Privacy Policy

When you install and use the App, we collect and store the following data:

• Shop data — Your Shopify store domain and access token, used to authenticate API requests to your store.
• Product data — Shopify product IDs, titles, handles, and images — fetched from your store to display in the admin and on the results page.
• Compatibility data — The levels, terms, and product-term mappings you create within the App. This is your own data, stored in our database.
• Customer selections — If you enable the saved searches feature, logged-in customer IDs and their saved search selections are stored.
• Session data — Shopify session tokens used to maintain authenticated admin sessions.

• To provide the core functionality of the App — building and serving your compatibility finder.
• To authenticate your store and make authorised API calls to Shopify on your behalf.
• To display compatible products to your customers on your storefront.
• To enforce plan limits and features based on your active subscription.

The App may store Shopify customer IDs and their saved search selections if the Customer Selections feature is enabled. This data is stored solely to provide the saved searches functionality and is scoped to your store. Customers can delete their saved searches at any time through the storefront widget.

Guest (non-logged-in) customers' recent searches are stored only in their browser cookies and are never sent to our servers.

All data is stored in a secure MySQL database hosted on Railway.app, a SOC 2 Type II compliant infrastructure provider. Data is stored in the United States. Access is restricted to authenticated requests only. We use HMAC-signed tokens to verify customer identity for saved search operations.

Your data is retained for as long as the App is installed on your store. When you uninstall the App, your session data is deleted automatically. You may request full deletion of all your store's data at any time by contacting us at the email below.

• Shopify — The App operates within the Shopify platform and is subject to Shopify's Privacy Policy.
• Railway.app — Used for application hosting and database storage. Subject to Railway's Privacy Policy.

As a merchant using the App, you have the right to:

• Access the data we hold about your store at any time.
• Request correction of any inaccurate data.
• Request deletion of all your store's data.
• Export your compatibility data at any time using the CSV export feature within the App.

If you are an EU or UK merchant, you have additional rights under GDPR including the right to data portability and the right to object to processing.

The App uses browser cookies on the storefront to store a customer's last search selection (the "remember search" feature). These cookies contain only the selected term IDs and do not contain any personally identifiable information. They expire after 30 days or when the customer resets their selection.

We may update this Privacy Policy from time to time. Changes will be posted at this URL. Continued use of the App after changes are posted constitutes acceptance of the updated policy.