Logo
Your data, handled with care

Privacy Policy

How BundleWise collects, uses, stores, and deletes information when merchants install and use the App with Shopify.

Last Updated: 2026-04-27Aligned with current App implementation

1. Scope

This Privacy Policy applies to:

  • Shopify merchants who install and use the App
  • Data processed through Shopify APIs, webhooks, app proxy routes, and App database tables
  • Support and operational communications with us

This policy does not govern Shopify's own processing. Shopify acts under its own terms and privacy documentation.

2. Shopify Access Scopes We Request and Why

The App currently requests the following scopes in its app configuration:

read_customers

Resolve customer email for Next Order Coupon delivery (e.g. fallback when webhook payload omits email).

read_orders

Process orders/paid automation logic and order-based reward qualification.

read_products

Product pickers, trigger/promotion product selection, and product/variant reads for campaigns.

write_products

Product-related app behavior where write operations are required by App features.

read_discounts

Load existing discount entities for campaign/coupon management.

write_discounts

Create / update / delete Shopify discounts generated by the App.

read_script_tags

Inspect existing storefront ScriptTags.

write_script_tags

Register / update storefront preview ScriptTag.

write_app_proxy

App Proxy-powered storefront endpoints under /apps/discount/*.

read_metaobject_definitions

Platform compatibility and metaobject definition reads.

write_metaobject_definitions

Platform compatibility and metaobject definition writes.

We request scopes needed for App functionality and operational reliability. We do not request deliberately over-broad customer marketing scopes beyond functional requirements.

3. Information We Collect

3.1 Shop and App Installation Data

  • Shop domain
  • OAuth session metadata (scope, token, expiry, user/account metadata returned by Shopify)
  • App onboarding completion state

3.2 Campaign and Discount Configuration Data

  • Campaign type, name, status, and full campaign config JSON
  • Related Shopify discount IDs
  • App-created discount code metadata (code, discount node ID, discount type, optional usage configuration)

3.3 Storefront Analytics and Event Data

  • Campaign analytics events: eventType (impression / add_to_cart), optional campaignId, optional sessionKey, timestamp, and shop domain
  • Product view events: product ID, optional variant ID, viewerKey, timestamp, and shop domain
Important: sessionKey is generated client-side and stored in browser sessionStorage. viewerKey is generated client-side and stored in browser localStorage. These are pseudonymous identifiers used for counting/aggregation — not direct identity profiles.

3.4 Next Order Coupon Automation Data

  • Shopify order ID
  • Campaign ID
  • Generated coupon code and discount node ID
  • Customer matching key (cust:<customerId> or em:<normalizedEmail>)
  • Optional expiry date and email sent timestamp

3.5 Email Delivery Data (When Enabled)

  • Customer recipient email from webhook payload, Shopify Admin fallback queries, or stored em:<email> key
  • Email send status metadata (for idempotency and duplicate-prevention)

We do not store email body engagement analytics in the App database.

4. How We Use Information

We use data to:

  • Authenticate and secure app-proxy and app-admin operations
  • Configure, publish, and manage discount campaigns and coupon behavior
  • Sync campaign discount state with Shopify Admin APIs
  • Provide storefront campaign rendering and conflict/eligibility handling
  • Measure campaign performance (impressions, add-to-cart trends)
  • Compute Stock Scarcity audience counters over rolling windows
  • Issue automatic next-order reward codes and optional transactional emails
  • Maintain privacy law compliance workflows and webhook obligations

We do not sell personal data.

5. Data Sharing

We may share data only with:

  • Shopify platform APIs and webhooks for app functionality
  • Infrastructure/service providers needed for hosting, database, monitoring, and SMTP delivery (if enabled)
  • Authorities where disclosure is legally required

We do not sell or rent merchant/customer data to unrelated advertisers.

6. Retention and Deletion

We keep data only as long as needed for service delivery, integrity, legal obligations, and dispute handling.

customers/redact

Deletes customer-linked rows in IssuedNextOrderCode matching customer ID/email keys for that shop.

shop/redact

Removes shop-linked rows across sessions, campaigns, analytics, product views, app-created codes, issued codes, onboarding state, and shop records.

app/uninstalled

Removes session and onboarding data and clears linked Shopify discount IDs in campaign records.

7. Security

We apply reasonable safeguards, including:

  • App Proxy signature verification for storefront requests
  • Input normalization/validation for IDs and event payloads
  • HTTPS/TLS transport protections (where supported by deployment)
  • Access-control and operational logging for troubleshooting

No online system is perfectly secure, but we continuously improve controls.

9. Your Rights

Depending on applicable law, data subjects may have rights to access, correction, deletion, objection/restriction, portability, and consent withdrawal (where relevant).

For Shopify App Store apps, privacy rights workflows are also handled through Shopify-required compliance webhooks:

  • customers/data_request
  • customers/redact
  • shop/redact

10. International Transfers

Data may be processed outside your jurisdiction depending on hosting and service providers. Where required, we apply appropriate safeguards.

11. Changes to this Policy

We may update this policy from time to time. Material updates will be reflected by changing the "Last Updated" date at the top of this page.

12. Contact

For privacy requests or questions:

Email

hello@developerlook.com

Support

support@developerlook.com

Business Name

DeveloperLook

Address

Sheridan, Wyoming, United States

Contact Support