Privacy Policy

1. Information We Collect

When you install ShipWeaver, we receive certain store information through Shopify APIs. The full list of possible data fields accessible through Shopify APIs can be found here. ShipWeaver only accesses the minimum data required to operate delivery customization rules. ShipWeaver does not access order data or customer personal information.

1.1 Through Shopify's APIs

When you install ShipWeaver, we receive and store: shop domain (e.g. your-store.myshopify.com), OAuth session data (access tokens required to read and write delivery customizations), and shop identifier (GID) for API calls. Authentication credentials are securely stored and encrypted and are used only to communicate with Shopify APIs.

1.2 From Merchants

We collect rule configuration (titles, descriptions, operation types, conditions, schedules, method match values), timezone for schedule-based rules, and onboarding status. We do not ask for or store your personal contact details beyond what Shopify provides during OAuth.

1.3 From Merchants' Customers

We do not collect any information from your store's customers. We do not drop cookies, use tracking technologies, or store customer names, emails, addresses, or any PII. ShipWeaver may receive limited checkout context provided by Shopify's Delivery Customization API (such as shipping method identifiers) solely to determine how shipping options should be displayed. ShipWeaver does not store this information.

2. How We Use the Information

We use the information solely to provide and operate the app (hide, rename, reorder, sort shipping options), sync your rules to Shopify, and respond to support requests. We do not use your data for marketing or advertising.

Our legal basis for processing merchant data is the performance of our contract with you (providing the ShipWeaver app functionality) and our legitimate interest in maintaining and improving the app.

3. Data Retention

We retain merchant data only for as long as the app is installed on your store or as required to operate the service. When the app is uninstalled or a shop/redact request is received, all associated data is permanently deleted.

4. Data Storage and Location

Data is stored using infrastructure providers necessary to operate the application, including Supabase (database services) and Vercel (hosting and serverless infrastructure). These providers may store data in multiple geographic regions depending on their infrastructure. If you are established in Europe and need details about data location, please contact us.

5. Data Sharing

We do not sell, rent, or share your data with third parties for marketing. We share data only with Shopify (as required to operate the app) and with service providers under agreements that protect your data. These service providers process data solely for the purpose of operating the ShipWeaver service and are contractually obligated to protect your information.

We may disclose information if required to comply with applicable laws, legal processes, or governmental requests.

6. Data Controller

For data collected through Shopify, the merchant remains the data controller of any store data. ShipWeaver acts as a data processor only to the extent necessary to provide the app functionality.

7. Your Rights

If you are located in the European Economic Area (EEA), United Kingdom, or similar jurisdictions, you may have rights under applicable privacy laws such as the General Data Protection Regulation (GDPR). Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your data. Contact us to exercise these rights.

8. Shopify GDPR Compliance Webhooks

ShipWeaver subscribes to the following Shopify webhooks: customers/data_request and customers/redact (we respond confirming that no customer personal data is stored by ShipWeaver); shop/redact (we permanently delete all shop data); app/uninstalled (we delete all shop data when you uninstall); app/scopes_update (we update stored permissions when you change app access).

9. Security

We implement industry-standard security practices including encrypted HTTPS/TLS communication, secure storage of authentication credentials, access control policies for internal systems, and infrastructure-level protections such as web application firewalls (WAF) and bot mitigation.

10. Children's Privacy

ShipWeaver is intended for use by merchants operating Shopify stores and is not directed toward children under the age of 13. We do not knowingly collect personal information from children.

11. Changes

We may update this policy. We will post the updated policy and change the "Last updated" date. Continued use after changes constitutes acceptance.

12. Contact Us

For questions about this Privacy Policy or our data practices, contact us at shipweaver@gmail.com. Mailing address available upon request.

For data processing terms, see our Data Processing Agreement.