ShopRail Docs

Privacy Policy

Last updated: 4 March 2026

1. Who We Are

ShopRail ("we", "our", "us") provides Shopify automation apps — Auto-Tagger, Discount Scheduler, and Stock Alerts — available on the Shopify App Store. Our registered contact address is hello@shoprail.io.

We act as a data processor on behalf of Shopify merchants (you, the "merchant"), who are the data controllers for their customers' personal data. We process that data only as necessary to provide our services.

2. What Data We Collect

Data accessed via the Shopify API

When you install a ShopRail app, we request only the Shopify API scopes required for that app to function:

  • Auto-Tagger: Read and write access to orders, customers, and products — to evaluate tagging rules and apply tags.
  • Discount Scheduler: Read and write access to products and price rules — to update prices and manage discount codes on schedule.
  • Stock Alerts: Read access to inventory levels and products — to monitor stock and trigger alert notifications.

This data includes order details, customer names and email addresses, product information, and inventory quantities. We do not access payment card data.

Account and billing data

Billing is handled entirely through Shopify's billing system. We do not store or process payment card details. We receive confirmation of subscription status from Shopify's API.

Notification channel data

For Stock Alerts, if you configure email notifications, we store the email addresses you provide. If you configure Slack or Discord notifications, we store the webhook URLs you provide.

Technical and usage data

We collect standard server logs (IP addresses, timestamps, request paths) for security and debugging purposes. We do not use third-party analytics trackers on our app UI.

3. How We Use Your Data

We use the data we access solely to provide the ShopRail services you have installed:

  • Evaluating tagging rules and writing tags to orders, customers, and products
  • Updating product prices and managing discount codes per your schedules
  • Monitoring inventory levels and sending alert notifications to your configured channels
  • Managing your subscription status and enforcing free-tier limits
  • Responding to support requests

We do not sell your data, your customers' data, or any data derived from it to third parties.

We do not use merchant or customer data for advertising, profiling, or any purpose unrelated to operating the ShopRail service you have installed.

4. Legal Basis for Processing (GDPR)

For merchants in the UK and European Economic Area, our legal bases are:

  • Contract performance — processing necessary to deliver the service you have subscribed to.
  • Legitimate interests — maintaining security logs and preventing fraud.
  • Legal obligation — retaining records as required by applicable law.

5. Data Sharing and Third Parties

We do not sell or rent data to any third party. We share data only in the following limited circumstances:

  • Shopify — our apps operate on Shopify's platform. Data flows through Shopify's API in accordance with Shopify's Privacy Policy.
  • Hosting infrastructure — our application runs on cloud infrastructure providers. Data is processed within the EU/UK or under appropriate transfer safeguards.
  • Legal compliance — we may disclose data if required by law or to protect our legal rights.

6. Data Retention

We retain your data for as long as your ShopRail subscription is active. When you uninstall a ShopRail app:

  • We stop accessing your Shopify store data immediately.
  • Configuration data (rules, schedules, alert settings) is deleted within 30 days.
  • Server logs are retained for up to 90 days for security purposes.

You may request earlier deletion by contacting us at hello@shoprail.io.

7. Your Rights Under GDPR

If you are based in the UK or EEA, you have the following rights regarding personal data we hold about you:

  • Right of access — request a copy of the data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request deletion of your data ("right to be forgotten").
  • Right to restriction — request that we limit processing of your data.
  • Right to data portability — receive your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interests.

To exercise any of these rights, contact us at hello@shoprail.io. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

ShopRail's app UI runs inside the Shopify admin and does not set first-party cookies. This marketing website (shoprail.io) uses only essential cookies required for site functionality. We do not use advertising cookies or third-party tracking cookies.

9. Data Security

We use HTTPS for all data in transit. Access to production systems and customer data is restricted to authorised personnel. We follow Shopify's Partner Programme security requirements and conduct regular reviews of our data handling practices.

10. Children's Privacy

ShopRail is a business-to-business service intended for Shopify merchants. We do not knowingly collect personal data from individuals under the age of 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via the ShopRail app dashboard or by email. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

For any privacy-related questions or requests, contact us at:
hello@shoprail.io