Privacy Policy

How PS: Checkout Rules handles your data, in plain language.

Last updated: 8 June 2026 Version 1.1

PS: Checkout Rules is built by Partners Studio (nikita@partnersstudio.co). This page describes what data the app collects from your Shopify store and how it is used. The short version: we store the minimum needed to run your rules, and we never store your customers' personal information.

1. What we collect

When you install PS: Checkout Rules, we store the minimum data needed to operate the app:

Data	Why we store it	Where
Your shop's `myshopify.com` domain	Identify your account	Our database
Your Shopify access token (encrypted)	Make Shopify API calls on your behalf	Our database
Your selected plan (Free / Pro)	Apply correct feature gating	Our database
Your rule configurations	Run the rules at checkout	Stored as Shopify metafields on your store
Blocked-checkout events (rule triggered, country code, anonymized cart total, timestamp)	Power the blocked-orders log and savings dashboard	Our database, 90-day retention
Survey responses you collect via the thank-you page	Show them in-app and write to the order's Additional Details metafield	Order metafields on your Shopify store

Protected customer data we process

To enforce your checkout rules, the App reads the customer's shipping address at checkout (a Shopify "protected customer data" field). It is used only to detect and block undeliverable PO Box addresses and restricted countries or regions you have configured, and to record that a checkout was blocked.

The address is evaluated transiently in the moment of checkout and is never stored. For a blocked checkout we keep only the rule type, country code, anonymized cart total, and timestamp.

We do not store:

Customer names
Customer email addresses
Customer shipping or billing addresses
Customer payment details
Customer phone numbers
Any other personally identifiable information (PII)

The only data we record for a blocked checkout is the rule type, country code, and anonymized cart total, used to compute aggregate savings and rule effectiveness. No customer can be re-identified from this data.

2. What we do with it

We use the data above solely to:

Operate the app (apply your rules, render your banners, run your survey)
Show you analytics about how your rules are performing
Enforce billing and plan limits
Respond to your support requests

We do not:

Sell or share your data with third parties
Use your data to train AI models
Send marketing email to your customers
Track customers across stores or sessions
Use any third-party advertising or analytics SDKs

3. Where it lives

Your data is stored in a PostgreSQL database hosted by Fly.io in Frankfurt, Germany (EU region). The app server is also hosted by Fly.io in Frankfurt.

Some operational data (Shopify API responses, error logs) passes through Shopify's infrastructure as part of normal API operation.

4. Customer data requests (GDPR)

Shopify forwards three privacy webhooks to every app installed on your store:

customers/data_request: When a customer asks Shopify for all their data, Shopify asks us to provide whatever we hold about that customer. Because we store no personally identifiable customer data, our response is always an empty payload.
customers/redact: When a customer asks Shopify to delete their data, Shopify asks us to do the same. Because we store no customer PII, this is a no-op.
shop/redact: When a merchant uninstalls the app and Shopify finalizes deletion (48 hours later), Shopify asks us to delete everything for that shop. We delete every Shop, Plan, BlockedEvent, and SurveyResponse row associated with that shop's domain.

These endpoints respond with HTTP 200 OK and the deletion in shop/redact happens well within the window required by Shopify's Privacy Compliance program.

5. Data retention

What	How long
Shop record + access token	While the app is installed
Plan record	While the app is installed
Rule configurations	Stored as Shopify metafields, owned by you, retained per Shopify's policy
Blocked-order events	90 days, then automatic deletion via scheduled cleanup
Survey responses	Until the related order is deleted in Shopify, or you ask us to delete them
App access logs	30 days for security audit, then deletion

When you uninstall the app, we receive an app/uninstalled webhook and immediately delete your access token. The remaining shop data is purged when Shopify sends the shop/redact webhook 48 hours later.

You can also request manual deletion of all your data at any time by emailing nikita@partnersstudio.co.

6. Sub-processors

Vendor	Role	Region
Fly.io	App server + database hosting	Frankfurt, Germany (EU)
Shopify	The platform the app runs on; all API traffic	Global

We do not use third-party analytics, advertising, error monitoring, customer messaging, or AI providers.

7. Your rights

If you are a merchant using PS: Checkout Rules, you can request a full export or deletion of all data we hold about your shop, or ask any question about how your data is processed. Email nikita@partnersstudio.co, and we reply within 24 hours.

If you are a customer of a store that uses PS: Checkout Rules, the merchant is the data controller. Direct your requests to that merchant; Shopify's privacy webhooks will forward them to us automatically.

8. Changes to this policy

Material changes to this policy will be announced via an in-app banner on the app's Dashboard and an email to the merchant contact email on file.

9. Contact

Partners Studio
Email: nikita@partnersstudio.co
Response time: Within 24 hours, every business day

PS: Checkout Rules by Partners Studio · nikita@partnersstudio.co