Privacy Policy | OrderRules

OrderRules is a Shopify application developed and operated by eFoli. This Privacy Policy explains how we collect, use, and protect your information when you use our app.

1. Information We Collect

When you install and use OrderRules, we collect the following types of information:

Store information: Your Shopify store domain, store name, shop owner name, email address, and timezone.
Order data: Order counts, order timestamps, and order status (to enforce your capacity limits). We do not store individual customer payment details.
Customer identifiers: Hashed customer email addresses or Shopify customer IDs, used solely to enforce per-customer order limits you configure.
App configuration: The rules, limits, schedules, and settings you configure within OrderRules.
Usage analytics: Aggregate data about how features are used, to help us improve the app. No personally identifiable information is included.

2. How We Use Your Information

We use the information we collect exclusively to provide and improve the OrderRules service:

Enforcing the order limits, store hours, and customer rules you configure
Displaying your dashboard, analytics, and reports within the app
Sending email notifications you opt into (capacity alerts, daily summaries)
Providing customer support when you contact us
Improving app performance and fixing bugs

We do not sell, rent, or trade your data to third parties. We do not use your store or customer data for advertising.

3. Data Storage & Security

Your data is stored on secure servers hosted on Vercel with PostgreSQL databases. We implement industry-standard security measures including:

Encrypted connections (HTTPS/TLS) for all data in transit
Encrypted storage for sensitive configuration data
Access controls limiting data access to authorised personnel only
Regular security reviews of our codebase and infrastructure

We retain your data for as long as your OrderRules subscription is active. When you uninstall the app, we delete your store data within 30 days unless retention is required by law.

4. Third-Party Services

OrderRules integrates with the following third-party services to operate:

Shopify: We access your store via Shopify's official API under their Partner Program terms.
Resend: We use Resend to send transactional email notifications. Only your configured notification email address is shared.
Vercel: Our application is hosted on Vercel.

5. Customer Data (Your Shopify Customers)

When you use per-customer limit features, OrderRules processes limited identifiers for your store's customers solely to enforce the rules you configure. We act as a data processor on your behalf. We do not:

Use your customers' data for any purpose other than enforcing your configured rules
Share your customers' data with third parties
Store customer payment details, addresses, or personally identifiable information beyond what is needed for limit enforcement

6. Cookies & Tracking

The OrderRules app dashboard uses session cookies required by Shopify's authentication system. Our marketing website does not use tracking cookies or third-party analytics scripts.

7. Your Rights

Depending on your location, you may have rights regarding your personal data, including the right to access, correct, or delete your data. To exercise these rights, contact us at privacy@orderrules.com.

8. Children's Privacy

OrderRules is a business-to-business service intended for Shopify merchants. We do not knowingly collect information from individuals under the age of 18.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through a notice in the app dashboard.

10. Contact Us

If you have questions about this Privacy Policy:

Email: privacy@orderrules.com
Support: support@orderrules.com
Website: orderrules.com