Back to home

Privacy Policy

Last updated: February 6, 2026

This Privacy Policy describes how OrderMe ("we", "us", or "our") collects, uses, and shares information when you install and use our Shopify applications: OrderMe Cart Upsell, OrderMe Loyalty Rewards, and OrderMe Restock Intelligence (collectively, the "Apps").

1. Information We Collect

1.1 Shop Information

When you install any of our Apps, we collect:

• Your Shopify store domain and name
• Store owner email address
• Shopify access tokens required for app functionality
• Billing and subscription information processed through Shopify

1.2 Customer Data (Loyalty Rewards)

The Loyalty Rewards app processes the following customer data to provide loyalty program functionality:

• Customer names and email addresses
• Loyalty points balances and transaction history
• Birthday dates (if voluntarily provided by the customer)
• Reward redemption history

1.3 Order Data (Cart Upsell & Restock Intelligence)

Our Cart Upsell and Restock Intelligence apps process order data to provide their core functionality:

• Order totals and line items
• Product information (titles, variants, inventory levels)
• Cart interaction data (views, clicks, conversions) for analytics

1.4 Inventory Data (Restock Intelligence)

The Restock Intelligence app processes:

• Product inventory levels and variant information
• Supplier information you configure within the app
• Supplier order details and delivery tracking information
• Sales history for demand forecasting

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Apps' core functionality
• Process subscriptions and billing through Shopify's billing system
• Generate analytics and reports within the Apps
• Respond to your support requests
• Improve our Apps and develop new features

We do not sell, rent, or share your data with third parties for marketing purposes.

3. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Railway, a cloud infrastructure provider. We implement industry-standard security measures including:

• Encrypted database connections (SSL/TLS)
• Authentication via Shopify's OAuth system
• Access controls limiting data access to authorized personnel only
• Regular security reviews of our codebase

4. Shopify API Usage

Our Apps access the Shopify API to provide their functionality. The specific API scopes we request are limited to what each app needs to operate. We follow Shopify's API usage guidelines and terms of service.

5. Data Retention

We retain your data for as long as you have our Apps installed. When you uninstall an App:

• Your app configuration and settings are retained for 30 days in case you reinstall
• After 30 days, all associated data is permanently deleted
• You can request immediate data deletion at any time by contacting us

6. Data Deletion Requests

You can request deletion of your data at any time by:

• Emailing us at support@orderme.dev
• Using the in-app support chat in any of our Apps

We will process data deletion requests within 30 days.

7. GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR):

• Legal basis: We process data based on legitimate interest (providing the app service you installed) and, where applicable, your consent
• Data portability: You can request an export of your data at any time
• Right to erasure: You can request deletion of your data as described above
• Right to access: You can request a copy of all data we hold about your store
• Data processor: We act as a data processor on behalf of the merchant (data controller) for customer data

8. Cookies

Our Apps operate within Shopify's admin and storefront environments. We do not place additional tracking cookies on your store. Any cookies used are essential for app functionality (session management, authentication).

9. Third-Party Services

We use the following third-party services:

• Shopify: Platform provider, billing, and authentication
• Railway: Cloud hosting and database infrastructure

We do not use third-party analytics, advertising, or tracking services.

10. AI and Machine Learning

We do not use your merchant or customer data to train artificial intelligence or machine learning models. Any AI-powered features (such as product recommendations in Cart Upsell) use Shopify's built-in recommendation systems, not our own models trained on your data.

11. CCPA Compliance

For California residents, we comply with the California Consumer Privacy Act (CCPA). You have the right to:

• Know what personal information we collect about you
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your CCPA rights

12. Children's Privacy

Our Apps are business tools intended for Shopify merchants. We do not knowingly collect information from children under 16.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page and, where appropriate, notifying you via email.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: support@orderme.dev
• In-app support chat (available in all OrderMe apps)