Back to home

Legal

Retrace Privacy Policy for Shopify Merchants

This page explains what information Retrace processes, why we process it, how long we keep it, and how merchants can request deletion or exercise privacy rights.

Effective date: June 13, 2026Last updated: June 13, 2026

This Privacy Policy explains how Odd Tempo Inc., an Ontario corporation, collects, uses, and discloses information when merchants install or use the Retrace Shopify app (the "App"). Retrace is the name of our merchant-facing inventory observability and reconciliation product for Shopify stores. In this policy, "Retrace," "we," "us," and "our" mean Odd Tempo Inc. doing business through the Retrace product.

Retrace is not a consumer-facing service. When we process personal information contained in a merchant's Shopify store, we do so to provide the App to that merchant and under the merchant's direction.

This policy also describes limited information we may collect from merchants through our public website, legal pages, support communications, and App usage logs.

Quick Summary

Retrace uses merchant-authorized Shopify store data to help merchants understand inventory changes, detect inventory drift, review inventory timelines, receive alerts, and apply authorized inventory reconciliations.

Retrace does not place storefront tracking pixels, does not track shoppers across stores, does not sell personal information, and does not use merchant-customer personal information for independent marketing or consumer profiling.

Merchants can revoke Retrace's Shopify access by uninstalling the App. We delete or redact merchant and customer data according to our retention schedule, Shopify privacy compliance webhooks, and applicable legal obligations.

1. Information We Collect

1.1 Merchant account and store information

When a merchant installs or uses the App, we may collect information associated with the merchant's Shopify store and App account, including:

  • Store name
  • Store URL or Shopify domain
  • Store owner, administrator, or staff contact name
  • Email address
  • Locale, currency, and timezone settings
  • Shopify app installation credentials, access tokens, token metadata, and authorization status needed to connect the App to Shopify
  • App support and account communications

1.2 Shopify store data and App access scopes

We request Shopify access scopes to provide Retrace's inventory observability, drift detection, inventory timeline, alerting, support, compliance, and authorized reconciliation features.

To operate the App, Retrace currently accesses data from Shopify using the following app scopes:

  • read_draft_orders
  • read_fulfillments
  • read_inventory
  • read_inventory_shipments
  • read_inventory_shipments_received_items
  • read_inventory_transfers
  • read_locations
  • read_merchant_managed_fulfillment_orders
  • read_order_edits
  • read_orders
  • read_products
  • read_returns
  • read_third_party_fulfillment_orders
  • write_inventory

These scopes allow Retrace to process categories of store data such as:

  • Inventory levels, quantities, adjustments, ledger states, drift snapshots, and reconciliation actions
  • Inventory shipments, received shipment items, inventory transfers, and related operational records
  • Location names, identifiers, address fields, and fulfillment settings where provided by Shopify
  • Orders, draft orders, order edits, returns, and related status information
  • Fulfillments, including merchant-managed and third-party fulfillment orders
  • Product titles, SKUs, variants, inventory item identifiers, and product identifiers
  • Timestamps, event metadata, operational status fields, and attribution evidence that Shopify provides or that Retrace captures at write time
  • Inventory updates that merchants authorize Retrace to write back to Shopify

Where practical, Retrace relies on Shopify record identifiers, inventory quantities, product and variant identifiers, location identifiers, timestamps, and operational status fields instead of unnecessary customer contact details.

1.3 Protected customer data in Shopify records

Retrace is not designed to build customer profiles or market to merchant customers. However, some Shopify order, draft order, fulfillment, return, shipment, transfer, and related records may include personal information about a merchant's customers, such as names, email addresses, phone numbers, shipping or billing addresses, customer identifiers, order identifiers, or order-related contact, fulfillment, delivery, return, or shipment details.

We process this information only when it is included in merchant-authorized Shopify records needed to provide inventory observability, inventory drift detection, inventory timelines, alerts, support, compliance, and authorized reconciliation workflows.

