This policy explains what data Delivery Date Predictor (“the App”), provided by Oyolloo (“we”, “us”), accesses, stores, and shares when a merchant installs it on their Shopify store. Plain summary first: the App does not collect or store your shoppers’ personal information. It stores your store’s delivery configuration and the standard Shopify session needed to run an embedded app.
1. Information we process
a) Merchant / store data (stored)
When you install the App, Shopify provides and we store:
- Store identifier — your
.myshopify.comdomain and access token (to call Shopify APIs on your behalf). - Session data — the standard Shopify session, which may include the name and email of the staff user who authenticates the embedded app. Used only for authentication.
- Plan & billing status — your selected plan, subscription ID, and a monthly prediction-usage counter (for plan limits). Payments are handled entirely by Shopify Billing; we never see card details.
- Your configuration — prediction rules, warehouse locations (names/ZIP you enter), custom holidays, and widget appearance settings.
b) Storefront prediction requests (not stored)
When a shopper views a product/cart page with the widget, the storefront sends a request to calculate a delivery estimate containing the product ID, destination country (and optionally postal code), and shipping method. This data is used only in memory to compute the date and is not stored or linked to any individual. We do not receive shopper names, emails, addresses, or payment information.
c) What we do NOT collect
- No shopper/customer personal data (names, emails, addresses, phone, payment).
- No order or fulfillment data (the App does not request
read_orders). - No browsing/tracking profiles.
2. How we use information
- To authenticate and run the embedded admin app.
- To compute delivery-date estimates and render the storefront widget.
- To enforce plan limits and process subscription changes via Shopify Billing.
- To operate, secure, and support the App.
We do not sell your data or use it for advertising.
3. Sub-processors and third parties
| Provider | Purpose | Data shared |
|---|---|---|
| Shopify | Platform, authentication, billing, webhooks | Store/session/billing data |
| Our hosting provider | Runs the App server | App data in transit |
| Our PostgreSQL database provider | Stores configuration & sessions | Data in section 1(a) |
| Upstash Redis (optional) | Caches predictions/holidays, rate limiting | No personal data |
| date.nager.at | Public holiday calendar | Country code + year only |
4. Data retention & deletion
- Configuration and session data are retained while the App is installed.
- On uninstall, we delete your store’s data via Shopify’s
app/uninstalledwebhook. - We honor Shopify’s mandatory privacy/GDPR webhooks:
customers/data_request— we hold no shopper data; acknowledged.customers/redact— we hold no shopper data; acknowledged.shop/redact— we erase all of your store’s data (sent ~48h after uninstall).
You can also request deletion at any time by emailing us.
5. Security
- All traffic is served over HTTPS.
- Shopify sessions are stored server-side; inbound webhooks are HMAC-verified.
- Database access is restricted and uses parameterized queries.
- We follow least-privilege access scopes (
write_products,read_inventory).
6. International transfers
Data may be processed in the regions where our hosting and database providers operate. We rely on those providers’ standard data-protection safeguards.
7. Your rights
Depending on your jurisdiction (e.g. GDPR/CCPA), you may have rights to access, correct, or delete data we hold about your store. Contact us to exercise them.
8. Changes
We may update this policy; the “Last updated” date will change accordingly. Material changes will be communicated through the App or the App Store listing.
9. Contact
Questions or requests: oyolloo.projects@gmail.com
This document is provided for the App. Have it reviewed by a legal professional and fill in your legal entity name/address before relying on it in production.