletion and closure notifications: when a marketplace notifies us that a seller account has been closed or a deletion is requested, we delete the associated connection records and any related data we hold for that account.
10 Your rights
You can, at any time:
- Access — ask what connection data we hold about you.
- Correct — ask us to fix inaccurate connection records.
- Delete — disconnect a marketplace (which deletes its token) or request deletion of data we hold.
- Revoke access — disconnecting a connection immediately revokes the plugin's ability to act on that marketplace account.
Depending on where you live, you may have additional rights under laws such as the EU/UK GDPR (access, rectification, erasure, restriction, portability, and objection) and the California CCPA/CPRA (to know, delete, correct, and opt out of "sale" or "sharing" — note that we do not sell or share your data, and we do not discriminate against you for exercising your rights). To exercise any of these, email [email protected].
If your request concerns buyer or end-customer data, note that we do not hold buyer PII — those requests should be directed to the merchant operating the store, who is the controller of that information.
12 Changes to this policy & contact
We may update this policy as the product or applicable requirements change. When we make a material change, we will revise the "Last updated" date above. Continued use of the plugin after an update means you accept the revised policy.
Contact
Tyria Technologies
Privacy & data requests: [email protected]
Product: Tyria Serial Inventory Trace (WooCommerce)