Stay Fresh Privacy Policy

Privacy Policy

Effective Date: October 7, 2025

Last Updated: October 7, 2025

Introduction

This Privacy Policy describes how Stay Fresh ("we", "our", or "the App") collects, uses, and protects your information when you use our Shopify application.

Information We Collect

Store Information

When you install our App, we collect:

  • Store Domain: Your Shopify store URL (e.g., your-store.myshopify.com)
  • Store Owner Information: Name and email address (provided by Shopify during installation)

App Configuration Data

We store the following settings you configure in the App:

  • Collection name
  • Product limit (number of products in collection)
  • Product IDs you select to always include in collections
  • Product IDs you select to exclude from collections
  • Collection ID (reference to collections created by the App)

Access Tokens

We securely store OAuth access tokens provided by Shopify to:

  • Access your store's products
  • Create and manage collections
  • Sync product data

What We Don't Collect

We DO NOT collect, store, or have access to:

  • Customer personal information (names, addresses, emails)
  • Order data or transaction history
  • Payment information or credit card details
  • Product prices or inventory levels
  • Product descriptions, images, or detailed content
  • Any customer browsing or shopping behavior

How We Use Your Information

We use the collected information solely to:

  1. Provide Core Functionality
    • Create and update collections in your store
    • Sync your newest products to collections
    • Remember your configuration preferences
  2. Automatic Updates
    • Monitor when new products are added to your store
    • Automatically sync collections when new products are created (if enabled)
  3. Authentication
    • Maintain your logged-in session
    • Verify your store's identity for API calls
  4. Billing
    • Process subscription payments through Shopify
    • Track trial periods and subscription status

Data Storage and Security

Where Your Data is Stored

  • Database Provider: Neon (PostgreSQL database)
  • Location: United States (AWS us-east-1 region)
  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest

Security Measures

  • OAuth 2.0 authentication through Shopify
  • Encrypted database connections
  • Secure API access tokens managed by Shopify
  • Regular security updates and monitoring

Data Retention

Active Usage

While you use the App:

  • Settings and configurations are stored to provide service
  • Access tokens are maintained for API functionality

After Uninstallation

When you uninstall the App:

  • Your settings are marked for deletion (soft delete)
  • Data is retained for 30 days in case you reinstall
  • After 30 days, all data is permanently deleted automatically
  • Session tokens are deleted immediately upon uninstallation

Immediate Deletion Requests

You can request immediate deletion of your data at any time by emailing: [stayfresh@somewhatrounded.com]

We will delete your data within 48 hours of your request.

Data Sharing

We DO NOT:

  • Sell your data to third parties
  • Share your data with advertisers
  • Use your data for marketing purposes
  • Access your store's data for any purpose other than providing the App's functionality

Third-Party Services

We use the following third-party services:

  • Shopify: For authentication and API access
  • Neon: For database hosting
  • Vercel: For application hosting
  • Sentry: For error monitoring and performance tracking

These services are bound by their own privacy policies and security standards.

Error Monitoring (Sentry)

We use Sentry to monitor application errors and performance. Sentry collects:

  • Error messages and stack traces
  • Browser and device information
  • App performance metrics
  • No personal or customer information

This helps us identify and fix bugs quickly. You can learn more about Sentry's privacy practices at: https://sentry.io/privacy/

Webhooks

The App registers the following webhooks with your store:

  • app/uninstalled - To handle cleanup when you uninstall the App
  • products/create - To automatically sync collections when new products are added
  • app_subscriptions/update - To track subscription status changes

Webhooks only send minimal data needed for functionality and do not include customer information.

Your Rights

You have the right to:

Access

Request a copy of all data we store about your store

Correction

Update or correct your settings at any time through the App interface

Deletion

Request immediate deletion of your data by:

  • Uninstalling the App (automatic deletion after 30 days)
  • Emailing us for immediate deletion

Portability

Export your collection settings (available upon request)

Compliance

GDPR (European Union)

If you're located in the EU, you have additional rights under GDPR:

  • Right to access your data
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to data portability
  • Right to object to processing

CCPA (California)

If you're a California resident, you have rights under CCPA:

  • Right to know what data is collected
  • Right to delete your data
  • Right to opt-out of data sales (we don't sell data)

Other Jurisdictions

We comply with applicable data protection laws in your jurisdiction.

Billing and Payments

Payment Processing

  • All payments are processed by Shopify
  • We do not store or have access to payment card information
  • Billing is handled entirely through Shopify's secure platform

Subscription Information

We store:

  • Subscription status (active, trial, cancelled)
  • Trial period information
  • Subscription plan details

We do not store:

  • Credit card numbers
  • Bank account information
  • Payment transaction details

Children's Privacy

Our App is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy in the App
  • Updating the "Last Updated" date
  • Sending an email notification for material changes (if we have your email)

Your continued use of the App after changes constitutes acceptance of the updated policy.

Data Breach Notification

In the unlikely event of a data breach affecting your information, we will:

  • Notify you within 72 hours
  • Describe the nature of the breach
  • Explain what data was affected
  • Detail steps we're taking to address it
  • Provide recommendations for protecting your store

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable laws.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: [stayfresh@somewhatrounded.com]

Response Time: We aim to respond within 48 hours

Data Requests: We process data access/deletion requests within 30 days

Shopify App Store Requirements

This App complies with Shopify's App Store requirements and policies, including:

  • Data protection standards
  • API usage guidelines
  • Security requirements
  • Privacy best practices

Your Consent

By installing and using this App, you consent to:

  • The collection and use of information as described in this policy
  • The storage of your data as outlined above
  • The use of cookies and similar technologies for authentication

Cookie Policy

What Cookies We Use

  • Session Cookies: To keep you logged in (required for functionality)
  • Authentication Cookies: To verify your identity with Shopify

What We Don't Use

  • Tracking cookies
  • Advertising cookies
  • Third-party analytics cookies

Open Source and Transparency

While our code is proprietary, we are committed to transparency. You can request information about:

  • How your data is processed
  • What security measures we employ
  • Technical details about data storage

Additional Information for Store Owners

What You Control

You have full control over:

  • Which products to include or exclude
  • Collection settings and preferences
  • When to sync collections
  • Whether to use the App

What We Control

We manage:

  • App infrastructure and hosting
  • Security updates
  • Database maintenance
  • Bug fixes and improvements

By using this App, you acknowledge that you have read and understood this Privacy Policy.

Last Updated: October 7, 2025 Version: 1.0