StoreCred

Privacy Policy

Last updated: [DATE] — draft, have a lawyer review before publishing.

StoreCred ("we", "us") provides a Shopify app that automates store credit issuance for merchants. This policy explains what data we process and why.

Data we access

When a merchant installs StoreCred, we request the following Shopify access scopes:

Data we store

We keep a local record of each store credit transaction we issue (shop, customer reference, amount, trigger event, timestamp) so merchants can see why a customer's balance is what it is, and so we don't double-issue credit on a redelivered webhook. Shopify's own store credit ledger remains the source of truth for actual balances. We do not store payment card details — all payment and billing is handled by Shopify.

Data we send

If a merchant enables reminder emails, we send transactional email (via [Resend/Postmark]) to the customer's email address on file, limited to: credit issued notifications and credit expiry reminders.

GDPR / CCPA compliance

We implement Shopify's mandatory privacy webhooks:

Data retention

We retain transaction logs for as long as the app is installed, plus the redaction windows above after uninstall or a redaction request.

Third parties

We use the following subprocessors: Shopify (platform, billing), [Resend/Postmark] (transactional email), [Sentry] (error monitoring — no customer PII sent), [VPS provider] (hosting).

Contact

Questions about this policy or a data request: support@getstorecred.com.