Privacy policy
Effective April 19, 2026
What we collect
When you install Dashprep from the Shopify App Store, we receive: your shop's domain, an OAuth access token scoped to the permissions you granted, your store's products and collections, and orders that arrive via Shopify webhooks. We store these in a multi-tenant database scoped by your Shopify session identifier.
When a member of your team uses Dashprep, we store the settings and preferences they configure (theme, filters, notifications) so the app remembers them across sessions.
We do not receive customer payment information. Shopify handles that directly.
How we use it
- To route orders to the right prep stations inside the app
- To authenticate your session when you open the app
- To send product updates if you've opted in to the newsletter
- To respond to support requests you send us
What we don't do
- Sell your data, your team's data, or your customers' data to anyone
- Train machine-learning models on your data
- Share data with advertising networks
Retention
While the app is installed, we retain data for as long as you use it. When you uninstall Dashprep from Shopify, we delete your tenant data — orders, line items, products, users, sessions — in response to the `app/uninstalled` webhook. When Shopify sends us `shop/redact`, we delete everything associated with your shop. When Shopify sends us `customers/redact`, we delete all orders and associated data for the specified customer.
Security
All traffic is TLS-encrypted. Webhooks are HMAC-verified before processing. Session tokens are stored encrypted at rest. We scope every database row by tenant to prevent cross-shop data leaks.
Contact
Questions about this policy or a specific data request: email privacy@dash-prep.com.