Legal

Privacy Policy

How Shophive collects, uses, and protects your data. We believe in radical transparency — you should always know exactly what happens with your information.

Last updated: March 6, 2026Version 1.0
1

Overview

Shophive (“we”, “us”, “our”) is a Shopify application that provides automated analytics dashboards for e-commerce merchants. This policy explains how we handle data when you connect your Shopify store to Shophive.

Key principle: Shophive stores only aggregated metrics (revenue totals, order counts, product statistics). We never store individual customer names, addresses, emails, or other personally identifiable information (PII).

2

Data We Collect

When you connect your Shopify store, we request access to the following scopes:

read_ordersUsed to calculate revenue metrics, order counts, average order value, and sales trends. We aggregate this data — individual order details are not permanently stored.
read_productsUsed to identify top-selling products and build product performance breakdowns. Product titles and variant info are used for display purposes.
read_inventoryUsed to monitor stock levels and generate low-inventory alerts. We store current stock counts per product, not historical inventory movements.

Account information: We store your email address (for login and notifications), an encrypted Shopify access token, and basic store metadata (store name, currency, timezone).

3

How We Use Your Data

  • Generate real-time analytics dashboards with revenue, order, and inventory metrics
  • Send daily Slack summaries with key performance indicators
  • Identify trends and surface actionable insights (top products, low stock alerts)
  • Improve our service through aggregated, anonymized usage patterns

We do not use your data for advertising, sell it to third parties, or share it with anyone outside of the services you explicitly configure (e.g., Slack notifications).

4

Data Storage & Security

Security is foundational to how we operate. Your data is protected at every layer:

Encryption at rest

Shopify access tokens are encrypted using AES-256-GCM before storage. Each token has a unique initialization vector (IV) and authentication tag.

Encryption in transit

All communications use TLS 1.2+ (HTTPS). API calls to Shopify and between our services are always encrypted.

Database security

Data is stored in a managed PostgreSQL database with encrypted connections, role-based access, and automatic backups.

OAuth security

We use CSRF nonce verification and HMAC signature validation on every OAuth callback to prevent forgery attacks.

Session management

Sessions use cryptographically random tokens, httpOnly/secure cookies, and automatic 30-day expiration.

5

Third-Party Sharing

We do not sell, rent, or trade your data. The only third parties that may process data on our behalf are:

  • Shopify Your store platform — we access data through their API with your explicit permission
  • Vercel Our hosting provider — processes web requests on our behalf
  • Neon (PostgreSQL) Our managed database provider — stores encrypted data
  • Slack (optional) Only if you configure Slack notifications — we send summaries to your chosen webhook
6

GDPR Compliance & Your Rights

We comply with the EU General Data Protection Regulation (GDPR) and support the following rights:

Right to Access

Request a copy of all data we hold about you

Right to Rectification

Correct any inaccurate data we have

Right to Erasure

Request deletion of all your data

Right to Portability

Export your data in a machine-readable format

Right to Restriction

Limit how we process your data

Right to Objection

Object to data processing at any time

We also implement Shopify’s mandatory GDPR webhooks for customer data requests, customer data erasure, and shop data erasure. When a store uninstalls Shophive, all associated data is automatically deleted within 48 hours.

7

Data Retention

We retain your data only as long as your account is active. Specifically:

  • Metrics snapshots are retained for the lifetime of your dashboard
  • Encrypted access tokens are deleted immediately upon store disconnection
  • Sessions expire automatically after 30 days of inactivity
  • All store data is purged within 48 hours of app uninstallation (per Shopify GDPR requirements)
  • You can request immediate deletion at any time by contacting us
8

Cookies

We use a minimal number of cookies, all strictly functional:

CookiePurposeDuration
shophive_sessionAuthentication session30 days
shopify_oauth_nonceCSRF protection during OAuth10 minutes

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

9

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or an in-app notification. The “Last updated” date at the top reflects the most recent revision.

10

Contact Us

If you have questions about this privacy policy or want to exercise your data rights, reach out to us:

Email: privacy@shophive.nanocorp.app

Website: shophive.nanocorp.app

We aim to respond to all data-related requests within 30 days.

Back to Shophive© 2026 Shophive