Privacy Policy

Last updated:

This Privacy Policy describes how OrderPing ("we", "us", or "our") collects, uses, shares, retains, and protects information — including protected customer data from your Shopify orders — when you install and use the OrderPing app on your Shopify store.

1. Who We Are

OrderPing is a Shopify app that listens to new orders in your store and delivers real-time alerts to your team via email and Slack based on the notification rules you configure. OrderPing is operated by SellEazyy.

For privacy-related questions or data requests, contact us at: [email protected]

2. What Information We Collect

From your Shopify store (via Shopify Admin API and webhooks):

  • Your store domain (e.g., yourstore.myshopify.com) and shop ID
  • OAuth access token (used to authenticate API requests on your behalf)
  • Product and variant data: product titles, variant titles, SKUs, vendor, product type (for rule matching and alert rendering)
  • Store location names and IDs
  • Order data (via the orders/create webhook):
    • Order identifiers: order ID, order number, created timestamp, total price, currency, financial status, fulfillment status, tags
    • Line items: product title, variant title, SKU, quantity, unit price
    • Customer fields (protected customer data): first name, last name, email address, phone number, billing address, shipping address

From you directly (merchant configuration):

  • Recipient email addresses for alerts
  • Slack webhook URL (if you enable Slack alerts)
  • Notification rules, filters, cooldown periods, and routing preferences

Automatically generated:

  • Notification logs: records of when alerts were triggered, which order, which rule matched, which channel was used, and delivery status
  • Billing plan and subscription status (via Shopify billing)
  • Technical error context captured by our error-tracking system (with personal data scrubbed — see §4)

What we do NOT collect:

  • Payment card numbers, CVV, or other payment credentials (payments are handled entirely by Shopify)
  • Your customers' browsing behavior, session data, or device identifiers
  • Any Shopify data beyond the scopes you approved at install (read_orders, read_products, read_locations)

3. How We Use Your Information

We use the information we collect solely to operate the alerting functionality you installed the app for. Specifically:

  • Evaluate incoming orders against the notification rules you configured
  • Render alert content (order summary, line items, customer name / address / contact as requested in your alert template) and deliver it to your configured recipients via email and/or Slack
  • Display a notification log and order history inside the OrderPing embedded admin app so you can audit what was sent
  • Process your OrderPing subscription billing via Shopify's billing API
  • Respond to your support requests
  • Comply with legal obligations

We do not use order or customer data for: analytics, profiling, behavioral advertising, resale, training AI or machine-learning models, or any purpose other than delivering the alerts you configured. Processing is strictly limited to these stated purposes.

4. How We Share Your Information

We do not sell personal data. We do not share personal data with advertising networks or data brokers. We share data only with the subprocessors required to operate the app:

Shopify (source of data)

Your store data is accessed via the Shopify Admin API under the OAuth scopes you approved at installation. Shopify's privacy policy governs the data you share with Shopify directly.
Privacy policy: shopify.com/legal/privacy

Email delivery (SMTP provider)

Alert emails are sent to the recipient addresses you configure via a transactional email provider (Amazon SES or equivalent). Only the alert content (which may include the order and customer fields your template includes) and your configured recipient addresses are transmitted.

Slack (optional)

If you configure a Slack webhook, we send alert messages containing the alert content you configured to that webhook URL. No additional data is shared with Slack beyond the alert body.
Privacy policy: slack.com/privacy-policy

Error tracking (GlitchTip / Sentry-compatible)

Technical errors are logged to our self-hosted error-tracking service to help us diagnose bugs and reliability issues. We actively scrub personal data (names, emails, phone numbers, addresses) before events are sent; only technical context (stack traces, request IDs, error messages) is retained.

Infrastructure

The OrderPing backend runs on our self-managed infrastructure (Dokploy). A Redis queue holds alert jobs ephemerally (cleared on completion, TTL on failure — see §6), and a managed Postgres database stores persistent records (subscriptions, rules, notification logs, session tokens). All infrastructure access is restricted and logged.

Cloudflare R2 (object storage for data-access exports)

When Shopify forwards a customers/data_request webhook, OrderPing generates a JSON export of the customer data we hold and stores it in a private Cloudflare R2 bucket scoped to this app. The bucket is not publicly accessible — merchants download exports through time-limited pre-signed URLs issued inside the authenticated OrderPing admin. Export files are automatically deleted after 30 days (see §6).
Privacy policy: cloudflare.com/privacypolicy

We may also disclose information if required by law, legal process, or to protect our legal rights.

5. Protected Customer Data (Shopify)

OrderPing is classified as a Shopify Level 2 app under the Shopify protected customer data requirements, because it processes the following protected customer fields received through the orders/create webhook:

  • Name — rendered in the alert body across email, Slack, and push so merchants can identify the customer behind an order at a glance
  • Email address — rendered next to the customer's name in email alerts so merchants can reply directly from the alert
  • Phone number — received as part of the order webhook and available only as an optional rule-condition field merchants can filter on (e.g., match orders where the customer phone equals or contains a value); it is not rendered in outbound alert content
  • Billing address — received as part of the order webhook and exposed only as rule-condition fields merchants can filter on (billing country, city, province, zip), typically for fraud or high-value-order rules; it is not rendered in outbound alert content
  • Shipping address — used both as rule-condition fields merchants can filter on (shipping country, city, province, zip, method) and, in alert content, as a coarse city / province / country line so merchants can see where the order is heading; street address and recipient phone are never rendered

Data-minimization commitments:

  • Only orders created after installation are processed. We do not perform historical bulk reads of your customer list.
  • We only access customer data that arrives through order webhooks — we do not use the Customer Account API or customer-lookup endpoints.
  • Customer fields are only included in outbound alert content when your alert template references them.
  • No customer data is shared with third parties outside the subprocessors listed in §4.
  • We apply strict retention periods (see §6) so that protected data is not kept longer than necessary.
  • Data is encrypted in transit (TLS) and at rest. Staff access is limited and logged.

