Privacy Policy — BopiSafe

Last updated: 2026-04-30
Live at: https://bopisafe.com/privacy

This Privacy Policy explains how BopiSafe ("we", "our", "the app") collects, uses, and protects information when merchants install and use the BopiSafe Shopify app.

1. Who we are

BopiSafe is a Shopify app that helps merchants run reliable Buy-Online-Pickup-In-Store (BOPIS) on Shopify by hiding shipping for pickup-only items, splitting mixed carts, and managing pickup-location capacity.

Contact: support@bopisafe.com

2. What data we collect

From the merchant store (via Shopify Admin API)

• Store identifier (shop domain, e.g. example.myshopify.com)
• Store locations (location ID, name, address, fulfillment configuration)
• Products and variants (product ID, variant ID, title, inventory levels)
• Orders (order ID, line items, totals, currency, fulfillment status, shipping country)
• Themes (theme ID and structure for compatibility detection only)
• Merchant staff session (Shopify-issued OAuth token, staff email and name from Shopify)

From the storefront (via Shopify Theme App Extension)

• Anonymous browser cart token (used to attach pickup intent to a cart; not linked to any consumer identity)
• Storefront events emitted by our cart and checkout integration

We do not collect

• Customer (consumer) name, email, phone, postal address, IP address, or any other personally identifiable information
• Payment card or financial data
• Tracking or behavioural data across other websites

3. How we use the data

• Apply per-product fulfillment rules (pickup-only / dual / ship-only / local service) at checkout
• Hide shipping methods on pickup-only carts and hide at-capacity pickup locations
• Split mixed carts into coordinated draft orders and guide customers through pickup-first checkout
• Block checkout when inventory drift would cause an unfulfillable BOPIS order
• Show the merchant analytics on pickup volume, rescued mixed-cart revenue, and capacity usage
• Send the merchant operational alerts to a self-provided alert email

We do not sell, rent, or share merchant or consumer data with third parties for marketing or any other purpose.

4. Data sharing across merchants

We never share data across merchants. Each store's data is isolated; nothing one merchant configures or generates is visible to any other merchant.

5. Where data is stored

• PostgreSQL database hosted on Neon (Amazon Web Services, US-East-1 region)
• TLS 1.3 in transit; AES-256 at rest (provided by the cloud provider)
• Application servers on Fly.io (US-East region)

6. How long we keep data

• While the app is installed: data is retained as long as the merchant uses the app
• After uninstall (shop/redact webhook): data is permanently deleted 30 days after webhook receipt
• Webhook event logs and queue rows: 90 days, then auto-purged
• Aggregate analytics rollups: 365 days, then auto-purged

7. Sub-processors

We use the following infrastructure providers:

• Shopify Inc. — app hosting platform, identity provider, OAuth issuer
• Neon, Inc. — managed PostgreSQL database
• Fly.io, Inc. — application server hosting
• Sentry (Functional Software, Inc.) — error tracking (no consumer PII transmitted)

No additional sub-processors are used.

8. Privacy compliance webhooks

BopiSafe complies with Shopify's mandatory privacy webhooks. All three respond with HTTP 200 within 5 seconds and are HMAC-verified:

• customers/data_request — acknowledged. We hold no consumer PII to export.
• customers/redact — acknowledged. We hold no consumer-keyed records to delete.
• shop/redact — schedules a 30-day deletion of all merchant-keyed records.

9. Merchant rights

A merchant can at any time:

• Uninstall BopiSafe to stop further data collection
• Email support@bopisafe.com to request immediate deletion of their store's data (we will action within 5 business days)
• Request a copy of all data BopiSafe holds about their store

10. Children

BopiSafe is a B2B Shopify app. It is not directed at children under 13 and does not knowingly collect data from children.

11. Changes to this policy

We may update this policy. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated to active merchants via email.

12. Contact

For privacy questions or to exercise the rights above:

Email: support@bopisafe.com