Privacy Policy - Stockroom Runner

Overview

Stockroom Runner is committed to protecting merchant privacy and maintaining minimal data retention periods to ensure optimal app performance while respecting data privacy rights.

Data Types and Retention Periods

1. Store and Order Data

• What we collect: Store information, order line item details, product inventory data, and user interactions (check statuses)
• What we do not store: Any customer data
• Retention period: 60 days maximum from order creation date
• Reason: Our app only provides functionality for orders up to 60 days old. Data older than 60 days is automatically deleted as it serves no functional purpose
• Automatic deletion: Yes, daily cleanup removes data older than 60 days

2. Store Data After Uninstallation

• Retention period: 30 days after app uninstallation
• Reason: Grace period allows merchants to reinstall the app without losing their configuration and recent data
• What happens after 30 days: All store data is permanently deleted
• Manual deletion: Available immediately upon request via GDPR webhooks

3. Session Data

• What we collect: Authentication tokens, user preferences, app session information
• Retention period: Until session expires or store uninstalls app
• Purpose: Maintain app functionality and user authentication

Automatic Data Cleanup

Daily Cleanup Process

• Frequency: Automated daily at 2:00 AM UTC
• Order data cleanup: Removes all retained order data older than 60 days
• Store data cleanup: Removes all retained data of stores uninstalled more than 30 days ago
• Logging: All cleanup activities are logged for compliance tracking

Data Access and Portability

Merchant Rights

• Data export: Available upon request through GDPR compliance endpoints
• Immediate deletion: Available at any time via app uninstallation
• Data portability: All merchant data can be exported in structured JSON format

What Data is Included in Exports

• Store configuration and settings
• Order history and inventory tracking data
• User-created check statuses
• App usage timestamps and preferences

GDPR Compliance

Automatic Compliance

• Right to access: Automated data export via webhook endpoints
• Right to erasure: Immediate deletion via uninstallation or scheduled deletion
• Data minimization: Only collect data necessary for app functionality
• Storage limitation: Automatic deletion ensures minimal data retention

Response Times

• Data export requests: Processed immediately via webhook
• Data deletion requests: Processed immediately via webhook
• Uninstallation cleanup: 30-day grace period, then permanent deletion

Data Security During Retention

Storage Security

• All data encrypted in transit and at rest
• Access limited to essential app functionality
• Regular security audits and monitoring
• Compliance with Shopify's security requirements

Geographic Storage

• Data stored in secure cloud infrastructure
• Compliance with applicable data protection regulations
• No international data transfers without appropriate safeguards

Contact Information

For questions about this data retention policy or to exercise your data rights, please contact us through our contact form.

Policy Updates

This policy may be updated periodically to reflect changes in our data practices or legal requirements. Material changes will be communicated through appropriate channels.

Last updated: January 7, 2026
Effective date: January 7, 2026