Bundlewise ("the App") is a Shopify application developed and operated by idnovate.com, innovación y desarrollo, scp ("we", "us"). This policy explains what data the App processes, why, and the rights you and your customers have. We act as a data processor on behalf of the merchant (the Shopify store owner), who is the data controller for their store's data.
The App requests the minimum Shopify permissions it needs to function: read_orders, read_products, write_discounts, write_products. With these it processes store & installation data (your store's domain, shop name, locale, currency and the access token issued at install), order data (it reads the product line items — product IDs and titles — of your orders to learn which products are bought together; it stores only aggregated co-occurrence statistics, never individual orders), product data (titles, handles, IDs and images used to build bundles and the storefront widget), and the bundles and automatic discounts you create through the App.
Although order data is classified by Shopify as protected customer data, the App uses ONLY the product-level line items of each order to compute aggregate statistics. It does NOT collect, store or process your customers' identifying data — no names, emails, phone numbers or addresses — and it does not build customer profiles or use tracking cookies.
Data is used solely to provide the App's features: analysing your order history to suggest product bundles, creating the automatic discounts that price those bundles, and showing data-backed "frequently bought together" recommendations on your storefront. We do not sell your data or use it for advertising.
We share data only with infrastructure providers strictly necessary to run the App (hosting and the Shopify platform itself). We do not share data with third parties for marketing.
We retain the aggregated statistics, product data and the bundles you create for as long as the App is installed. When you uninstall the App we remove the live discounts it created and delete the associated store data; we also honour Shopify's mandatory GDPR webhooks: customers/data_request, customers/redact, shop/redact. Because the App stores no customer-identifying data, a customer data-erasure request has no personal data to remove.
Access tokens and store data are stored on access-controlled servers and transmitted over HTTPS. Access is limited to what is required to operate and support the App.
If you are in the EU/EEA you have the right to access, rectify, erase, restrict or port your personal data, and to object to its processing. Merchants can exercise these rights, and request data on behalf of their customers, by contacting us or via Shopify's data-request tooling.
We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above.
For privacy questions or data requests, contact idnovate.com, innovación y desarrollo, scp at privacy@idnovate.com.