1. Overview
This Privacy Policy explains how Banify Apps ("we," "us," "our") collects, uses, stores, and protects information when you use BA Low Stock Countdown Stock Alert (the "App"), a Shopify app that displays low-stock and urgency messages on product pages.
Who this applies to:
- Merchants โ store owners and staff who install and configure the App in Shopify Admin
- Store visitors โ people who browse a merchant's storefront where the theme app extension runs
By installing or using the App, merchants agree to this policy. Merchants are responsible for their own customer-facing privacy notices on their storefront.
2. Who We Are
Data controller (for merchant/account data processed by us):
Company: Banify Apps
Website: banifyapps.io
Privacy & data requests: [email protected]
Support: [email protected]
EU/UK representative: Banify Apps does not currently maintain a separate EU/UK representative under GDPR Article 27. For GDPR-related inquiries, contact [email protected].
We process end-customer data only in limited, technical form (see Section 3) and do not build customer profiles.
3. Data We Collect
3.1 Merchant & Shop Data
| Data Type | Examples | Source |
|---|---|---|
| Shop identity | Shop domain, Shopify shop ID, shop name | Shopify Admin API / install |
| Contact & profile | Shop email, contact email, country, currency, timezone, plan | Shopify Admin API |
| Authentication | OAuth access/refresh tokens, session IDs, scopes | Shopify OAuth |
| Staff session (if online login) | Staff user ID, name, email, locale | Shopify session |
| App settings | Thresholds, messages, colors, layout, product/collection targets, device rules | You, in the App admin |
| Support | Messages and email you provide via in-app chat | You, via Crisp |
3.2 End-Customer (Storefront Visitor) Data
| Data Type | Examples | Collected? |
|---|---|---|
| Identity | Name, email, phone, address | No โ not collected by us |
| Order / payment data | Orders, carts, payment details | No |
| Technical request data | Product ID, variant ID, device type, country/market (if sent) | Yes โ only to show/hide the widget and fetch stock display |
| Browsing profiles | Cross-site tracking, ad profiles | No |
4. How We Use Data
We use data only for App functionality related to stock countdown and low-stock messaging:
| Purpose | Data Used |
|---|---|
| Install & operate the App | Shop domain, OAuth tokens, session data |
| Sync shop profile | Shop name, email, plan, timezone, etc. |
| Save your widget configuration | Thresholds, copy, styling, targeting rules |
| Show stock messages on the storefront | Product/variant IDs, inventory (via Shopify), your settings |
| Product scope & targeting | Product/collection IDs you select |
| Optional urgency display | Inventory counts; optional offset if you enable "fake urgency" |
| Security & reliability | Logs, error diagnostics, abuse prevention |
| Merchant support | Shop contact email and chat messages (Crisp) |
We do not use data for:
- Email capture popups, discount codes, or exit-intent overlays
- Spin wheels, SMS marketing, or third-party email lists
- Selling personal information
Analytics: In-app analytics is not active today ("coming soon"). We do not send storefront visitor data to analytics vendors.
5. Data Sharing
| Rule | Detail |
|---|---|
| We do not sell personal information | Ever |
| We do not share for cross-context behavioral advertising | Not applicable for this App |
| Service providers | Hosting, database, and support tools that process data on our instructions |
| Shopify | Required to host, authenticate, and deliver the App |
| Legal | If required by law, court order, or to protect rights and security |
| Business transfer | In a merger/acquisition, with notice where required |
We require processors to use data only to provide services to us and to protect it appropriately.
6. Third-Party Integrations
| Provider | Role | Privacy Link |
|---|---|---|
| Shopify | App platform, OAuth, Admin API, storefront | shopify.com/legal/privacy |
| Crisp | In-app merchant support chat (admin only) | crisp.chat/en/privacy |
| Cloud hosting provider | App & database hosting | Per our hosting provider's published privacy policy |
Not integrated: Klaviyo, Mailchimp, Shopify Email, SMS providers, or advertising pixels for this App.
Merchants choose whether to enable the theme app extension on their store; that runs in the merchant's Shopify storefront context.
7. Cookies & Tracking
| Type | Where | Purpose |
|---|---|---|
| Session / auth cookies | Shopify embedded admin (App home) | Keep you logged in via Shopify |
| Crisp cookies | Admin App (if you open support chat) | Chat session and support functionality |
| Storefront widget | Customer product pages | API calls with product/variant IDs; no marketing cookies set by us for visitors |
| Analytics pixels | โ | None deployed by this App today |
We do not use third-party advertising or retargeting pixels in the App or storefront extension.
8. Data Retention
| Data Type | Retention |
|---|---|
| Shop profile & widget settings | While App is installed |
| OAuth / session tokens | While App is installed; removed on uninstall |
| Storefront API logs (if any) | Up to 90 days, or only as needed for security and reliability |
| Support chat (Crisp) | Per Crisp's retention settings and our support policies |
| After uninstall | Shop marked uninstalled; sessions deleted promptly |
| After shop/redact webhook | Shop and related records deleted from our database |
We respond to Shopify mandatory privacy webhooks, including shop data deletion on shop/redact.
9. GDPR Rights (EU/UK)
If you are in the EEA or UK, you may have the right to:
- Access โ copy of personal data we hold about you
- Rectification โ correct inaccurate data
- Erasure โ delete data where applicable
- Restriction โ limit processing in certain cases
- Portability โ receive data in a structured format (where applicable)
- Object โ object to processing based on legitimate interests
- Withdraw consent โ where processing is consent-based
- Complain โ to your supervisory authority
Legal Bases (Merchants)
| Processing | Legal Basis |
|---|---|
| Providing the App (contract) | Performance of contract / steps at your request |
| Security, fraud prevention | Legitimate interests |
| Compliance (e.g. tax, legal requests) | Legal obligation |
| Support chat (if you contact us) | Legitimate interests / contract |
End-customers: We do not hold customer account data. Merchants should handle customer requests for data held in their Shopify store.
Contact for GDPR requests: [email protected]
10. CCPA Rights (California)
If you are a California resident (merchant contact person), you may have the right to:
- Know what personal information we collect and how we use it
- Delete personal information we hold (subject to exceptions)
- Correct inaccurate personal information
- Opt out of sale/sharing โ we do not sell or share personal information for cross-context behavioral advertising
Categories collected (merchants): identifiers (name, email), commercial information (shop/plan), internet activity (App usage logs if collected).
To exercise rights: [email protected]. We will verify requests as required by law.
11. Children's Privacy
The App is for merchants and is not directed at children. We do not knowingly collect personal information from anyone under 16 (or 13 where applicable). If you believe we have collected such data, contact us and we will delete it.
12. Data Security
We use reasonable safeguards, including:
- TLS/HTTPS for data in transit
- Access controls limiting production access to authorized personnel
- Encrypted credentials for Shopify tokens stored in our database
- Vendor security requirements for subprocessors
No system is 100% secure. Report concerns to [email protected].
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do:
- We will post the new version with an updated "Last updated" date
- For material changes, we may notify merchants via the App or email where appropriate
Continued use after the effective date means you accept the updated policy.
14. Contact Us
Company: Banify Apps
Privacy / data requests: [email protected]
Support: [email protected]
Website: banifyapps.io
Response time: We aim to respond within 5โ10 business days.