Privacy Policy

Introduction

ShipPulse ("we", "our", "us") is a Shopify application that scans your store's product data and shipping configuration to identify misconfigurations and generate a health score. This Privacy Policy explains how we collect, use, and protect your information.

Data We Collect

When you install and use ShipPulse, we access the following data through Shopify's APIs:

• Product data — product titles, variant titles, SKUs, and weights. Used to identify missing or incorrect shipping attributes.
• Shipping configuration — shipping zones, profiles, and rates. Used to detect zones with no rates or inactive shipping methods.
• Store metadata — your shop domain, total product and variant counts, and scan timestamps. Used to display your dashboard and track health score history.

Data We Do NOT Collect

• Customer personal information (names, emails, addresses)
• Order or transaction data
• Payment or financial information
• Customer browsing behavior or analytics

How We Use Your Data

We use your data exclusively to:

• Scan your store's products and shipping configuration for issues
• Calculate and display your shipping health score
• Provide actionable issue reports with severity levels
• Apply bulk fixes to product weights (only when you explicitly initiate this action and have granted the optional write_products permission)
• Generate CSV exports of detected issues

We do not sell, rent, or share your data with any third parties. We do not use your data for advertising, profiling, or any purpose beyond the core functionality described above.

Data Storage & Security

Your scan results and store metadata are stored in Cloudflare D1, a globally distributed SQLite database running on Cloudflare's edge network. All data is encrypted in transit via TLS. Access to the database is restricted to our application through Cloudflare Workers bindings.

OAuth session tokens provided by Shopify are stored securely in the same database and are used solely for authenticating API requests to your store.

Data Retention

• Scan results are retained for as long as the app is installed on your store.
• On uninstall, your OAuth session is automatically invalidated.
• On data erasure request (via Shopify's mandatory shop/redact webhook), all scan results and store metadata are permanently deleted from our database.

Permissions

ShipPulse requests the minimum permissions necessary:

• read_products — to check product weights
• read_shipping — to audit shipping zones, profiles, and rates
• write_products (optional) — to apply bulk weight fixes, granted only when you explicitly request it

GDPR Compliance

ShipPulse complies with the General Data Protection Regulation (GDPR) and implements all mandatory Shopify compliance webhooks:

• Customer data request — we acknowledge these requests and confirm that we do not store customer personal data.
• Customer data erasure — we acknowledge these requests and confirm that no customer data needs to be erased.
• Shop data erasure — we delete all scan results and store metadata associated with the requesting shop.

Cookies & Tracking

ShipPulse does not use cookies, tracking pixels, or analytics scripts on this marketing website or within the embedded Shopify app. We do not track your browsing behavior.

Your Rights

You have the right to:

• Access your data — all scan results are visible within the app
• Delete your data — uninstall the app and request erasure through Shopify, or contact us directly
• Restrict processing — scans are only triggered manually by you, so no processing occurs without your action

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of significant changes through the app or via Shopify's notification system.

Contact

If you have questions about this Privacy Policy or your data, please contact us:

• Email: shippulse@offshoot-labs.com