OptionPulse

PRIVACY

Privacy Policy

How OptionPulse handles information when a Shopify merchant installs the app, runs a report, or contacts support.

Operator and effective date

Effective date: July 12, 2026

鈴木恵太

神奈川県大和市桜森3-8-10-603, Japan

doge.1billion@gmail.com

Scope

OptionPulse does not add tracking code to a merchant's storefront and does not collect information directly from storefront visitors. It processes limited order-line information received through Shopify only when an authorized merchant requests a report.

Information we process

Shopify installation and session information

We may store the Shopify shop domain, OAuth state, granted scopes, access and refresh tokens, expiration details, and session identifiers. When supplied by Shopify, a session may also include the merchant user ID, name, email, locale, account-owner status, collaborator status, and email-verification status. Tokens are used only to authenticate the installed shop and make authorized Shopify API requests.

Order-line information processed for a report

When a merchant runs an analysis, OptionPulse temporarily processes order identifiers, creation time, test and cancellation status, line-item titles and quantities, and line-item custom attribute names and values. Custom attributes can contain personal information entered by a buyer, such as a name, engraving, or gift message.

Report and operational information

Product titles, option names, values, combinations, and counts are aggregated for the authenticated merchant. We separately store limited operational metadata: shop, installation status, selected range, run status, pages processed, order and eligible-line counts, duration, controlled error code, and timestamps. Operational metadata does not contain order identifiers, product titles, option names, option values, report contents, or CSV files.

Support and technical information

If you contact support, we process your email address, message, and information you choose to provide. Hosting, database, email, authentication, and content-delivery providers may process standard technical data such as IP address, user agent, request time, security events, and service logs. OptionPulse does not include advertising trackers or behavioral-advertising analytics.

How we use information

  • Authenticate the merchant and installed shop.
  • Generate reports requested by the merchant.
  • Operate, secure, and troubleshoot OptionPulse.
  • Maintain limited service-reliability records.
  • Respond to support, privacy, and security requests.
  • Meet Shopify platform and applicable legal requirements.

We do not sell personal information, use it for advertising, or use it to train AI models. The production app does not send access tokens, raw order data, custom attributes, or report contents to generative AI services.

Storage, retention, and deletion

  • Raw orders and custom attributes are processed transiently and are not persisted in the OptionPulse database.
  • Report aggregates are returned with no-store headers and held in the authenticated browser for the active page. CSV files are generated in that browser. Neither is persisted by OptionPulse.
  • Session, installation, and operational metadata are retained while the app is installed.
  • When a valid Shopify app-uninstalled or shop-redaction webhook is successfully processed, the shop's sessions, installation record, and operational metadata are deleted from the active database.
  • Support correspondence is retained for no longer than 12 months after the support matter is closed, unless a longer period is required by law.
  • Service-provider logs and backups follow the configured retention periods of Shopify, Vercel, Supabase, and Google and are not accessed during normal OptionPulse operation.

Service providers and processing locations

  • Shopify: app distribution, authentication, API access, privacy requests, and hosted resources.
  • Vercel: application hosting, functions, and content delivery, with the primary function region in Tokyo.
  • Supabase: session and operational-metadata storage in Tokyo.
  • Google Gmail: support communications.

The primary application runtime and database are configured in Tokyo. These providers may process service, security, account, or support information in other locations under their own infrastructure and service terms.

Shopify privacy requests

OptionPulse verifies and responds to Shopify's mandatory privacy webhooks. Because buyer-level order and custom-attribute data are not persisted, a valid customer data or redaction request normally has no stored buyer record to return or delete. A valid shop-redaction request deletes the shop's active database records as described above.

Security

We use least-privilege Shopify access, authenticated shop sessions, tenant-scoped database operations, encrypted network transport, controlled error responses, secret-management controls, and data minimization. No method of storage or transmission can be guaranteed completely secure.

Your requests and contact

Depending on applicable law, you may request access, correction, or deletion of personal information. Email doge.1billion@gmail.com. We may need to verify the request or coordinate with the Shopify merchant that controls the underlying buyer information.

We may update this policy when the service or its data practices change. The current version will show its effective date on this page.