Privacy Policy
Last updated: [DATE — fill in before publishing]
Overview
AutoSentra ("AutoSentra," "we," "us") is a Shopify app. This policy describes what information AutoSentra collects when a merchant installs the app, how it's used, and how it's protected. AutoSentra is installed by merchants (Shopify store owners and staff) to analyze their own store's product profitability and inventory — it is not directly used by a merchant's customers.
Information we collect
When a merchant installs AutoSentra, we collect:
- Store data, via the Shopify Admin API scopes the merchant grants at install: product and variant details, order and line-item details, refunds, and inventory levels.
- Merchant-entered data: unit cost (COGS) values the merchant enters manually, and threshold/alert settings the merchant configures.
- Account/session data: the installing staff account's name, email, and locale, and an access token, as provided by Shopify's OAuth flow — used only to authenticate requests back to that merchant's store, never to contact staff directly.
- Billing data: subscription plan and status, managed entirely through Shopify's native Billing API — AutoSentra never collects or stores payment card details itself.
We do not collect end-customer (shopper) personal information. Orders and line items are stored keyed by Shopify's own order/product/variant identifiers and financial figures only — never by a customer's name, email, address, or any other personal identifier.
How we use this information
Store and merchant-entered data is used exclusively to compute and display profitability, inventory-risk, and margin analytics back to that same merchant inside the app — it is never sold, rented, or shared with other merchants or unrelated third parties.
Third-party service providers
The following third parties process data on our behalf, under their own privacy/security terms:
- Neon — our database host, storing all of the data described above.
- Fly.io — our application hosting provider.
- OpenAI — when configured, aggregated, store-level performance figures (e.g. "SKU X sells N units/day with M days of stock left") are sent to OpenAI's API to generate plain-language recommendations. No customer personal information is ever included in these requests, since none is collected in the first place.
- Sentry — error monitoring, to help us detect and fix bugs.
Data retention and deletion
We retain a merchant's data for as long as the app remains installed. When a merchant uninstalls AutoSentra, Shopify notifies us and we delete that shop's data, including all synced store data, settings, and account/session records.
We also honor Shopify's mandatory customer-privacy webhooks. Since we don't collect customer personal information, a customer data-request or deletion request for a shop using AutoSentra returns "no personal data held" — there is nothing to export or delete on our side for that request.
Your rights
Merchants may request a copy of, or deletion of, their store's data held by AutoSentra (beyond what uninstalling already deletes) by contacting us at the address below.
Security
Data is encrypted in transit (TLS) and at rest by our infrastructure providers. Access to production data is limited to the operators of AutoSentra.
Changes to this policy
We'll update the "Last updated" date above if this policy changes, and post the updated version at this same URL.
Contact
Questions about this policy or your data: support@example.com [REPLACE with a real, monitored support address before publishing].
AutoSentra