Privacy Policy

Gift Registry Manager(“the App”, “we”, “our”) is a Shopify application that enables merchants to create and manage gift registries for their customers. This Privacy Policy describes how we collect, use, and protect information when you install and use the App.

From merchants (store owners):

• Shopify store domain and OAuth access token — required to authenticate API requests to your store
• Shopify subscription status — to manage your billing plan within the App

From merchants via the App (registry data):

• Registry titles, event types, and event dates
• Registry owner names and email addresses — entered by the merchant to identify who the registry belongs to
• Product selections and desired quantities
• Optional banner images uploaded by the merchant — stored in Vercel Blob storage

Automatically via Shopify webhooks:

• Order line items — product and variant IDs and quantities, used to update purchased counts on registry items

We do not collect payment card data, customer personal information beyond what is listed above, or any data from your store’s customers directly.

• To authenticate your store and make authorized API calls to your Shopify store
• To create, store, and display gift registries on your store’s public registry pages
• To automatically update registry purchase counts when orders are placed
• To manage your App subscription and billing
• To provide customer support when requested

We do not sell, rent, or share your data with third parties for marketing purposes.

Registry data and store credentials are stored in a secured PostgreSQL database hosted on Supabase (AWS eu-west-1 region). Banner images are stored in Vercel Blob storage. Disk-level encryption at rest is provided by the hosting infrastructure. We retain your data for as long as the App is installed on your store. Upon uninstallation, your store record, sessions, registry data, and any uploaded banner images are permanently and automatically deleted.

We use the following sub-processors to operate the App:

• Vercel — application hosting, edge delivery, and banner image storage (Vercel Blob)
• Supabase — database hosting (AWS eu-west-1)
• Shopify — platform API and billing infrastructure

Each sub-processor is bound by their own privacy and security commitments. We do not share your data with any other parties.

When you create a gift registry, a public page is generated at a unique URL (e.g. https://gift-registry-manager.vercel.app/registry/[slug]). This page displays the registry title, owner name, event type, event date, and product list. The owner’s email address is never exposed on public pages.

You control who receives the registry link. We do not index or advertise registry URLs.

All data is transmitted over HTTPS. Shopify webhook payloads are verified using HMAC-SHA256 before processing. Access tokens are stored server-side and never exposed to browsers. We implement standard security practices including input validation and parameterized database queries.

You may request deletion of all data associated with your store at any time by uninstalling the App from your Shopify admin — this triggers immediate permanent deletion of all your store’s data. For any other requests, contact us at gift.registry.shop@gmail.com.

We may update this Privacy Policy from time to time. We will notify merchants of material changes by updating the effective date above. Continued use of the App after changes constitutes acceptance of the revised policy.

For questions about this Privacy Policy or your data, contact us at: gift.registry.shop@gmail.com