Privacy Policy

Effective date: May 2, 2026 — Last updated: May 2, 2026

Summary: Auto-PreOrder stores merchant and product data to operate the service. We do not collect, store, or process any personal data belonging to your customers. You can request deletion of all your data at any time by uninstalling the app.

1. Who we are

Auto-PreOrder ("the App", "we", "us") is a Shopify application that automatically activates pre-order mode on products when their inventory reaches a configurable threshold.

The App is operated by an independent developer. For privacy-related enquiries, contact us at: cdurbal@gmail.com

2. Data we collect

2.1 Data collected through Shopify APIs

When you install and use Auto-PreOrder, we access the following data from your Shopify store via the Shopify Admin API:

  • Shop information: your store domain (e.g. mystore.myshopify.com), Shopify plan, store locale
  • Product data: product IDs, variant IDs, inventory item IDs, inventory levels across all locations
  • Product metafields: we read and write the preorder_active metafield on products to control the storefront display
  • Order data (when approved): order totals, line item quantities and prices, and order currency — used solely to compute recovered revenue analytics within your dashboard. No customer names, emails, or addresses are accessed.

2.2 Data provided directly by the merchant

Through the App dashboard, you may configure:

  • Stock threshold (the inventory level that triggers pre-order mode)
  • Pre-order button text and badge text
  • Per-product threshold overrides
  • Global pause preference

2.3 Session and authentication data

To authenticate you as a Shopify merchant, we store:

  • Your Shopify OAuth access token (encrypted in transit, stored securely)
  • Your Shopify user ID, first name, last name, and email address — used solely for session authentication and are not used for marketing or profiling
  • Session state identifiers

Sessions expire automatically according to Shopify's token lifecycle.

2.4 App analytics data

We store pre-order event logs in our database:

  • Which products entered and exited pre-order mode, and when
  • Aggregated order counts and revenue figures captured during pre-order periods

This data contains no personal information about your customers.

2.5 What we do NOT collect

Auto-PreOrder does not collect, access, or store:

  • Customer names, email addresses, phone numbers, or postal addresses
  • Customer payment information
  • Customer browsing or behavioural data
  • Any data not explicitly listed in this policy

This is confirmed by our implementation of Shopify's mandatory GDPR compliance webhooks: when Shopify sends a customer data request or customer deletion request to the App, the App responds that no customer personal data is held.

3. How we use your data

DataPurposeLegal basis (GDPR)
Shop domain & settings Identify your store, apply your preferences, operate the service Contract performance
Product & inventory data Detect stock changes, activate/deactivate pre-order mode Contract performance
Order revenue data Display recovered revenue analytics in your dashboard Contract performance
Session & auth tokens Authenticate you securely when you access the dashboard Contract performance
Error logs (Sentry) Diagnose bugs and maintain service stability Legitimate interest

We do not sell your data. We do not use your data for advertising. We do not profile merchants or customers.

4. Data processors (sub-processors)

We share data with the following third-party services solely to operate the App:

ServiceRoleData sharedLocation
Fly.io App hosting and database infrastructure All app data (transient in memory, persisted in our SQLite database) CDG region — Paris, France (EU)
Sentry Error monitoring and crash reporting Error logs, shop domain, product IDs involved in errors United States (Standard Contractual Clauses apply for EU data)
Shopify E-commerce platform and billing Data accessed via Shopify APIs and stored in Shopify systems Varies (see Shopify's privacy policy)

For details on their privacy practices:

5. Data retention

We retain your data for as long as the App is installed on your store:

  • While the App is installed: all data listed in Section 2 is retained to operate the service
  • Upon uninstallation: Shopify sends a shop/redact webhook to the App. All your shop data (settings, product states, analytics) is permanently deleted within 30 days of receiving this webhook.
  • Session tokens: expire automatically per Shopify's OAuth lifecycle, typically within 24 hours of inactivity
  • Error logs (Sentry): retained for 90 days per Sentry's default policy

6. Data security

  • All data is transmitted over HTTPS/TLS
  • The database is hosted on Fly.io infrastructure in the EU (Paris, CDG region)
  • Shopify access tokens are stored with standard database security controls
  • All Shopify webhook payloads are verified using HMAC-SHA256 signature validation before processing

7. Your rights under GDPR

If you are located in the European Union or European Economic Area, you have the following rights regarding the data we hold about your store:

  • Right of access: request a copy of the data we hold about your store
  • Right to erasure: uninstall the App — this triggers complete data deletion within 30 days. You may also contact us directly.
  • Right to portability: your product and configuration data is accessible via Shopify's Admin API at any time
  • Right to restriction: contact us to restrict processing while a dispute is being resolved
  • Right to object: contact us to object to any processing based on legitimate interest

To exercise any of these rights, contact us at cdurbal@gmail.com. We will respond within 30 days.

8. California residents (CCPA)

Auto-PreOrder does not sell personal information. We do not share personal information for cross-context behavioural advertising. California residents may contact us at cdurbal@gmail.com to exercise their rights under the California Consumer Privacy Act.

9. Shopify's mandatory GDPR webhooks

In compliance with Shopify's requirements, the App processes the following mandatory privacy webhooks:

  • customers/data_request: when a customer requests their data, we respond that no customer personal data is stored by this App
  • customers/redact: when a customer requests deletion, we confirm no customer personal data is held
  • shop/redact: when a merchant uninstalls the App, all associated shop data is deleted

10. Cookies

The App itself (the merchant dashboard within Shopify admin) does not use cookies beyond those required by Shopify's embedded app framework. This landing website does not use any tracking or analytics cookies.

11. Children's privacy

The App is intended for use by businesses (Shopify merchants) and is not directed at individuals under the age of 16. We do not knowingly collect data from minors.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy. For significant changes, we will notify merchants via the App dashboard.

13. Contact

For any questions about this Privacy Policy or to exercise your data rights: