This Privacy Policy explains honestly and in plain language what data Best Seller Sync: Sales Sorting ("we", "our", or "the App") collects, why it is collected, how it is used, and how long it is kept. It applies to Shopify merchants (store owners and their staff) who install the App. If you have any questions, email us at lab.aspeed@gmail.com — we will respond within 30 days.
1. Who We Are
Best Seller Sync - Auto Update is an independent Shopify app that automatically ranks products in your store collections based on real sales performance — reordering products, applying a badge:best-seller tag, and writing ranking data to product metafields.
Contact: lab.aspeed@gmail.com
2. What Shopify Permissions We Request and Why
When you install the App, Shopify asks you to approve the following permission scopes. Here is exactly what each one is used for:
- read_orders — We read your paid order history to count how many units of each product were sold within your chosen time window (e.g. last 7 days). We read the line items of each order (product ID + quantity + price) to calculate aggregated totals per product. We do not read, store, or process customer names, emails, phone numbers, shipping addresses, or payment details. Only the product-level numbers are used.
- read_products, write_products — We read your product catalogue to build the ranking list, then reorder products within collections and apply or remove the
badge:best-sellertag. We also write ranking metadata to product metafields (namespace:bsync) so the data can be used by your storefront. - read_publications, write_publications — We read publication channels to identify your Online Store and publish newly created collections so they are visible to customers. You can manage channel visibility at any time from your Shopify admin.
3. What Data We Store and Why
Below is a complete and honest list of every piece of data we store in our database, with the reason for storing it:
3a. Merchant Authentication (Session table)
- Shop domain (e.g. yourstore.myshopify.com) — identifies which store the data belongs to
- OAuth access token — required to call Shopify's API on your behalf
- Merchant name and email — provided by Shopify during the OAuth login flow; used only for admin identification purposes
- Shopify user ID — identifies which staff account authenticated the app
- Session expiry timestamps — used to invalidate old sessions automatically
This data is deleted immediately when you uninstall the App.
3b. Collection Settings (CollectionConfig table)
- Shop domain, collection ID, and collection title
- Ranking settings: mode (days / orders), metric (units / orders / revenue), sync window, max products
- Pinned product IDs (up to 3 on Starter, up to 5 on Pro) and excluded product IDs — these are Shopify product GIDs you choose to pin or hide
- Sync schedule, last sync time, last error message
This is your configuration — no customer data. Retained for 48 hours after uninstall to allow seamless reinstall recovery, then permanently deleted.
3c. Sync History (SyncSnapshot table)
- Ordered list of product IDs per collection at the time of each sync
- Aggregated sales numbers per product: units sold, order count, gross revenue
- Rank position, percentile score, and grade (ABC) per product
- Change summary: which products entered, left, or moved in rank
The last 30 sync snapshots are kept per collection — older ones are automatically deleted. This data contains no customer information: it is entirely product-level aggregates. Permanently deleted 48 hours after uninstall.
3d. Billing & Plan (Plans table)
- Shop domain, current plan (free / starter / pro), plan activation date
- Shopify subscription ID — used to manage billing via Shopify's API
- Grace period end date (if a payment fails), subscription status
Required to enforce plan limits and handle billing events. Permanently deleted onshop/redact webhook (48 hours after uninstall).
3e. Sync Lock (SyncLock table)
- Shop domain, collection ID, lock timestamp — a temporary row that prevents two syncs from running at the same time
Released immediately after each sync completes. Never holds customer data.
3f. GDPR Request Log (DataRequest table)
- Shop domain, Shopify customer GID (e.g.
gid://shopify/Customer/12345), request timestamp, and handling status
Shopify sends us a customers/data_request webhook when one of your shoppers requests their data. We are legally required by Shopify's Partner Program and GDPR to log this and respond. We store only the customer GID — no name, email, address, or any other customer detail. Because we hold no customer PII, our response is always: "we hold no personal data for this individual."
3g. Google Analytics 4 Connection (GA4Connection table) — Pro plan only
- Shop domain and connected Google account email (e.g. merchant@gmail.com)
- Encrypted Google OAuth access token and refresh token — stored using AES-256-GCM encryption at rest; never logged or exposed to client-side code
- Selected GA4 property ID and display name
- Token status flag (whether the connection is active or requires reconnection)
This data is only collected when a merchant on the Pro plan explicitly clicks "Connect Google Analytics" and authorises the App via Google's OAuth consent screen. It is used solely to fetch aggregated GA4 engagement metrics (page views, add-to-cart events) per product for ranking purposes. Google OAuth tokens are revoked immediately when the merchant disconnects GA4 or uninstalls the App. All GA4 connection data is permanently deleted on shop/redact.
3h. Timed Pin Schedule (TimedPin table)
- Shop domain, collection ID, product GID, optional pin-from date, optional pin-until date
Stores scheduled pin rules set by the merchant (e.g. "pin this product from Dec 1 to Jan 5"). Contains no customer data. Deleted automatically when expired (24-hour cleanup) and permanently deleted on shop/redact.
3i. Feature Flags and Cron Health (internal only)
- Global on/off flags for app features (e.g. "new_dashboard_v2") — no personal data
- A single-row timestamp recording when the background sync job last ran — no personal data
3j. Temporary Redis Cache
Aggregated order metrics (units sold, revenue, order count — per product, not per customer) are cached in Upstash Redis with a maximum TTL of 23 hours to reduce Shopify API calls. This cache is invalidated immediately when a new paid order arrives. It holds no customer identifiers and expires automatically.
4. What We Do NOT Store
- Customer names, emails, phone numbers, or addresses
- Individual order contents or order IDs
- Payment card or financial details of any kind
- Browsing behaviour, cookies, or tracking data of your shoppers
- Any data from your store's end-customers beyond the legally required customer GID in GDPR request logs
5. How We Use Data
- Rank products in your collections by sales velocity
- Reorder products in Shopify collections to reflect their rank
- Apply or remove the
badge:best-sellerproduct tag - Write ranking metadata to product metafields for storefront display
- Show sync history, trends, and change summaries in your app dashboard
- Manage your subscription, enforce plan limits, and handle billing events
- Respond to legally required GDPR and Shopify data requests
We do not use your data for advertising, profiling, machine learning training, or any purpose outside the App's core functionality.
6. Shopify Webhooks We Handle
| Webhook | What we do with it |
|---|---|
app/uninstalled | Delete OAuth sessions immediately. Deactivate collection configs (48h hold for reinstall recovery). |
orders/paid | Invalidate the Redis order cache so the next sync uses fresh data. The order payload is not stored. |
app/subscriptions_update | Update billing plan status (payment failure → grace period; cancellation → downgrade to free). |
app/scopes_update | Acknowledge scope changes. No data stored. |
customers/data_request | Log the Shopify customer GID and mark request as fulfilled. No customer PII is held so there is nothing to export beyond the GID itself. |
customers/redact | Confirm receipt. No customer PII is held so there is nothing to erase. |
shop/redact | Permanently delete all shop data: configs, snapshots, locks, plan record, GDPR logs, and sessions. |
7. Data Retention
- While installed: all data is retained to operate the service
- On uninstall: OAuth sessions deleted immediately; collection configs and snapshots deactivated (48-hour hold for reinstall recovery)
- 48 hours after uninstall (on
shop/redact): all remaining data is permanently and irreversibly deleted - Redis cache: auto-expires within 23 hours regardless of install status
- Sync snapshots: only the last 30 per collection are kept; older snapshots are deleted automatically on each sync
8. Data Storage and Security
- All data transmitted over HTTPS / TLS — never in plain text
- PostgreSQL database hosted on Railway (GCP infrastructure) with encryption at rest and SSL-enforced connections
- Redis cache hosted on Upstash with TLS in transit
- OAuth access tokens stored server-side only — never exposed to client-side code, browser logs, or URLs
- Admin panel protected by password authentication with brute-force lockout (5 attempts → 15-minute block)
9. Third-Party Sub-processors
Your data is processed only by the following services:
- Railway (railway.app) — application hosting and PostgreSQL database. Data may be stored on GCP servers in the US or EU.
- Upstash (upstash.com) — Redis cache for temporary aggregated order metrics. Data resides in the region closest to our Railway deployment.
- Google LLC (googleapis.com) — only when a merchant on the Pro plan connects Google Analytics 4. We use Google's OAuth 2.0 service to authenticate and Google Analytics Data API / Admin API to fetch aggregated product engagement metrics. Google's privacy policy: policies.google.com/privacy. GA4 data is cached for up to 6 hours in Redis and is never stored in our database.
- Shopify — as required by the Shopify API and Partner Program Agreement
We do not sell, rent, or share your data with any other third party for any purpose.
10. International Data Transfers
Railway and Upstash are US-headquartered companies. Data may be stored or processed outside your country. If you are in the EU/EEA/UK, transfers are covered by Standard Contractual Clauses (SCCs) established by our sub-processors. If you are in other jurisdictions (Middle East, Australia, Canada, Singapore, Brazil, Japan), we process only the minimum data necessary and delete it fully on uninstall.
11. Cookies and Browser Storage
- Session cookies — set by Shopify's OAuth flow to maintain your authenticated admin session. Strictly necessary; cleared when you log out.
- No tracking cookies — we do not use advertising, analytics, or third-party tracking cookies of any kind.
- No tracking pixels — no third-party scripts or pixels are loaded in the app or injected into your storefront.
12. Your Rights as a Merchant (GDPR / CCPA / Other)
Regardless of where you are located, you have the following rights over your store data. Contact us at lab.aspeed@gmail.com to exercise any of them. We respond within 30 days.
- Access — request a copy of all data we hold about your store
- Correction — request that inaccurate data be corrected
- Erasure — request deletion of all your data at any time (or simply uninstall — deletion happens automatically within 48 hours)
- Restriction — request that we limit processing of your data
- Portability — receive your data in a structured, machine-readable format (CSV available from within the app)
- Objection — object to any processing you believe is unlawful
13. Children's Privacy
Best Seller Sync is a business-to-business tool for Shopify merchants. It is not intended for and does not knowingly collect data from individuals under 18 years of age.
14. Changes to This Policy
If we make material changes to this policy (e.g. storing new types of data), we will notify you via the in-app dashboard and update the "Last updated" date above. Minor clarifications will be updated silently. Continued use of the App after notification constitutes acceptance of the revised policy.
15. Contact
Best Seller Sync - Auto Update
Email: lab.aspeed@gmail.com
Response time: within 30 days