Privacy Policy

Bundle Builder ("we", "our", "us") is a Shopify application that helps merchants create and sell product bundles with auto-generated composite images, discount pricing, and collection-page badges.

This privacy policy explains what data we collect, how we use it, who we share it with, and the rights you have over your data. It applies to merchants who install the app and the shoppers who interact with bundle products on those merchants' storefronts.

From merchants when you install and use Bundle Builder:

• Store information. Your Shopify store domain (e.g. your-shop.myshopify.com) and access tokens, used to authenticate API calls and associate bundles with your store.
• Product data. Product titles, variants, images, prices, and inventory, accessed via the Shopify Admin API solely to create and manage the bundles you configure.
• Bundle configuration. The bundles you create — names, descriptions, components, discount rules, badge color, image-layout preferences.
• App settings. Subscription status, billing plan, widget preferences.

From shoppers on storefronts where Bundle Builder is active:

• Aggregated analytics events. Anonymous counts of bundle page views, add-to-cart actions, and completed orders. We record the event type, bundle ID, and order ID — never the shopper's name, email, address, IP, or any other identifier.

• We do not collect shopper names, email addresses, phone numbers, or any personally identifiable information.
• We do not track individual shopper behavior or browsing history across sessions.
• We do not set cookies, pixels, fingerprinting scripts, or any other tracking technology on your storefront.
• We do not sell, rent, or share your data — or your shoppers' data — with advertisers, data brokers, or any third party for marketing purposes.

• To create, update, and delete product bundles on your Shopify store.
• To generate composite bundle images and upload them to your Shopify CDN.
• To render collection-page badges via the theme app extension.
• To provide you with aggregated bundle performance analytics inside the app dashboard.
• To process subscription billing through the Shopify Billing API.
• To respond to your support requests sent to bundlerappsupport@gmail.com.

We use a small number of trusted infrastructure providers to operate the service. They process data only on our instructions and only to deliver Bundle Builder to you:

• Shopify Inc. — App distribution, authentication, billing, and the GraphQL Admin API. Your store data flows through Shopify regardless of whether Bundle Builder is installed.
• Fly.io — Application hosting in the United States (region: iad). Data in transit is encrypted via TLS 1.3.
• Supabase (PostgreSQL) — Database hosting in the United States (region: us-east-2). Data at rest is encrypted via AES-256.

We do not sell or share data with anyone outside this list.

We retain merchant data for as long as your app is installed and your subscription is active. When you uninstall Bundle Builder:

• Shopify sends us a shop/redact webhook 48 hours after uninstall.
• We immediately purge all bundle configurations, analytics events, app settings, and session tokens associated with your shop domain.
• The original Shopify products created by Bundle Builder remain on your store — you may keep selling them, delete them, or archive them at your discretion.

You can request immediate deletion at any time by emailing bundlerappsupport@gmail.com — we'll complete the purge within 5 business days.

You have the right to:

• Access — request a copy of the data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Portability — receive your data in a machine-readable format.
• Restriction — request that we stop processing your data while a complaint is reviewed.
• Objection — object to specific processing activities.

Bundle Builder implements the three mandatory Shopify compliance webhooks with HMAC verification:

• customers/data_request — fulfilled by emailing the requesting shopper a CSV of all aggregated events referencing their order IDs.
• customers/redact — irreversibly purges any analytics events referencing the redacted customer's order IDs.
• shop/redact — irreversibly purges all data for the shop, as described above.

To exercise any right, email bundlerappsupport@gmail.com with the subject "Privacy Request." We respond within 30 days as required by GDPR Article 12, or sooner.

• All data in transit is protected by TLS 1.3.
• Database storage uses AES-256 encryption at rest via Supabase.
• All Shopify webhook payloads are verified with HMAC-SHA256 before processing.
• Shopify access tokens are stored encrypted in the session storage layer.
• We follow the principle of least privilege — the app requests only the OAuth scopes it strictly needs (write_products, read_products, write_discounts, read_discounts, read_inventory, read_orders).

No system is completely secure. If we ever discover a breach affecting your data, we'll notify you within 72 hours as required by GDPR Article 33.

Our hosting infrastructure is located in the United States. If you access Bundle Builder from outside the U.S., your data will be transferred to and processed in the U.S. We rely on Standard Contractual Clauses where required by applicable law.

Bundle Builder is a business-to-business tool for Shopify merchants. We do not knowingly collect personal data from anyone under 16 years of age. If you believe we have inadvertently collected such data, contact us and we'll delete it immediately.

We may update this policy from time to time as the product evolves or as required by law. When we make material changes, we'll update the "Last updated" date at the top of this page and — for changes that affect your rights — notify active merchants by email or in-app banner at least 30 days before the changes take effect.

Questions, complaints, or requests under any of the rights above — please reach out: