Skip links

Save time and automate your Cloud images to Wordpress + Shopify

Try it free
Get Started
scroll
LightSync Pro

Effective Date: January 16, 2026

1. Overview

LightSync Pro provides OAuth-based connections between users’ cloud platform accounts and their self-hosted WordPress installations or Shopify stores.

The Plugin functions as a broker: all API requests originate from the user’s site directly to the respective platform’s endpoints. No request payloads or media are routed through Team Taggart LLC servers.

Supported Platforms:

  • Adobe Lightroom Cloud
  • Figma
  • Canva (coming soon)
  • Shopify

2. Authentication

All platform integrations use industry-standard OAuth 2.0:

Adobe Lightroom

  • Adobe OAuth 2.0 flow for authorization
  • Tokens stored only within the user’s WordPress database
  • Team Taggart LLC never stores or logs Adobe tokens externally

Figma

  • Figma OAuth 2.0 flow for authorization
  • Tokens stored only within the user’s WordPress database
  • Team Taggart LLC never stores or logs Figma tokens externally

Canva

  • Canva OAuth 2.0 flow for authorization
  • Tokens stored only within the user’s WordPress database
  • Team Taggart LLC never stores or logs Canva tokens externally

Shopify

  • Shopify OAuth 2.0 flow for authorization
  • Tokens stored only within the user’s WordPress database
  • Team Taggart LLC never stores or logs Shopify tokens externally

All tokens are stored securely using WordPress options API with encryption where applicable.

3. API Key Handling

Platform API Credentials

  • All platform API credentials are server-side and never exposed in client-side code
  • LightSync Pro uses a centralized broker architecture for OAuth token exchange
  • Platform-specific keys are managed in each platform’s developer console (Adobe, Figma, Canva, Shopify)
  • Keys are rotated when revoked or compromised

User-Provided AI API Keys (Optional)

  • Users may optionally provide their own OpenAI or Anthropic API keys for AI Visual Analysis features
  • These keys are stored locally in the user’s WordPress database
  • Keys are never transmitted to or stored on Team Taggart LLC servers
  • API requests using these keys go directly from WordPress to the AI provider
  • Users are responsible for securing and managing their own API keys

4. Data Flow

Source Platform Synchronization (Lightroom, Figma, Canva)

  1. User authenticates via platform’s OAuth flow
  2. Access token is saved locally on the user’s WordPress site
  3. When the user initiates a sync:
    • WordPress → Cloud Platform API (fetch assets)
    • Cloud Platform API → WordPress Media Library (import)
  4. No image data or metadata is stored, proxied, or cached on Team Taggart LLC infrastructure

Destination Platform Synchronization (Shopify)

  1. User authenticates via Shopify OAuth flow
  2. Access token is saved locally on the user’s WordPress site
  3. When the user initiates a sync:
    • WordPress → Cloud Platform API (fetch assets)
    • WordPress → Shopify Files API (upload)
  4. No image data is stored, proxied, or cached on Team Taggart LLC infrastructure

AI Visual Analysis (Optional)

  1. User provides their own OpenAI or Anthropic API key
  2. Key is stored locally in WordPress database
  3. When user requests AI analysis:
    • WordPress → AI Provider API (direct request)
    • AI Provider API → WordPress (response)
  4. No image data or AI responses pass through Team Taggart LLC servers

5. Logging & Monitoring

  • Plugin logs only event summaries (e.g., “Sync Completed – 12 images imported”)
  • No personal data, image content, or API responses are contained in logs
  • Users can clear logs manually through plugin settings
  • AI API usage is not logged by LightSync Pro (users should check their AI provider dashboards)

6. Rate Limiting & Usage

LightSync Pro respects each platform’s defined rate limits:

Adobe Lightroom API

  • Includes back-off handling to prevent excessive calls
  • Retry logic uses exponential backoff with randomized jitter

Figma API

  • Respects Figma’s rate limits (currently 30 requests/minute for file endpoints)
  • Implements request queuing for large sync operations

Canva API

  • Adheres to Canva’s published rate limits
  • Implements appropriate throttling

Shopify API

  • Respects Shopify’s REST API rate limits (2 requests/second)
  • Uses leaky bucket algorithm compliance

AI Provider APIs (User-Provided Keys)

  • Rate limits are governed by the user’s API key tier
  • Users are responsible for monitoring their own usage

7. Security Measures

  • HTTPS enforced for all remote calls
  • Nonces and WordPress AJAX verification tokens prevent CSRF
  • Strict Content Security Policy on the admin interface
  • Regular plugin updates signed via WordPress.org release process
  • OAuth tokens encrypted at rest where supported by WordPress configuration
  • No sensitive data transmitted in URL parameters

8. Data Retention

On Team Taggart LLC Infrastructure

  • No cloud platform content, user media, or AI data is retained
  • Only license validation data (domain, license key, activation date) is stored

On User’s WordPress Site

  • OAuth tokens: Retained until user disconnects or revokes access
  • Sync logs: Configurable retention, user-deletable
  • AI Insights data: Configurable retention (30 days to indefinite), user-deletable
  • AI API keys: Retained until user removes them

9. AI-Specific Security

User-Provided API Keys

  • Stored in WordPress database using standard WordPress options API
  • Never transmitted to Team Taggart LLC servers
  • Users should use environment variables or wp-config.php constants for additional security
  • Keys can be removed at any time through plugin settings

AI Data Handling

  • Image data sent for AI analysis goes directly to OpenAI or Anthropic
  • LightSync Pro does not intercept, log, or store AI requests or responses
  • Users should review OpenAI and Anthropic privacy policies for their data handling practices

10. Compliance & Review

LightSync Pro adheres to:

Platform Developer Terms

  • Adobe Developer Terms of Use
  • Adobe Lightroom Cloud API PSLT
  • Figma Developer Terms of Service
  • Figma API Terms of Use
  • Canva Developer Terms
  • Shopify API Terms of Service
  • Shopify Partner Program Agreement

AI Provider Terms (for users enabling AI features)

  • OpenAI Terms of Use
  • OpenAI API Data Usage Policies
  • Anthropic Terms of Service
  • Anthropic API Terms

Security & Legal Standards

  • U.S. Export Control regulations
  • OWASP Top 10 security standards
  • GDPR data minimization principles
  • CCPA requirements where applicable

11. Incident Response

In the event of a security incident:

  • Users will be notified via email if their data may be affected
  • Affected API credentials will be rotated immediately
  • Security patches will be released through WordPress.org update system
  • Post-incident reports will be made available upon request

12. Contact

For security concerns or questions about this policy: security@lightsyncpro.com

For general support: support@lightsyncpro.com

Try the Live Sync Demo Explore the LightSync architecture