Privacy Policy

Last updated: June 14, 2026

ShopFlowTools ("we", "us", or "our") provides micro-SaaS applications for Shopify merchants. This Privacy Policy describes how personal information is collected, used, and shared when you install or use our applications (collectively, the "Apps").

1. Personal Information We Do Not Store

We believe in absolute data privacy. To minimize security risks for merchants and customers, our Apps are designed with a Zero-Storage Architecture:

• No Database Retention: We do not store, log, or maintain any personal customer data (including names, shipping addresses, phone numbers, or email addresses) on our databases or servers.
• Ephemeral Processing: When you upload a CSV file with tracking information, the file is parsed locally in your web browser. The tracking details are sent directly to Shopify's APIs via encrypted channels (HTTPS) and are immediately discarded by our server once Shopify confirms receipt.

2. Information We Collect and Access

To provide app functionality and maintain your connection to Shopify, we access and store the following merchant-related data:

• Shopify Access Tokens: When you install our Apps, we obtain an API access token from Shopify. This token is securely stored in our encrypted Cloudflare Key-Value (KV) database and is used solely to authenticate API requests to fulfill orders on your behalf.
• Shop Metadata: We store basic details about your shop (such as store URL, country, and currency) to configure default settings and analyze app usage.
• Usage Statistics: We track the number of orders processed through the App to enforce billing plan limits and prevent service abuse. This data contains no customer-identifying information.

3. How We Use Your Information

We use the accessed information exclusively for the following purposes:

• To authenticate and operate the Apps within your Shopify store.
• To process bulk order fulfillments and update tracking information directly on your Shopify store.
• To communicate with you regarding support requests, app updates, or billing issues.

4. Sharing Your Personal Information

We do not sell, trade, or rent merchant or customer personal information to third parties. We share information only with service providers required to operate the App, specifically:

• Shopify: To execute API calls for order fulfillment and manage app subscriptions/billing.
• Cloudflare: To host our serverless code (Workers) and secure database (KV).

5. GDPR and Customer Rights

Because we do not store customer personal data, any requests for data deletion (erasure), data access, or data portability under the GDPR or CCPA should be directed to Shopify or the merchant directly. We fully support and comply with Shopify's mandatory GDPR webhooks:

• Customer Data Requests: Upon receiving a request, we confirm to Shopify that no customer data is stored in our systems.
• Customer Data Erasure: Because no data is stored, no erasure actions are required on our end.
• Shop Data Erasure: When you uninstall our Apps, we automatically delete your store's access token and configuration from our KV database within 48 hours.

6. Changes to This Policy

We may update this privacy policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on this page.

7. Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at [email protected].