Privacy Policy

Last updated: May 6, 2026

1. Who we are

Bulk Price Editor (the "App") is a Shopify app developed by Alejandro ("we", "us"). Contact: saucone5@gmail.com.

2. What data we process

When a merchant installs the App, we receive and store:

• OAuth session tokens issued by Shopify (encrypted at rest).
• The myshopify domain of the store and its assigned scopes.
• Aggregated usage events: timestamp and number of variants modified per bulk operation.
• The settings of each bulk operation performed (operation type, value, filters), to provide the in-app History feature.
• License purchase status (one-time Shopify charge ID), to enforce paid-tier access.

We do not store, request, or share any customer-level data (no customer names, emails, addresses, orders, payment methods or browsing data).

3. How we use the data

• To authenticate the merchant against Shopify on each request.
• To enforce the monthly free-tier quota and lifetime-license entitlement.
• To display a history of past bulk operations to the merchant who owns the store.

We do not sell, rent, or share data with third parties for marketing purposes.

4. Subprocessors

• Shopify, Inc. — for OAuth, app billing, and the Admin API the App calls on the merchant's behalf.
• Fly.io, Inc. — application hosting (EU region by default) and managed Postgres database.

5. Data retention

Data is retained while the App is installed. When a merchant uninstalls the App or Shopify sends a shop/redact webhook, all session, license, usage and operation history records for that store are permanently deleted.

6. GDPR webhooks

The App responds to Shopify's mandatory compliance webhooks:

• customers/data_request — we have no customer data to return.
• customers/redact — we have no customer data to delete.
• shop/redact — we delete all records for that shop within 48 hours.

Because the App stores no customer-level data, no action is required to fulfil a customer right-to-be-forgotten request received via customers/redact; we still verify the HMAC signature, log the event for our records and respond with an HTTP 200 within 24 hours of receipt.

7. Security

All traffic is HTTPS. Session tokens are stored in a managed Postgres database with encryption at rest. Access to production infrastructure is restricted to the developer.

8. Your rights

You can export or delete your data at any time by emailing saucone5@gmail.com. Uninstalling the App from your Shopify admin also triggers automatic deletion.

9. Changes

If we materially change this policy, we will update the date above and notify active merchants via the App's interface.

← Back to home