Skip links

Save time and automate your Cloud images to Wordpress + Shopify

Start Free Trial — Pro+
Get Started
scroll
LightSync Pro

Effective Date: April 12, 2026
Previous Effective Date: February 25, 2026

1. Overview

LightSync Pro provides OAuth-based connections between a user’s cloud platform accounts (Adobe Lightroom, Figma, Dropbox, OneDrive, Canva, Shutterstock, Google Drive, OpenRouter, Shopify, HubSpot, Contentful, and Webflow) and their self-hosted WordPress installation or Syncific account.

The Plugin functions as a broker: all API requests originate from the user’s site directly to each platform’s endpoints. No media content or sync payloads are routed through Team Taggart LLC servers. The broker handles only OAuth credential management. This broker architecture is protected under U.S. Patent Application No. 19/440,404.

2. Authentication

All cloud platform connections use OAuth 2.0 for authorization:

  • Adobe Lightroom — Adobe OAuth 2.0
  • Figma — Figma OAuth 2.0
  • Dropbox — Dropbox OAuth 2.0
  • Microsoft OneDrive — Microsoft OAuth 2.0 (read-only scope)
  • Canva — Canva OAuth 2.0
  • Shutterstock — Shutterstock OAuth 2.0
  • Google Drive — Google OAuth 2.0 (read-only scope, via Syncific)
  • OpenRouter — OpenRouter OAuth 2.0
  • Shopify — Shopify OAuth 2.0
  • HubSpot — HubSpot OAuth 2.0
  • Contentful — Contentful API key (encrypted at rest in broker)
  • Webflow — Webflow OAuth 2.0

OAuth credentials are held securely by LightSync Pro’s broker infrastructure and are never stored in the user’s WordPress database. The user’s WordPress site receives only the access tokens needed to make API calls.

Team Taggart LLC never stores or logs tokens externally beyond the broker’s secure credential store.

3. API Key Handling

Broker-Managed Credentials (OAuth Platforms)

  • All OAuth API credentials are server-side and never exposed in client-side code
  • Each LightSync Pro installation communicates through the broker, which manages credentials centrally
  • Keys are rotated when revoked or compromised

User-Provided API Keys (AI Features)

  • AI Visual Analysis requires a user-provided OpenAI or Anthropic API key
  • These keys are stored in the user’s WordPress database and are not managed by the broker
  • API calls go directly from the user’s WordPress site to the AI provider
  • Team Taggart LLC never receives, stores, or accesses user-provided API keys

4. Data Flow

Cloud Platform Sync — Sources (Lightroom, Figma, Dropbox, OneDrive, Canva, Shutterstock, Google Drive)

  • User authenticates via the platform’s OAuth flow through the broker
  • Access token is delivered to the user’s WordPress site or Syncific account
  • When the user initiates a sync, requests go directly from WordPress/Syncific → Platform API → destination
  • OneDrive and Google Drive access is read-only — LightSync Pro never writes to or modifies content in either service
  • No image data or metadata is stored, proxied, or cached on Team Taggart LLC infrastructure

Cloud Platform Sync — Destinations (Shopify, HubSpot, Contentful, Webflow)

  • Synced images are delivered directly from the source platform to the destination API
  • No destination credentials or content are stored on Team Taggart LLC servers
  • Distribution requests go directly from the user’s site or Syncific → each destination’s API

AI Image Generation (OpenRouter)

  • User authenticates via OpenRouter OAuth through the broker
  • When the user generates an image, the text prompt (and optional reference image) is sent directly from WordPress → OpenRouter API
  • The generated image is returned to the user’s WordPress site and saved to the Media Library
  • Generated images pass through the same optimization pipeline (WebP/AVIF) as synced images
  • No prompts, reference images, or generated images are stored on Team Taggart LLC infrastructure

AI Visual Analysis (OpenAI / Anthropic)

  • API requests go directly from WordPress → OpenAI or Anthropic API using the user’s own API key
  • Analysis results are stored locally in the user’s WordPress database
  • No data passes through Team Taggart LLC infrastructure

Syncific Hub Distribution (Enterprise)

  • Hub reads synced or generated images from the user’s primary WordPress site or Syncific account
  • Distribution requests go directly from the primary site → each destination’s API (WordPress REST API, Shopify API, HubSpot Files API, Contentful Content Management API, or Webflow Assets API)
  • No image data passes through Team Taggart LLC servers during distribution

5. Logging & Monitoring

  • Plugin logs only event summaries (e.g., “Sync Completed — 12 images imported,” “AI Generated — flux-schnell — 1024×1024”)
  • No personal data, image content, or AI prompts are contained in logs
  • Users can clear logs manually

6. Rate Limiting & Usage

LightSync Pro respects each platform’s defined rate limits and includes back-off handling to prevent excessive calls. Retry logic uses exponential backoff with randomized jitter.

Platform-specific considerations:

  • Adobe: Lightroom API rate limits with automatic token refresh
  • Figma: Figma API rate limits per-key
  • Dropbox: Dropbox API rate limits with cursor-based pagination
  • Microsoft OneDrive: Microsoft Graph API rate limits with automatic token refresh
  • Canva: Canva API rate limits per-application
  • Shutterstock: Shutterstock API rate limits per subscription
  • Google Drive: Google Drive API rate limits per project with automatic token refresh
  • Shopify: Shopify API call limits per store
  • OpenRouter: Model-specific rate limits and credit-based billing
  • HubSpot: HubSpot API daily call limits per portal
  • Contentful: Contentful API rate limits per space
  • Webflow: Webflow API rate limits per site

7. Security Measures

  • HTTPS enforced for all remote calls
  • OAuth credentials held by broker — never in user’s WordPress database
  • OAuth tokens encrypted at rest using AES-256
  • Nonces and WordPress AJAX verification tokens prevent CSRF
  • Strict Content Security Policy on the admin interface
  • Regular plugin updates signed via WordPress.org release process
  • Syncific Hub uses token-based invites — no credential sharing between sites

8. Data Retention

No cloud platform content, AI-generated images, prompts, or user content is retained by Team Taggart LLC.

Plugin logs, sync mappings, AI version history, and license data reside only on the user’s site and may be deleted by the user at any time.

9. Google API Limited Use

LightSync Pro’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google Drive data is used solely to enable recurring, folder-based sync workflows. It is not used for advertising, shared with third parties, or used to train AI models.

10. Compliance & Review

LightSync Pro adheres to the developer terms and API policies of each integrated platform, as detailed in our Terms of Service:

Try the Live Sync Demo Explore the LightSync architecture