1.4 Information collected directly from merchant customers

The App is designed for merchants and their staff. Retrace does not intentionally collect personal information directly from merchant customers through storefront cookies, storefront tracking pixels, checkout extensions, customer-account features, or shopper-facing forms.

We process merchant-customer personal information only when it is contained in Shopify records that the merchant authorizes the App to access, when a merchant provides it to us for support, or when Shopify sends mandatory privacy compliance webhooks to the App.

1.5 Usage, device, cookies, and log information

We may collect technical and operational information about use of the App, including:

  • IP address
  • Browser type and device information
  • Pages, views, or screens opened within the App
  • Timestamps, diagnostic events, and performance data
  • Security, access, audit, and error logs

We may use session cookies and similar technologies to operate and secure the App. Our public website and legal pages may also use analytics technologies to understand merchant visits and improve those public surfaces. We do not use Shopify merchant-customer personal information for advertising, retargeting, cross-context behavioral advertising, or independent consumer marketing.

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and support the App
  • Connect the App to merchant-authorized Shopify stores
  • Ingest, normalize, and analyze inventory, order, fulfillment, return, shipment, and transfer events
  • Detect inventory discrepancies and display merchant-facing inventory timelines, alerts, and reconciliation workflows
  • Show how Shopify stock changed over time and whether Shopify inventory stayed aligned with Retrace's ledger state
  • Preserve and display attribution evidence when Shopify provides it or when Retrace captures it at write time
  • Write inventory updates to Shopify when authorized by the merchant
  • Authenticate merchants, secure the App, and prevent misuse
  • Respond to merchant support requests and service communications
  • Monitor performance, troubleshoot issues, and improve reliability
  • Process Shopify privacy compliance webhooks and assist merchants with verified privacy requests
  • Comply with legal obligations and enforce our agreements

3. What We Do Not Do

Retrace does not:

  • Sell personal information
  • Share personal information for cross-context behavioral advertising
  • Use merchant-customer personal information from a merchant's Shopify store for independent consumer marketing
  • Build independent consumer profiles from merchant-customer personal information
  • Track shoppers across Shopify stores
  • Place storefront tracking pixels
  • Collect personal information directly from shoppers through checkout extensions, storefront cookies, customer-account features, or shopper-facing forms
  • Make solely automated decisions about consumers that produce legal or similarly significant effects

4. Legal Bases, Consent, and Processing Roles

For Canadian privacy purposes, we collect, use, and disclose personal information for the purposes identified in this policy, with consent where required by applicable law. Merchants authorize Retrace's Shopify API access during App installation and may revoke that access by uninstalling the App or changing permissions through Shopify where available.

If you are located in the European Economic Area, United Kingdom, or Switzerland, we generally rely on the following legal bases for merchant account and App usage data:

  • Performance of a contract, where processing is necessary to provide the App
  • Legitimate interests, such as security, fraud prevention, service maintenance, and product improvement
  • Legal obligation, where processing is necessary to comply with applicable law

For merchant account, support, website, and App usage information, Odd Tempo Inc. generally acts as the organization responsible for that processing. For customer personal information contained in merchant store data, Retrace generally acts as a processor or service provider on behalf of the merchant, which is the controller, business, or organization responsible for that data. We process that information to provide the App and in accordance with the merchant's instructions and applicable agreements with the merchant.

5. How We Share Information

We may disclose information in the following circumstances:

  • Shopify, where necessary to receive merchant-authorized store data, maintain the App connection, process Shopify compliance webhooks, or write merchant-authorized inventory updates
  • Service providers and infrastructure vendors that help us host, secure, maintain, monitor, and support the App
  • Analytics, monitoring, and communications providers that help us operate public surfaces, understand merchant use, diagnose issues, and provide support
  • Professional advisors, such as lawyers, auditors, and insurers, where necessary
  • Law enforcement, regulators, courts, or other third parties when required by law, legal process, or a valid governmental request
  • In connection with a merger, financing, acquisition, reorganization, or sale of all or part of our business
  • With the merchant's direction or consent

We require vendors that process personal information for us to handle it on our behalf and under appropriate contractual protections. We may publish or provide a current list of material subprocessors that support hosting, database storage, monitoring, support, communications, and analytics.

