Privacy Policy

Heringlehner Software

Managing Director: Nicolas Heringlehner

Dr.-Max-Herold-Str. 37, 91126 Schwabach, Germany

Email: support@heringlehner.com

Website: heringlehner.com

When you install or use the App, we collect and process certain information from Shopify necessary to provide the App.

This may include:

• your shop domain
• Shopify access token and refresh token
• session state
• the Shopify user ID of the logged-in store user
• first name, last name, and email address of the logged-in store user
• locale
• whether the user is the account owner
• whether the user is a collaborator
• whether the user's email is verified
• token expiration date

We store this information in our database only as needed to authenticate your store, maintain the app session, and provide app functionality.

The App stores certain configuration data on Shopify using metafields, including:

• bundle rules
• discount rules
• function configurations
• product metafields such as a "Maximum Discount" value

These configurations are stored on Shopify, not as customer records in our own database.

The App does not collect or store customer personal information such as:

• customer names
• customer email addresses
• customer postal addresses
• payment information

The App also does not store cart contents in its own database.

We do not use analytics, advertising trackers, or similar tracking technologies in the App.

We use collected information only to:

• authenticate merchants through Shopify
• maintain secure app sessions
• provide bundle, discount, validation, payment customization, delivery customization, and related app features
• store and manage app configuration on Shopify
• provide merchant support
• comply with legal obligations and Shopify requirements

When you contact support via the in-app support link, your default email client opens with a pre-filled email to support@heringlehner.com. Your shop domain may be automatically included in the email body for identification purposes. We do not operate a separate ticket database or CRM system for support inquiries.

The App uses Shopify Functions that run on Shopify infrastructure.

These functions may process cart-related data provided directly by Shopify, such as product IDs, variant IDs, quantities, prices, and line attributes, in order to apply app functionality. This data is processed within Shopify's infrastructure. The App itself does not store this cart data in its own database.

The functions do not make external network requests.

We do not sell or rent personal information.

We share information only as necessary with service providers that support operation of the App, including:

• Shopify, to read and write app-related configurations, metafields, and bindings through the Shopify Admin API
• Vercel, which hosts the App and may process technical hosting data such as server logs (see Vercel Privacy Policy). Vercel is a US-based hosting provider; hosting and server log data may therefore be processed in the United States. Vercel's data processing is governed by their privacy policy and Data Processing Agreement.
• Shopify CDN, which may deliver frontend assets such as fonts

We do not use third-party analytics, tracking tools, CRM systems, or external APIs beyond the services listed above.

The App does not use cookies for advertising, analytics, or cross-site tracking.

Any session-related browser behavior is limited to what is required by Shopify's app authentication and embedded app environment.

The App does not use local storage for personal data.

While the App is installed, we retain merchant authentication data (such as access tokens, session state, and user information listed in Section 2) for the duration of the active installation.

If you uninstall the App, we immediately delete the store's session data from our systems upon receiving the app/uninstalled webhook.

If we receive a shop/redact webhook from Shopify, we delete any remaining shop data associated with that store within 48 hours.

The App also responds to Shopify privacy webhooks, including:

• customers/data_request
• customers/redact
• shop/redact
• app/uninstalled
• app/scopes_update

Because the App does not store customer personal data, responses to customer privacy webhooks may indicate that no customer data is held. Shopify requires public apps to implement these compliance webhooks.

Metafields stored on Shopify may remain on Shopify unless removed by the merchant or by Shopify.

We take reasonable technical and organizational measures to protect merchant information.

The App uses Shopify OAuth for authentication. Redirect URLs are restricted to native-bundles.heringlehner.com.

Depending on applicable law, you may have the right to request access to, correction of, or deletion of your personal information.

To make a request, contact us at:

support@heringlehner.com

We may update this Privacy Policy from time to time to reflect changes to the App, legal requirements, or Shopify requirements.

When we make changes, we will post the updated version and revise the "Last updated" date above.

If you have questions about this Privacy Policy, contact us at: