Privacy Policy

Last Updated: January 2025

1. Introduction

Subline ("we", "our", or "us") operates the Subline Merchant App for Shopify. This Privacy Policy explains how we collect, use, store, and protect information when you use our application.

By installing and using the Subline Merchant App, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information from Shopify

When you install our app, we receive and store the following information from your Shopify store:

  • Store Information: Your Shopify store domain (e.g., yourstore.myshopify.com)

  • Product Catalog Data: Product titles, descriptions, images, variants, inventory quantities, prices, tags, collections, and vendor information

  • Order Data: Order numbers, dates, totals, subtotals, currency, and refund information for orders attributed to Subline

  • API Access Tokens: Shopify session tokens and Storefront API access tokens required to sync your catalog

2.2 Information We Generate

  • Sync Status: Records of when your catalog was last synchronised

  • Commission Records: Calculated commission amounts based on tracked orders

3. How We Use Your Information

We use the collected information for the following purposes:

  • Product Synchronisation: To sync your product catalog to the Subline mobile application, making your products discoverable to Subline users

  • Order Tracking: To track orders placed through the Subline app for commission calculation

  • Billing: To calculate and invoice monthly commission fees

  • Service Improvement: To maintain and improve the functionality of our application

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored on secure servers hosted by:

  • Railway (application hosting)

  • PostgreSQL databases (with encryption at rest)

4.2 Security Measures

We implement appropriate technical and organisational measures to protect your data, including:

  • Encrypted connections (TLS/SSL) for all data transmission

  • Secure authentication via Shopify OAuth

  • Access controls limiting data access to authorised personnel only

  • Regular security reviews of our infrastructure

5. Data Sharing

5.1 Third-Party Services

We share data with the following third-party services:

ServicePurposeData SharedStripeCommission billingMerchant email, invoice amountsRailwayApplication hostingAll application data (encrypted)Subline BackendProduct discoveryProduct catalog data

5.2 We Do Not

  • Sell your personal data to third parties

  • Share your data for advertising purposes

  • Transfer data to parties not essential to our service

6. Data Retention

  • Product Data: Retained while your app is installed and sync is enabled. Deleted within 48 hours of app uninstallation via Shopify's GDPR webhook.

  • Order Data: Retained for 7 years for accounting and tax compliance purposes.

  • Session Data: Deleted immediately upon app uninstallation.

7. Your Rights

Under UK GDPR and data protection laws, you have the right to:

  • Access: Request a copy of the data we hold about you

  • Rectification: Request correction of inaccurate data

  • Erasure: Request deletion of your data (subject to legal retention requirements)

  • Portability: Request your data in a machine-readable format

  • Object: Object to processing of your data

  • Withdraw Consent: Withdraw consent at any time by uninstalling the app

To exercise any of these rights, contact us at contact@sublineapp.com.

8. Data Deletion

8.1 Uninstalling the App

When you uninstall the Subline Merchant App:

  1. Your Shopify session data is deleted immediately

  2. Product sync is disabled

  3. Within 48 hours, we receive Shopify's data deletion webhook and remove your store data from our systems

8.2 Manual Deletion Request

You may request immediate deletion of your data by contacting contact@sublineapp.com. We will process your request within 30 days.

9. Cookies and Tracking

The Subline Merchant App does not use cookies or tracking technologies. We rely solely on Shopify's session token authentication.

10. Children's Privacy

Our service is intended for business use by merchants. We do not knowingly collect information from children under 16 years of age.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this policy. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: contact@sublineapp.com

Response Time: We aim to respond to all enquiries within 5 business days.

13. Supervisory Authority

If you are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):