Privacy Policy

Last updated: May 13, 2026

Introduction

OpsBox ("we," "our," or "us") operates as a Shopify embedded application that provides order swap tools, catalog CSV recovery, and B2B buyer tools for Shopify merchants. This Privacy Policy describes how we collect, use, store, and protect your information when you install and use OpsBox.

Information We Collect

From Merchants (via Shopify APIs)

From Merchants (directly provided)

Automatically Collected

How We Use Your Information

Data Storage and Security

Data is stored in a Nile-powered PostgreSQL database with native tenant isolation. Each Shopify store's data is logically separated by tenant ID. OAuth sessions are encrypted and stored in the database (not in browser local storage). All data is transmitted over HTTPS.

Data Retention

Data Sharing

We share data with the following third-party services only as necessary to provide the app's functionality:

We do not sell, rent, or trade your data to any third party.

Your Rights

You have the right to:

We comply with GDPR, CCPA/CPRA, and other applicable privacy regulations. Shopify may forward data subject requests to us via mandatory compliance webhooks, which we process automatically.

Contact

For privacy inquiries, data requests, or questions about this policy, contact us at: privacy@opsbox.studio

Related Documents

Please also review our Terms of Service and Support page.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of OpsBox after changes are posted constitutes acceptance of the revised policy.