PIM Sync · Asset Mirror

The 3D asset record, born the right shape.

PIM Sync mirrors every product asset — GLB and USDZ for visual preview, STL, OBJ and 3MF for print-on-demand — across Shopify, Xano, Cloudflare R2, and Webflow, as rows in your warehouse instead of blobs in a silo. Webflow is the design origin, not the ceiling: the Webflow-to-React bundle pipeline carries the same assets and viewers into Vue, React, Next, WordPress, Shopify, Astro, and Svelte. Metadata stays searchable and joinable; access rides entitlements, not file copies. It is the asset layer the Dark Factory Entitlement Security architecture describes.
Row-level security, built in: every record carries its own tenant and grant scope, enforced at the edge before the database is ever reached — access is decided per row, per caller, per capability, and a per-row key revokes without touching any other record. And because every channel resolves through Cloudflare's edge — storefront, PWA, embeds, docs, APIs — all of it inherits WAF filtering and DDoS absorption at no added cost: the perimeter fortress vendors sell as a product, this stack gets as a property of where it lives.
Install on Shopify →
Live demo
The full pipeline, running: paste any GLB or STL URL into either viewer. The STL viewer is our self-hosted Three.js build — the same one PIM Sync embeds into Webflow CMS items on sync.
The app
PIM Sync — app & install · Privacy Policy · Terms of Use
The privacy and terms above are the canonical set on file with the app submission — one legal source, everywhere it is referenced.
Regulation

Two clocks are running. The near one is the sharp one.

The EU Cyber Resilience Act (Regulation (EU) 2024/2847) applies its Article 14 reporting obligations from 11 September 2026: actively exploited vulnerabilities and severe incidents must be reported to ENISA and national CSIRTs — including for products already on the market. Full application — secure-update obligations, conformity assessment, CE marking — follows on 11 December 2027.
You cannot report active exploitation you cannot see. An asset plane built on entitlements produces the evidence as a side effect: every access is a grant, every grant is a ledger row. The architecture and the receipts: