Privacy Policy

Last updated: May 29, 2026

1. Introduction

SnapBundles ("we", "our", "us") is a Shopify application that helps merchants create product bundles, quantity breaks, and quick order forms. This Privacy Policy explains how we collect, use, and protect information when you use our application.

2. Information We Collect

Merchant Data: When you install SnapBundles, we access your Shopify store data as permitted by the scopes you authorize, including product information, order data, and discount configurations.

Customer Data: When end-customers place orders through our Quick Order Form, we collect the information they provide (name, email, phone, address) solely to process the order. For fraud prevention, we may store the order's phone number and email address, along with a one-way hash of the visitor's IP address and device fingerprint, to enforce order limits. This data is deleted upon merchant request or app uninstallation.

Analytics Data: We collect aggregated, non-personally-identifiable analytics data such as page views, form opens, and conversion rates to provide you with performance insights.

3. How We Use Information

  • To process orders placed through the Quick Order Form
  • To provide bundle and discount functionality on your storefront
  • To display analytics and performance metrics in your dashboard
  • To send email notifications (if configured by the merchant)
  • To detect and prevent fraudulent orders

4. Data Sharing

We do not sell, rent, or share personal data with third parties except:
  • With Shopify, as required to process orders and operate within the Shopify platform
  • With email service providers (Resend) when you configure email automations
  • When required by law or to protect our legal rights

5. Data Retention

We retain merchant data for as long as the app is installed. Upon uninstallation, all store-specific data is automatically deleted. Customer purchase records are retained for order history purposes and are deleted upon merchant request or app uninstallation.

6. GDPR Compliance

We comply with GDPR and Shopify's mandatory privacy webhooks:
  • Data Access Requests: We respond to customer data requests within 30 days
  • Data Deletion: We delete all customer data upon receiving a redaction request
  • Shop Deletion: All shop data is permanently deleted when the app is uninstalled or upon Shopify's request

7. Security

We use industry-standard security measures including HTTPS encryption, hashed storage of sensitive identifiers (phone, IP), and secure database hosting on Railway with encrypted connections.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of significant changes through the app dashboard.

9. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at [email protected].