Privacy Policy

Last updated: April 4, 2026

Effective date: April 4, 2026

PreOrder Now ("App", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you install and use our Shopify application. Please read this policy carefully. By installing or using the App, you consent to the practices described herein.

1. Information We Collect

1.1 Store Information

When you install the App, we automatically receive from Shopify:

Store name and domain (e.g., your-store.myshopify.com)
Store owner email address
Shopify access tokens for API communication
Store locale, currency, and timezone settings

1.2 Product Information

To provide pre-order functionality, we access:

Product titles, IDs, and variant information
Product images (thumbnails for display in the App dashboard)
Product inventory and status information
Product metafields (we write pre-order configuration data)

1.3 Order Information

When orders are placed for pre-order products, we collect:

Order numbers and IDs
Line item details (product, variant, quantity)
Customer email address (for order notifications)
Customer name (for order identification)
Order status and fulfillment information

1.4 Merchant-Provided Information

Information you voluntarily provide through the App:

Notification email addresses
Pre-order configuration settings (button text, delivery dates, email templates)
Billing plan selections

1.5 Automatically Collected Information

We do not use cookies, tracking pixels, or analytics within the App. We do not collect IP addresses, browser information, or device identifiers from merchants or their customers.

2. How We Use Your Information

Data	Purpose	Legal Basis
Store information	Authenticate your store, manage your account	Contract performance
Product information	Display products in the App, write pre-order metafields to your storefront	Contract performance
Order information	Track pre-orders, send notifications, manage fulfillment	Contract performance
Customer email/name	Send pre-order confirmation and fulfillment notification emails	Legitimate interest
Merchant email	Send new pre-order notifications to store owner	Consent

We do not use your information for:

Advertising or marketing purposes
Profiling or automated decision-making
Selling or renting to third parties
Training machine learning or AI models
Any purpose unrelated to the App's functionality

3. How We Share Your Information

3.1 Service Providers

We may share data with the following third-party service providers who assist in operating the App:

Shopify: Platform provider, processes payments and order data
Railway: Cloud hosting infrastructure provider
Resend: Transactional email delivery service (if configured by merchant)

Each service provider is contractually obligated to protect your data and use it only for the services they provide to us.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

3.4 No Sale of Personal Data

We do not sell, rent, or trade personal information to third parties for their commercial purposes. We do not engage in data brokering.

4. Data Storage and Security

4.1 Storage Location

Your data is stored on secure servers provided by Railway, located in the United States. Data is transmitted between your Shopify store and our servers via encrypted HTTPS connections.

4.2 Security Measures

We implement industry-standard security measures including:

Encryption in transit (TLS/HTTPS for all connections)
Encryption at rest (database-level encryption)
Shopify HMAC webhook verification
Input sanitization to prevent injection attacks
Session-based authentication via Shopify App Bridge
Shop-scoped data isolation (each store can only access its own data)
Rate limiting on API endpoints
No storage of sensitive payment information (handled entirely by Shopify)

4.3 Breach Notification

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authority within 72 hours of becoming aware of the breach, as required by GDPR and applicable law.

5. Data Retention

5.1 Active Installation

We retain your data for as long as the App is installed on your store. Pre-order records are retained to provide historical reporting.

5.2 After Uninstallation

When you uninstall the App:

Pre-order configurations are immediately disabled
Session and authentication data is immediately deleted
Order data and store settings are retained for up to 30 days to comply with Shopify's GDPR requirements
After receiving a shop/redact webhook from Shopify, all remaining data is permanently deleted

5.3 Product Metafields

Pre-order configuration metafields written to your products remain on your Shopify store after uninstallation. You can remove these manually through the Shopify admin or they will have no effect without the App's theme extension active.

6. Your Rights

6.1 GDPR Rights (European Economic Area)

If you are located in the EEA, you have the following rights:

Access: Request a copy of the personal data we hold about you
Rectification: Request correction of inaccurate data
Erasure: Request deletion of your personal data ("right to be forgotten")
Restriction: Request restriction of processing of your data
Portability: Request transfer of your data in a machine-readable format
Objection: Object to processing based on legitimate interest
Withdraw consent: Withdraw consent at any time where processing is based on consent

6.2 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

Know what personal information is collected and how it is used
Request deletion of your personal information
Opt-out of the sale of your personal information (we do not sell your data)
Non-discrimination for exercising your privacy rights

6.3 PIPEDA Rights (Canadian Residents)

Canadian residents have the right to access their personal information, challenge its accuracy, and withdraw consent for its collection, use, or disclosure.

6.4 Exercising Your Rights

To exercise any of these rights, contact us at the email address listed below. We will respond to your request within 30 days. You may also uninstall the App at any time through your Shopify admin, which will trigger our data cleanup process.

7. Customer Data (Shoppers on Your Store)

7.1 What We Collect

When a customer places a pre-order on your store, we collect their email address and name (as provided through the Shopify checkout) solely for the purpose of managing the pre-order and sending notifications.

7.2 Customer Data Requests

We handle all Shopify GDPR webhooks for customer data:

Customer data request: We acknowledge the request and can provide a report of customer data stored
Customer data erasure: We permanently redact all personal identifiable information (name, email) from pre-order records

7.3 Merchant Responsibility

As a merchant, you are the data controller for your customers' personal information. You are responsible for obtaining appropriate consent from your customers and including pre-order data processing in your store's privacy policy.

8. Cookies and Tracking

The App does not set any cookies on your storefront. The pre-order button theme extension operates without cookies, local storage, or any client-side tracking. The App's admin interface uses Shopify's built-in session management.

9. Children's Privacy

The App is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will delete that information promptly.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure that appropriate safeguards are in place, including standard contractual clauses approved by the European Commission, where applicable.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide notice through the App dashboard. Your continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

We aim to respond to all inquiries within 30 days.

13. Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.