This Privacy Policy explains how Retrace ("Retrace," "we," "us," or "our") collects, uses, and discloses information when merchants install or use the Retrace Shopify app (the "App"). Retrace is a merchant-facing inventory observability and reconciliation tool for Shopify stores.
Retrace is not a consumer-facing service. When we process personal information contained in a merchant's Shopify store, we do so to provide the App to that merchant and under the merchant's direction.
1. Information We Collect
1.1 Merchant account and store information
When a merchant installs or uses the App, we may collect information associated with the merchant's Shopify store and App account, including:
- Store name
- Store URL or Shopify domain
- Store owner or administrator name
- Email address
- Locale and timezone settings
- App support and account communications
1.2 Shopify store data
To operate the App, Retrace currently accesses data from Shopify using the following app scopes:
read_fulfillmentswrite_inventoryread_inventoryread_locationsread_merchant_managed_fulfillment_ordersread_order_editsread_ordersread_productsread_returnsread_third_party_fulfillment_orders
These scopes allow Retrace to process categories of store data such as:
- Inventory levels, quantities, adjustments, and reconciliation actions
- Location names and identifiers
- Orders and order edits
- Fulfillments, including merchant-managed and third-party fulfillment orders
- Product titles, SKUs, variants, and identifiers
- Returns and related operational records
Some of this store data may contain personal information relating to the merchant's customers, such as customer names, shipping details, or order-related contact information that appears in Shopify order or fulfillment records.
1.3 Usage, device, and log information
We may collect technical and operational information about use of the App, including:
- IP address
- Browser type and device information
- Pages or screens viewed within the App
- Timestamps and diagnostic events
- Security, access, and error logs
2. How We Use Information
We use the information we collect to:
- Provide, maintain, and support the App
- Ingest, normalize, and analyze inventory and order-related events
- Detect inventory discrepancies and display merchant-facing inventory timelines, alerts, and reconciliation workflows
- Authenticate merchants, secure the App, and prevent misuse
- Respond to merchant support requests and service communications
- Monitor performance, troubleshoot issues, and improve reliability
- Comply with legal obligations and enforce our agreements
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use customer personal information from a merchant's store for independent consumer marketing or profiling.
3. Legal Bases and Processing Roles
If you are located in the European Economic Area, United Kingdom, or Switzerland, we generally rely on the following legal bases for merchant account and App usage data:
- Performance of a contract, where processing is necessary to provide the App
- Legitimate interests, such as security, fraud prevention, service maintenance, and product improvement
- Legal obligation, where processing is necessary to comply with applicable law
For customer personal information contained in merchant store data, Retrace generally acts as a processor or service provider on behalf of the merchant, which is the controller or business responsible for that data. We process that information to provide the App and in accordance with the merchant's instructions and applicable agreements with the merchant.
4. How We Share Information
We may disclose information in the following circumstances:
- Service providers and infrastructure vendors that help us host, secure, maintain, and support the App
- Professional advisors, such as lawyers, auditors, and insurers, where necessary
- Law enforcement, regulators, courts, or other third parties when required by law or legal process
- In connection with a merger, financing, acquisition, reorganization, or sale of all or part of our business
- With the merchant's direction or consent
We require vendors that process personal information for us to handle it on our behalf and under appropriate contractual protections.
5. Data Retention and Deletion
We retain information for as long as needed to provide the App, operate our business, comply with legal obligations, resolve disputes, and enforce our agreements. Our default retention periods include:
- Merchant installation and account records: retained while the App is installed and then deleted according to our uninstall lifecycle
- Merchant uninstall lifecycle: by default, merchant data is scheduled for hard deletion within 30 days after App uninstallation
- OAuth and related access audit records: up to 90 days by default
- Operational event, drift snapshot, and reconciliation records: up to 18 months by default
- Alert history: up to 6 months by default
- Backfill and operational status records: up to 1 year by default
If a merchant submits a verified deletion request, we will honor that request to the extent full deletion is available and consistent with our legal, security, fraud-prevention, accounting, and contract-enforcement obligations. In some cases, we may retain limited information that we are required or permitted to keep by law or for legitimate business purposes.
If you are a customer of a merchant and want data deleted from that merchant's Shopify store, you should contact the merchant directly. We will assist merchants with verified requests as required by applicable law.
6. Security
We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, credential protection, encryption for certain sensitive data, logging, and security reviews. No system is completely secure, and we cannot guarantee absolute security.
7. International Data Transfers
Information may be processed in countries other than the country where it was collected. Where required by law, we use appropriate safeguards for cross-border transfers of personal information.
8. Privacy Rights
8.1 Merchants
Depending on your location, you may have rights to request access to, correction of, deletion of, restriction of, or portability of your personal information, and to object to certain processing. California residents may also have rights to know, delete, and correct personal information, and the right not to be discriminated against for exercising applicable privacy rights.
Retrace does not sell personal information or share personal information for cross-context behavioral advertising. Retrace also does not make solely automated decisions about consumers that produce legal or similarly significant effects.
To submit a privacy request, contact us using the details in Section 10. We may need to verify your identity before processing a request.
8.2 Customers of merchants
If your personal information is held in a merchant's Shopify store, the merchant is generally the party responsible for responding to your request. Please contact the merchant directly first. Where required, Retrace will assist the merchant with verified requests.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. If we make material changes, we will update the date at the top of this policy and may provide additional notice through the App or by email where appropriate.
10. Contact Us
If you have questions about this Privacy Policy or want to submit a privacy request, contact us at privacy@useretrace.com.
Public review surfaces: https://www.useretrace.com/privacy-policy and https://app.useretrace.com/install.