Privacy Policy
This Privacy Policy describes how Scale & Tail ("we", "us", or "the App") collects, uses, stores, and deletes information when merchants install and use our Shopify application, and when their customers interact with the App's storefront widget.
1. Who this policy applies to
- Merchants who install Scale & Tail on their Shopify store.
- Store visitors and customers who interact with the species selector, recommendations, or cart features powered by the App on a merchant's storefront.
Merchants are responsible for their own store privacy policies and for informing customers about how data is collected on their storefront. This policy explains what the App processes on the merchant's behalf.
2. Information we collect
Merchant and store data
- Shop domain and internal shop identifier.
- App configuration and settings (for example widget appearance, recommendation preferences, onboarding status).
- Species definitions, product and collection mappings, custom groups, and complement rules you configure in the App admin.
- Product metadata synced from Shopify (such as product IDs, titles, images, and custom grouping fields used for recommendations).
- Order line item data needed for purchase attribution and metrics when permitted by Shopify and your app permissions (order IDs and recommendation-related line item properties).
- Billing and subscription status provided through Shopify's billing APIs.
Storefront visitor and customer data
- Anonymous browser session identifiers used to remember a visitor's species selection during a shopping session.
- Shopify customer ID, when available and provided by the storefront (for example when a customer is logged in).
- Species selection events (which species a visitor chose).
- Recommendation interaction events such as impressions, clicks, add-to-cart actions, and attributed purchases.
- Technical metadata associated with events (for example product IDs, order IDs, and non-identifying event context stored in JSON metadata).
Authentication data
Shopify OAuth access tokens for merchant admin access are stored using Shopify's session storage mechanisms required to operate the App. We do not duplicate merchant access tokens in our primary application database.
3. How we use information
- Provide and operate the App, including the admin dashboard and storefront widget.
- Remember species selections and deliver species-aware product recommendations.
- Generate aggregated performance metrics for merchants (for example impressions, clicks, add-to-carts, and purchases).
- Process Shopify billing and enforce subscription access where applicable.
- Respond to mandatory Shopify GDPR webhooks and merchant-initiated data export requests.
- Maintain security, troubleshoot issues, and improve App reliability.
We do not sell personal information. We do not use customer data for advertising unrelated to the App's core functionality.
4. Shopify API permissions
Scale & Tail requests the following Shopify access scopes:
- read_products — read product and collection data to build species mappings and recommendations.
- write_products — write product metafields used for species and grouping configuration.
- read_orders — read paid order data for purchase attribution and merchant metrics.
- write_app_proxy — serve secure storefront API requests through the merchant's shop domain.
We access only the data needed to provide App features enabled by the merchant.
5. Data storage and retention
- App data is stored on secure cloud infrastructure (currently hosted on Railway with a PostgreSQL database).
- Merchant configuration and aggregated analytics are retained while the App remains installed.
- When a merchant uninstalls the App, Shopify sends a shop/redact webhook after the mandatory waiting period; we then delete the shop's App data from our systems.
- When Shopify sends a customers/redact webhook, we delete customer-linked selections and related events for the specified customer and orders.
6. Data sharing and subprocessors
We do not share merchant or customer data with third parties except:
- Shopify, as required to operate a Shopify app.
- Infrastructure providers (such as Railway) that host the App under contractual confidentiality and security obligations.
- When required by law or to protect our legal rights.
7. GDPR and privacy rights
We comply with Shopify's mandatory privacy compliance webhooks: customers/data_request, customers/redact, and shop/redact.
- Data request: We compile relevant species selections, behavioral events, and purchase attribution records and make them available to the merchant through the App admin.
- Customer redact: We delete customer-linked records identified in the webhook payload.
- Shop redact: We delete all App data associated with the uninstalled shop.
Merchants may also use the GDPR export tools inside the App admin to generate customer data exports when responding to customer requests.
If you are a customer of a Shopify store using this App, please contact the store owner directly to exercise privacy rights. Store owners can contact us using the support email listed on our Shopify App Store listing.
8. Security
We use industry-standard measures including HTTPS encryption, authenticated admin access through Shopify session tokens, App Proxy HMAC verification for storefront requests, and access controls limiting data to the relevant merchant shop.
9. International transfers
Data may be processed and stored in countries where our hosting providers operate. By using the App, merchants consent to this processing to the extent permitted by applicable law.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the "Last updated" date at the top of this page. Material changes may also be communicated through the App or Shopify Partner listing where appropriate.
11. Contact us
If you have questions about this Privacy Policy or how Scale & Tail handles data, contact us at:
Email: gsloveyxj@163.com