Privacy Policy

OrdersMerge ("we", "our", or "us") operates the OrdersMerge Shopify application and this website at orders-merge.igurix.tech. This Privacy Policy explains how we collect, use, disclose, and safeguard information when merchants install and use our app.

1. Information we collect

• Shopify store domain, OAuth session data, and staff profile information provided by Shopify during authentication.
• Order and customer data accessed through Shopify APIs to detect merge candidates (such as customer ID, email, shipping address, order status, and line items).
• App configuration data including matching rules, detection windows, notification preferences, and optional tag settings.
• Consolidation group records, candidate scan results, customer requests, usage metrics, and workflow status created inside OrdersMerge.
• Support messages submitted through our on-site chat widget or email.
• Technical logs including webhook delivery records, error logs, and security events.

2. How we use information

• Provide order consolidation workflows, packing slips, CSV exports, and savings estimates.
• Authenticate merchants and secure API access to Shopify.
• Track plan usage and billing-related group counts when billing is enabled.
• Respond to support requests and legal obligations.
• Improve reliability, security, and product performance.

3. What we do not do

OrdersMerge does not replace Shopify as the system of record for orders. We do not natively merge Shopify orders through a Shopify merge API. We do not sell merchant or customer personal information.

4. Cookies and similar technologies

The embedded Shopify admin experience may use cookies and session storage managed by Shopify App Bridge. Our marketing site may use browser storage for support chat sessions. We do not use advertising cookies on this site.

5. Third-party services

• Shopify platform APIs, billing, and webhooks.
• Hosting and infrastructure providers used to operate the app.
• Database services used to store app sessions and workflow data.

6. GDPR and data subject rights

We comply with Shopify mandatory GDPR webhooks including customers/data_request, customers/redact, and shop/redact. When we receive a valid request, we delete or anonymize associated app data within a reasonable period, subject to legal retention requirements. When a shop uninstalls the app or a shop/redact webhook is received, we delete associated sessions, settings, groups, and related workflow records from our systems.

7. Data retention

Merchant session and workflow data is retained while the app remains installed. Data is deleted upon app uninstall or receipt of a valid shop/redact webhook, unless a longer retention period is required by law.

8. Security

We use industry-standard measures to protect data in transit and at rest, including HTTPS, access controls, and secure credential storage.

9. Contact

For privacy questions or data requests, contact us at support@igurix.tech or through OrdersMerge Support.