Privacy Policy

Last updated: April 9, 2026

Rulefy ("we", "our", "the app") is a Shopify app that provides merchants with a rules engine for cart validation, product discounts, and payment customization. This policy explains what data we collect and how we handle it.

1. Data We Collect

Rulefy collects and stores the following data when a merchant installs and uses the app:

• Shop information — Your Shopify store domain (e.g. your-store.myshopify.com) and the authentication session required to operate the app.
• Rule configuration — The rules, conditions, tier groups, and templates you create within the app. These contain merchant-defined values such as customer tag names, collection references, discount percentages, and error message text.
• Subscription status — Your current billing plan, detected via Shopify's subscription API, cached locally for plan enforcement.

2. Data We Do NOT Collect

• We do not store customer personal information (names, emails, addresses, payment details).
• We do not store order contents or transaction data.
• We do not track customer browsing behavior or use cookies for analytics.
• Customer tags referenced in rules are free-text labels defined by the merchant, not personal data.

3. How We Use Your Data

Rule configuration is stored in our database and synced to Shopify metafields so that Shopify Functions can read it at checkout runtime. We do not sell, share, or use your data for any purpose other than operating the app.

4. Data Storage & Security

Data is stored in a PostgreSQL database hosted on secure infrastructure. Communication between the app and Shopify uses HTTPS. Authentication is handled by Shopify's OAuth flow — we do not store your Shopify password.

5. Data Retention & Deletion

When you uninstall Rulefy, all your data (rules, templates, settings, sessions) is deleted immediately. Shopify also sends a shop redaction request 48 hours after uninstall as a safety net, which triggers a second full deletion pass.

If you need your data deleted while the app is still installed, contact us and we will process your request within 30 days.

6. GDPR & Data Subject Requests

Rulefy supports Shopify's mandatory GDPR webhooks:

• Customer data request — We confirm that no customer personal data is stored.
• Customer redaction — We confirm that no customer personal data needs to be deleted.
• Shop redaction — All shop data is permanently deleted.

7. Third-Party Services

Rulefy interacts only with the Shopify API. We do not send your data to any other third-party service, analytics platform, or advertising network.

8. Changes to This Policy

We may update this policy as the app evolves. Material changes will be communicated through the app or via the Shopify app listing.

9. Contact

If you have questions about this privacy policy or want to request data deletion, contact us at: support@rulefy.io