Pound Pixel Apps / ShipGate / Privacy Policy

Privacy Policy

Effective March 2026 · Updated March 2026

What We Collect

ShipGate collects only the minimum data required to operate:

• Shop domain (e.g., yourstore.myshopify.com)
• Encrypted Shopify access token
• Shipping rule configurations (rule names, conditions, target shipping methods)
• Customer name and email — Retrieved from Shopify's Customer API solely for display within the app's rule condition editor. This allows merchants to select specific customers when creating customer-based shipping rules.

How Customer Data Is Used

ShipGate accesses protected customer data (name and email) through Shopify's API with the following strict limitations:

• Customer names and emails are fetched on demand when a merchant opens the rule condition editor
• This data is used only for display purposes within the app — to populate a customer selection dropdown so merchants can create rules that target specific customers
• Customer data is not stored in our database — it is loaded from Shopify's API each time and exists only in the browser session
• Customer data is never exported, shared, or transmitted to any third party

What We Do NOT Collect

We do not collect, store, or process any of the following:

• Customer addresses or phone numbers
• Customer payment information
• Order data or order history
• Browsing or tracking data
• Product inventory data

How We Use Your Data

• Access token: Used for Shopify API calls to manage delivery customizations, write rule configuration metafields, and fetch customer data for the rule editor
• Shop domain: Used for app authentication and session management
• Rule configurations: Stored to power your shipping rules at checkout
• Customer names and emails: Fetched on demand from Shopify and displayed in the rule editor. Not stored in our database.

Data Storage

• MySQL database hosted on Google Cloud SQL (US region)
• Access tokens encrypted at rest
• All API communication over HTTPS
• Customer data is not stored — fetched from Shopify's API on each request

Data Retention

Your data is retained while the app is installed on your store.

On uninstall, the shop/redact GDPR webhook deletes all shop data — including rules, configuration, subscription records, and the shop record — within 48 hours.

Customer data (names and emails) is never retained by ShipGate. It exists only in the merchant's browser session while using the rule editor.

Third-Party Sharing

None. Your data — including any customer data accessed through the app — is never shared with, sold to, or accessed by third parties.

GDPR Compliance

We support all three mandatory Shopify GDPR webhooks:

• customers/data_request — ShipGate does not store customer data in its database. Customer names and emails are fetched from Shopify on demand and not persisted. No customer data to return.
• customers/redact — ShipGate does not store customer data in its database. No customer data to delete.
• shop/redact — Deletes all shop data on uninstall

Contact

For privacy questions, reach us at [email protected].

← Back to ShipGate