How we fulfill data-subject requests:

Shopify's three mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact) are processed automatically by OrderPing — no manual intervention is required from the merchant or from our team. Each incoming webhook is verified via HMAC signature before any data is read, then handled as follows:

  • customers/data_request — we query every notification-log record we hold for the specified customer, package it into a signed JSON export, upload it to a private Cloudflare R2 bucket, and surface it to the merchant inside the OrderPing admin under Settings → Privacy & Data Requests. Downloads use short-lived pre-signed URLs; no public URLs are ever issued. Exports are retained for 30 days and then automatically deleted.
  • customers/redact — on receipt of the webhook, every matching notification-log row in our database is scrubbed: the customer's name and email columns are nulled, and the raw order webhook payload retained alongside the row (which holds shipping address, billing address, phone, and nested customer fields) is permanently cleared. Aggregate, non-identifying metadata (rule name, channel delivery statuses, timestamps) is retained so the merchant's delivery history stays intact. Because the raw payload is removed, redacted notifications can no longer be retried — this is by design.
  • shop/redact — all stored exports for the shop are deleted from Cloudflare R2, and every record tied to the shop (rules, conditions, notification logs, processed-webhook markers, sessions, shop row) is hard-deleted from our database. Active sessions are invalidated immediately to prevent re-authentication during the redact window.

6. Data Retention

We retain personal data only for as long as necessary to operate the service:

  • Notification logs (including the order and customer fields referenced in the alert): 90 days, then automatically purged.
  • Alert queue jobs (in Redis): cleared on successful delivery; failed jobs retained up to 7 days for retry and debugging, then removed.
  • Merchant configuration (rules, recipients, billing status): retained while the app is installed.
  • On uninstall: your shop is marked uninstalled. You may request immediate full deletion by emailing [email protected].

We honor Shopify's mandatory GDPR compliance webhooks in line with Shopify's 30-day deadline, and our implementation responds automatically — typically within minutes of Shopify dispatching the webhook:

  • customers/data_request — a JSON export of the customer data we hold is generated on receipt and made available to the merchant inside the OrderPing admin (see §5). Exports are retained in Cloudflare R2 for 30 days, after which they are automatically deleted.
  • customers/redact — on receipt, personal identifier columns (name, email) are nulled on matching notification-log records and the raw order payload stored alongside each row (containing shipping/billing address, phone, and nested customer fields) is permanently cleared.
  • shop/redact — all shop data, including any stored exports, is permanently deleted on receipt of the webhook (which Shopify dispatches 48 hours after uninstall).

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about your store.
  • Correction: Request that we correct inaccurate data.
  • Deletion: Request that we delete your data.
  • Portability: Request your data in a portable format.
  • Objection: Object to how we process your data.

To exercise any of these rights, email [email protected].

For store customers (end customers of the merchant): OrderPing processes order data on behalf of the merchant — the merchant is the controller for their customer data, and Shopify is the customer-facing platform. End-customer rights requests should be directed to the merchant, who can forward them to us via the Shopify customers/data_request webhook or by emailing the address above.

For EU/UK merchants (GDPR): We process your data on the legal basis of contract performance (to provide the app service you installed) and legitimate interests (to maintain security and reliability). Customer personal data is processed as a data processor on your behalf.

For California merchants (CCPA/CPRA): We do not sell personal information and we do not share personal information for cross-context behavioral advertising. You have the right to know what data we collect and to request deletion.

8. Data Security

We follow industry-standard practices to protect your data:

  • All network traffic is encrypted in transit (HTTPS/TLS only — HTTP is not accepted)
  • All data at rest in our database and backups is encrypted
  • OAuth access tokens are stored encrypted and are not logged
  • Incoming Shopify webhooks are verified via HMAC signatures before any data is read or persisted
  • Customer data-access exports are stored in a private Cloudflare R2 bucket. The bucket is not publicly accessible, API credentials are scoped to this single bucket, and downloads are issued only via time-limited pre-signed URLs generated inside the authenticated OrderPing admin
  • An hourly cleanup job permanently deletes export files from Cloudflare R2 thirty days after generation
  • Infrastructure access follows least-privilege IAM and requires strong authentication
  • Staff access to production data is limited to personnel who require it, and is logged
  • Test and production environments are separated — production data never flows into development or staging
  • We maintain a security incident response process and will notify affected merchants without undue delay in the event of a data breach

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy at this URL with a revised "Last updated" date. Material changes affecting how we process protected customer data will be communicated to merchants in advance where practicable. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact

For privacy questions, data requests, or security concerns:

Email: [email protected]
Website: selleazyy.com/orderping

Back to OrderPing