Privacy Policy

• Merchants (and their authorized users) who install or use our Apps
• Customers of Merchants whose information may be processed through a Merchant's Shopify store in connection with our Apps
• Website visitors who visit our marketing or help pages

Role Clarity

When our Apps process Merchant Customer information, we generally do so on behalf of the Merchant. In many cases, the Merchant is the party responsible for deciding how and why that information is processed. Merchant Customers should direct privacy questions to the Merchant first.

Information from Merchants

We may collect:

• Store and account info (e.g., store name, myshopify domain, store timezone/locale, plan info, and settings)
• Merchant contact info (e.g., name, business email, phone number) if provided through Shopify, the App, or support requests
• App configuration and usage data (e.g., features used, settings, event logs, and app performance metrics)
• Support communications (e.g., messages sent to support, including attachments or screenshots you provide)

Information About Merchant Customers

Depending on the App's functionality and the permissions granted, we may access and/or process information such as:

• Identifiers (e.g., name, email, phone number)
• Order and fulfillment info (e.g., items purchased, order status, shipping address, delivery events)
• Customer account info (e.g., customer ID, tags, marketing preferences—where available via Shopify and permitted)

Billing Information

We bill for our Apps using the Shopify Application Billing API. We do not receive or store full payment card details and do not directly process credit card numbers.

Website and Device Information

When you visit our Sites or use web-based admin interfaces, we may collect:

• Device and network data (e.g., IP address, browser type, device identifiers, operating system)
• Cookie and analytics data (e.g., pages viewed, clicks, referring URLs, approximate location derived from IP)

• Provide, operate, and maintain our Apps and Sites
• Deliver App features requested by Merchants (and configured by Merchants)
• Authenticate users and secure accounts
• Provide support, troubleshoot issues, and respond to requests
• Improve and develop features, including product analytics and performance monitoring
• Bill and administer subscriptions through Shopify
• Prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our agreements

Operational Access to Customer Information

In limited circumstances, our personnel may access customer information where necessary for legitimate operational purposes. This includes, but is not limited to: diagnosing and resolving technical issues, responding to support requests, investigating potential security incidents or abuse, ensuring service reliability and performance, and complying with legal obligations. Such access is restricted to authorized personnel on a need-to-know basis, subject to confidentiality obligations, and logged for accountability purposes. We do not access customer information for marketing, advertising, or any purpose unrelated to the operation and improvement of our Services.

To Shopify and the Merchant

We work with Shopify's platform and APIs to provide App functionality. Merchants can typically view or retrieve App-related outputs and settings within their admin experiences.

To Service Providers

We use trusted vendors to help operate our Services (for example, hosting, databases, error monitoring, customer support tools, email delivery, and analytics). These vendors are authorized to process information only as needed to provide services to us.

For Legal, Safety, and Compliance

We may disclose information if we believe it's necessary to:

• Comply with law, regulation, subpoena, or legal process
• Protect rights, safety, and security of Merchants, Merchant Customers, Shopify, or Ongoing
• Investigate fraud or security issues

Business Transfers

If Ongoing is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed or transferred as part of that transaction.

With Consent

We may disclose information if you direct us to or provide consent.

• We do not sell personal information.
• We do not share App-derived Merchant Customer data for cross-context behavioral advertising (targeted ads).
• We use Shopify billing and do not see full credit card details.

• App data tied to a Merchant's installation is retained while the App is installed and for up to 30 days after uninstall to allow for reactivation/support, then deleted or de-identified, unless legally required to retain it.
• Logs and security records may be retained for up to 90 days (or longer if needed for security investigations).
• Backups may persist for a limited period consistent with standard backup cycles.

Merchant Customer Deletion Requests

Shopify provides mechanisms for Merchants to request access to or deletion of customer personal data. If we receive a verified request from a Merchant (or via Shopify mechanisms where applicable), we will take commercially reasonable steps to delete or return relevant data as required.

• Access controls and least-privilege access
• Encryption in transit and at rest where available
• Monitoring for abuse
• Regular security assessments

However, no method of transmission or storage is 100% secure.

• Essential functionality
• Analytics and performance
• Remembering preferences

You can manage cookies through your browser settings.

Merchant Customers

If you are a Merchant Customer, please contact the Merchant you interacted with first. Merchants control how their store and apps use customer information.

Merchants

You may request access, correction, or deletion of Merchant account/contact information by contacting us. We may need to verify your identity before fulfilling certain requests.

California Privacy Rights

If you are a California resident and the CCPA/CPRA applies, you may have rights such as:

• Right to know/access
• Right to delete
• Right to correct
• Right to opt out of "sale" or "sharing" (we do not sell personal information)
• Right to non-discrimination

EEA/UK Privacy Rights

If GDPR/UK GDPR applies, you may have rights to access, rectification, deletion, restriction, objection, and data portability. Where we process data on behalf of a Merchant, we may direct you to that Merchant.