6. Data Retention and Deletion

We retain information for as long as needed to provide the App, operate our business, comply with legal obligations, resolve disputes, enforce our agreements, and maintain security. Our default retention periods include:

  • Merchant installation and account records: retained while the App is installed and then deleted according to our uninstall lifecycle
  • Merchant uninstall lifecycle: after App uninstallation, merchant data is scheduled for hard deletion within 30 days by default, subject to limited legal, security, fraud-prevention, accounting, and dispute-resolution exceptions
  • Shopify app installation credentials and access tokens: revoked or deleted after uninstall according to the uninstall lifecycle, unless limited records must be retained for security, legal, or audit purposes
  • OAuth and related access audit records: up to 90 days by default
  • Operational event, drift snapshot, and reconciliation records: up to 18 months by default
  • Alert history: up to 6 months by default
  • Backfill and operational status records: up to 1 year by default
  • Shopify compliance request records: retained only as long as needed to process and evidence applicable data access, redaction, or shop deletion requests

If a merchant submits a verified deletion request, we will honor that request to the extent full deletion is available and consistent with our legal, security, fraud-prevention, accounting, and contract-enforcement obligations. In some cases, we may retain limited information that we are required or permitted to keep by law or for legitimate business purposes.

If you are a customer of a merchant and want data deleted from that merchant's Shopify store, you should contact the merchant directly. We will assist merchants with verified requests as required by applicable law.

Backup copies, security logs, and legal or accounting records may persist for a limited period where deletion is not technically immediate or where retention is required or permitted by law. We restrict use of retained information to the applicable retained purpose.

7. Security

We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, staff access limits, credential protection, encryption in transit and at rest through application controls and infrastructure safeguards, logging, environment separation, backup protections, monitoring, and security reviews. No system is completely secure, and we cannot guarantee absolute security.

8. International Data Transfers

Odd Tempo Inc. is established in Canada and not in Europe. Information may be processed in Canada, the United States, and other countries where we or our service providers operate. These countries may have privacy laws that differ from those in your jurisdiction. Where required by law, we use appropriate safeguards for cross-border transfers of personal information, such as contractual protections with service providers.

9. Privacy Rights

9.1 Merchants

Depending on your location, you may have rights to request access to, correction of, deletion of, restriction of, or portability of your personal information, and to object to certain processing. California residents may also have rights to know, delete, and correct personal information, and the right not to be discriminated against for exercising applicable privacy rights.

Retrace does not sell personal information or share personal information for cross-context behavioral advertising. Retrace also does not make solely automated decisions about consumers that produce legal or similarly significant effects.

To submit a privacy request, contact us using the details in Section 12. We may need to verify your identity before processing a request.

9.2 Customers of merchants

If your personal information is held in a merchant's Shopify store, the merchant is generally the party responsible for responding to your request. Please contact the merchant directly first. Where required, Retrace will assist the merchant with verified requests.

10. Shopify Privacy Compliance Webhooks

Retrace is configured to receive Shopify's mandatory privacy compliance webhooks for:

  • customers/data_request
  • customers/redact
  • shop/redact

We use those requests to help merchants provide customer data, redact or delete customer and order identifiers where required, and delete shop data after App uninstall where required. We retain records of these requests only as long as needed to process the request, evidence completion, comply with legal obligations, and protect the security and integrity of the App.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. If we make material changes, we will update the date at the top of this policy and may provide additional notice through the App or by email where appropriate.

12. Contact Us

If you have questions about this Privacy Policy or want to submit a privacy request, contact us at privacy@useretrace.com.

Odd Tempo Inc. is the organization responsible for this policy. For privacy requests, use the email address above so we can route and verify the request.

Public review surfaces: https://www.useretrace.com/privacy-policy and https://app.useretrace.com/install.