Privacy policy

Last updated: May 9, 2026

AOV Free Shipping Bar Upsell ("the app", "we") is a Shopify app that displays a live free-shipping progress bar on merchant storefronts. This page explains what data we hold, what we do with it, and how merchants and shoppers can have it removed.

What we collect from the merchant's shop

• Shop domain (e.g. your-shop.myshopify.com) and the OAuth access token the merchant grants us during install. We use this to call the Shopify Admin API on the merchant's behalf — to read the shop's currency on first install and (in future paid features) to look up products the merchant has chosen to recommend.
• Campaign configuration the merchant enters in the app admin: goal amount, currency, message copy, position, colors, font size, border radius, visibility flags. This is the minimum needed to render the bar on the storefront.
• Per-day aggregate counters of how many times the bar was shown (views) and how many times the free-shipping goal was reached (goalsReached), keyed on shop, campaign, and UTC date.
• Plan + billing identifiers if the merchant upgrades to a paid plan: which Shopify subscription is active and which charge ID it corresponds to.

What we do NOT collect

• No customer or shopper personal data — no names, emails, IP addresses, user-agent strings, or device fingerprints.
• No cart contents, no order data, no product titles, no SKUs.
• No cookies are set by the storefront bar.
• No third-party trackers or analytics SDKs.
• No data is sold or shared with third parties.

How we use this data

• To render the bar on the merchant's storefront.
• To show the merchant aggregate analytics in the app admin.
• To bill the merchant correctly via the Shopify Billing API.
• To honor merchant requests to delete or export data (see below).

Where data is stored

All app data is stored in a managed PostgreSQL database hosted on Railway, in a single region. Connections use TLS. Backups are retained per the hosting provider's policy.

Data retention & deletion

• When a merchant uninstalls the app, Shopify fires the app/uninstalled webhook. We immediately delete the merchant's stored OAuth session and mark the shop row uninstalled.
• When Shopify fires the shop/redact webhook (typically ~48 hours after uninstall), we mark the shop as redacted. All remaining data tied to the shop — campaigns, analytics counters — is deleted within 30 days of receiving that webhook.
• The two customer-data webhooks customers/data_request and customers/redact are also implemented; because we hold no customer-level data they are effectively no-ops, but we acknowledge them as required by Shopify's compliance program.
• A merchant can also request manual deletion of their shop's data at any time by emailing the contact below.

Children's privacy

The app is a B2B tool for Shopify merchants. It is not directed to children and we do not knowingly collect data from minors.

Changes to this policy

If we update this policy we'll change the date at the top of this page. Material changes will be communicated to active merchants in-app at the next admin login.

Contact

Questions, deletion requests, or privacy concerns: support@stackedboost.com.