Privacy Policy

1. Overview

StockLift is a Shopify application that helps merchants identify slow-moving inventory and offer cart upsell deals using Shopify discount codes. This policy describes how we collect, use, store, and delete information when you install and use StockLift.

2. Who this policy applies to

• Merchants who install StockLift on their Shopify store
• Merchant staff who access the StockLift embedded admin
• End customers of merchant stores — we do not intentionally collect customer personal data (see Section 4)

3. Information we collect

3.1 Merchant and shop data

• Shopify shop domain and shop identifier
• OAuth access tokens (stored server-side only)
• App installation and uninstall status
• App settings (thresholds, widget text, feature toggles)

3.2 Product and inventory data

• Product titles, handles, variants, prices, images
• Inventory quantities and slow-moving classification
• Aggregated sales velocity from order line items (last-sold dates, counts)

3.3 Order data (limited)

We process limited order information for:

1. Inventory scan — order dates and line-item variant/quantity aggregates (no customer PII stored)
2. Recovered revenue — when a paid order includes a StockLift discount code (STOCKLIFT-*), we process order ID, discount codes, amounts, and matching line-item variant/price data

We do not collect or store:

• Customer names, emails, phone numbers, or addresses
• Payment card or bank details
• Marketing preferences or behavioral profiles

3.4 Usage and analytics

• Widget impressions, clicks, and add-to-cart events
• Purchase attribution tied to StockLift discount codes
• Diagnostic and error logs (shop domain, event type — no customer PII)

4. How we use information

• Sync and analyze merchant catalog and order velocity
• Generate upsell suggestions and create Shopify discount codes
• Display cart upsell offers on the merchant storefront
• Attribute recovered revenue from paid orders using StockLift codes
• Operate, secure, troubleshoot, and improve the app
• Respond to support and legal requests

We do not use data for advertising, sell data to third parties, or build customer profiles for marketing.

5. Shopify API scopes

• read_products — Sync catalog for slow-stock analysis and upsell pairing
• read_inventory — Read stock levels for inventory value at risk
• read_orders — Last-sold velocity and paid-order revenue attribution
• write_discounts — Create, pause, and clean up scoped discount codes

6. Third-party processors

• Shopify — platform, Admin API, webhooks, OAuth
• Supabase — PostgreSQL database (EU West)
• Vercel — application hosting

7. Webhooks

We register Shopify webhooks including:

• app/uninstalled — revoke access and disable storefront offers
• app/scopes_update — sync permission changes
• orders/paid — attribute recovered revenue for StockLift discount codes (when enabled)
• customers/data_request, customers/redact, shop/redact — GDPR compliance

All webhooks are verified using Shopify HMAC signatures.

8. Data retention and deletion

Active shop data is retained while the app is installed. On uninstall, OAuth sessions are deleted and storefront access is disabled. Merchants may request full deletion — see our Data Deletion Policy.

9. Security

• HTTPS for all traffic
• Server-side storage of secrets and Shopify tokens
• Service role credentials never exposed to browsers
• Least-privilege Shopify API scopes

10. International transfers

Data may be processed in the United States, European Union, or other regions where our processors operate, with appropriate safeguards where required by law.

11. Children's privacy

StockLift is a business tool for merchants and is not directed at children under 16.

12. Changes to this policy

We may update this policy. The "Last updated" date will change. Continued use after changes constitutes acceptance where permitted by law.

13. Contact

StockLift · https://stocklift-nu.vercel.app · pufflyapp@gmail.com

Terms of Service · FAQ · Support