Privacy Policy & Terms of Service

1. Data We Collect

We collect only the store-level data that is required to deliver inventory balancing features:

Store Information

• Store domain and Shopify shop ID
• Store locations (names and IDs)
• App installation and trial dates

Inventory Data

• Product names, SKUs, and variant IDs
• Inventory levels at each location
• Collection, vendor, or tag metadata when filters are enabled

Transfer History

• Transfer reference numbers and Shopify transfer IDs
• Source and destination locations
• Product quantities included in each transfer
• Creation timestamps

Usage Metrics

• Number of analyses performed
• Number of transfers created
• Configuration settings and selected filters

We do not collect or store customer personal data. All data points relate to store operations only.

2. How We Use This Data

Store data is processed to help merchants:

• Analyze multi-location inventory levels and detect imbalances
• Generate prioritized transfer proposals with “Why this?” context
• Create draft transfers in Shopify and track transfer history
• Maintain usage metrics, billing status, and operational audit logs

We do not resell or share store data with any third parties. Aggregated analytics may be used internally to improve performance, but no merchant-specific identifiers are exposed outside of secure logs.

3. Data Storage & Retention

The App stores operational data in encrypted databases designed for multi-tenant isolation. Transfer history and analysis events are automatically purged after 30 days, while configuration and usage metrics persist for the duration of your subscription.

• Operational datastore: encrypted records for app configuration, usage metrics, transfer history, and analysis events with 30-day TTL applied to transient data.
• Session storage: Shopify OAuth sessions persisted with TTL-driven expiration and indexed by shop domain to prevent cross-tenant access.
• Monitoring logs: Operational and audit events are logged with strict access controls and retention policies.

Data at rest is protected with managed encryption keys, and access is limited to authorized AisleSpark personnel using role-based controls.

4. Shopify Data Access

The App accesses Shopify data only through authenticated API calls using the following scopes:

• read_products / write_products — variant metafield tracking
• read_inventory / write_inventory — stock levels and future adjustments
• read_locations — list and prioritize store locations
• read_inventory_transfers / write_inventory_transfers — draft transfer creation and status

No customer-level scopes (such as read_orders or customer PII) are requested in this phase.

5. Privacy & Compliance

• GDPR webhooks are implemented in AWS Lambda for data requests, data erasure, and shop uninstalls.
• Upon uninstall, all store-specific data is purged within 48 hours.
• All traffic is encrypted in transit using HTTPS with TLS 1.2 or higher.
• Access to operational data is restricted to authorized AisleSpark team members via IAM.

6. Terms of Service

License and Access

Subject to these terms, AisleSpark grants you a limited, non-exclusive license to use the App within Shopify. You may not reverse engineer, resell, or provide unauthorized access to third parties.

Subscription & Billing

• 30-day free trial followed by the Starter subscription ($15/month or $162/year).
• Billing is handled through Shopify’s Billing API; cancellations take effect at the end of the current billing cycle.

Availability & Support

• We monitor system health via secured operational logs and surface maintenance mode within the app.
• Email support is available at support@aislespark.com.

Limitation of Liability

To the fullest extent permitted by law, AisleSpark is not liable for indirect, incidental, or consequential damages arising from use of the App. You are responsible for verifying transfer recommendations before execution.

7. Contact

For questions about this policy or data handling, contact privacy@aislespark.com. For support inquiries, email support@aislespark.com.