Last updated: July 3, 2026
Privacy Policy
This Privacy Policy explains how the Bundle & Discount Shopify app (“the App”, “we”, “us”) collects, uses, and protects information when a merchant installs and uses it on their Shopify store.
1. Information we access
With the merchant’s permission (granted at install), the App may access the following through the Shopify Admin API:
- Product data & metafields — to create the bundle and discount metafield definitions and read their values (e.g.
custom.bundle_variant_ids,custom.discount_enabled,custom.discount_type,custom.discount_value). - Cart and checkout line data — processed in real time by Shopify Functions (Cart Transform and Discount) to compose bundles and apply discounts. This runs inside Shopify and is not stored by us.
- Store information — the shop domain and access token needed to authenticate API requests.
The App’s core function operates on product configuration data. It does not require or use customer personal data for its features.
2. Information you provide directly
If you use the in-app Contact Support form, we receive the reply email address and message you submit, plus your shop domain, so we can respond to your request.
3. How we use information
- To provide and operate the bundle and discount features.
- To create and read the metafields the App relies on.
- To authenticate and secure API requests.
- To respond to support requests you send us.
We do not sell your data or use it for advertising.
4. Data storage & retention
The App stores only the session/authentication data required to keep the App connected to your store, in Cloudflare Workers KV. We do not maintain a separate database of your products, customers, or orders. Session data is removed when the App is uninstalled or the session expires.
5. Sub-processors
We rely on the following service providers to run the App:
- Shopify — platform, Admin API, and Shopify Functions.
- Cloudflare — application hosting and session storage.
- Resend — delivery of support-form emails you send us.
6. Data deletion & GDPR
The App implements Shopify’s mandatory compliance webhooks: customers/data_request, customers/redact, and shop/redact. When you uninstall the App, its access is revoked and stored session data is deleted. To request deletion of any information you sent via the support form, email us at the address below.
7. Security
Data in transit is encrypted with HTTPS/TLS. Access tokens are stored server-side and never exposed to the browser. We follow Shopify’s security requirements for embedded apps.
8. Changes to this policy
We may update this policy from time to time. Material changes will be reflected here with a new “Last updated” date.
9. Contact us
Questions about this policy or your data? Contact jenishpatel7777@gmail.com.