Privacy Policy
Last updated: March 2026
This Privacy Policy describes how Inspyr Media ("we", "us", "our") processes data when you use the PriceGuard Shopify application ("the App"). It applies to all merchants who install and use the App in their Shopify store.
1. Roles and Responsibilities
Merchant (you): as the data controller, you determine how your store's product and pricing data is processed. You are responsible for ensuring that your use of the App complies with applicable data protection laws.
Inspyr Media (us): as the data processor, we process your data solely according to your instructions (the actions you take in the App) to deliver the pricing compliance service. Inspyr Media is based in the Netherlands.
For all privacy-related inquiries, contact us through our support portal.
2. What Data We Process
The following table describes the categories of data we process on your behalf, what each category contains, why we store it, and how long it is retained.
| Data | What It Contains | Why We Store It | Retention |
|---|---|---|---|
| Shopify session | Session tokens, shop domain | Authenticates your access to the app within Shopify | Managed by Shopify's session framework |
| Consent record | Timestamp of when the Privacy Policy and Terms of Service were acknowledged | Records that the legal terms were accepted | Deleted on uninstall |
| Shop settings | Install date, widget visibility mode, last sync timestamp and status, compliance summary, price threshold settings | App configuration and operational state | Deleted on uninstall |
| Market settings | Lookback period, max campaign days, enabled status per market | Per-market compliance configuration | Deleted on uninstall |
| Included promotions | Discount IDs, titles, types, values, date ranges, who flagged the promotion, scope type and summary | Determines which promotions affect lowest-price calculations | Until merchant removes or app uninstall |
| Price history (app-owned metafield) | Price snapshots with timestamps and pre-calculated lowest values, read-only for merchants | Omnibus lowest prior price calculation and storefront display | Up to 300 entries per variant; compressed after 2 years, removed after 5. Persists after uninstall |
| Compliance metafields | Original price, current lowest price, date, and days of tracking per variant | Storefront compliance display and dashboard reporting | Persists after uninstall as Shopify metafields |
| Widget visibility mode (shop metafield) | Controls when the storefront widget is displayed | Storefront widget configuration | Stored as a Shopify metafield, which persists after app uninstall and is not automatically deleted |
| Sync logs | Sync timestamps, status, trigger source (manual or automated via Flow), products processed and updated, total variants, error messages | Operational audit trail | Deleted on uninstall |
3. Nature of Data Processed
PriceGuard processes product pricing data (prices, compare-at prices, discount values) which is public commercial information displayed on your storefront. The App does not process personal data of your customers or staff.
The only data that may relate to an individual is the Shopify session used for authentication and the consent record timestamp. We process all data based on the service agreement established when you install the App, solely to deliver the App's functionality.
4. How We Use Your Data
We use your data solely to provide and operate the App:
- Tracking product variant prices and calculating lowest prior prices
- Displaying compliance information on your storefront via the theme extension
- Providing the compliance dashboard, sync controls, and reporting
- Applying promotion-adjusted pricing when you flag public discounts
We do not use your data for marketing, profiling, or sell it to third parties.
5. Third-Party Services
The following third-party services are involved in delivering the App's functionality:
- Shopify: manages your store data, session authentication, and metafield storage.
- Grafana Cloud (Grafana Labs): receives operational logs and performance metrics for monitoring and error diagnosis. Hosted in the EU. Logs contain your store domain for identification; metrics are aggregated and non-identifying.
- Cloudflare R2 (Cloudflare, Inc.): stores encrypted database backups in an EU-jurisdiction bucket. Backup data is encrypted before upload; Cloudflare does not hold the decryption keys.
We do not share your data with any parties beyond those listed above.
6. International Data Transfers
The application and its database are hosted in the European Union.
Data transmitted to Shopify may be processed outside the EU. As the data controller, you are responsible for reviewing the data processing agreements and transfer safeguards provided by Shopify.
7. Data Security
- OAuth authentication via Shopify
- All communication with Shopify occurs over HTTPS
- Shopify access tokens are managed by Shopify's authentication framework and are not stored separately by PriceGuard
- Metafield data stored in Shopify's secure infrastructure
- Database backups are compressed and encrypted before leaving the server, stored in an EU-jurisdiction cloud bucket
In the event of a data breach affecting your data, we will notify you without undue delay so that you can fulfil your obligations as data controller.
8. Data Retention
Most app database data (settings, sync logs, promotion records) is retained while the App is installed. When you uninstall the App, all database data is permanently deleted.
Price history and compliance data are stored as Shopify metafields on your product variants and shop. Entries older than 5 years are removed; entries between 2 and 5 years are compressed; and the oldest entries are discarded when the approximately 300 entry limit per variant is reached. Metafields are not automatically deleted when the App is uninstalled and remain on Shopify until you remove them manually.
Encrypted database backups are retained for 60 days and then automatically deleted. If a backup is restored, any deletion or erasure requests processed after the backup date are re-applied.
Refer to the data matrix in Section 2 for per-category retention details.
9. Your Rights
As the data controller, you are the first point of contact for any data subject rights requests concerning your store content.
Where personal data of individual users is involved (e.g., the name and email associated with your Shopify account), the following GDPR rights apply:
- Right of access (Art. 15): request a copy of the personal data we hold about you
- Right to erasure (Art. 17): request deletion of your data (also achieved by uninstalling the App)
All App settings and data can be viewed directly within the App. Uninstalling the App permanently deletes all data we hold in our database.
To exercise any of these rights, contact us through the support portal.
If you believe your data is being processed unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority.
10. Automated Decision-Making
Price calculations are automated but deterministic: they follow fixed rules based on price history data. PriceGuard does not use AI, machine learning, or profiling as defined under Article 22 of the GDPR. No decisions about end customers are made.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated "Last updated" date.