Privacy Policy for Delivery Rules by Caretaker
Effective date: 2026-06-07
This Privacy Policy explains how Caretaker Industries LLC ("we", "us", "our") handles information in connection with the Shopify app Delivery Rules by Caretaker (the "App"). The App is a Shopify embedded admin application that lets merchants define IF/THEN business-to-business (B2B) shipping rules and applies those rules during checkout to control which delivery options are shown, how they are named, and which shipping discounts apply.
We have designed the App to collect and retain as little personal data as possible. The App does not maintain its own customer database. The only records we store are Shopify OAuth session tokens needed to make authenticated calls to the Shopify Admin API on the merchant store's behalf. All of the App's rule configuration data is stored inside the merchant's own Shopify store as app-owned metafields, not on our systems.
1. Who this policy covers
This policy is written for two audiences:
- Merchants who install the App on their Shopify store.
- Buyers (the merchant's B2B customers) whose checkout context the App reads at checkout time in order to decide which delivery options to display.
2. Data we collect and process
2.1 Merchant / store data (stored by us)
When a merchant installs the App, Shopify completes an OAuth flow and issues an access token. We store the following in our session store:
- Shopify shop domain (for example,
example-store.myshopify.com). - Shopify OAuth access token (online access token, scoped to the granted permissions).
- Associated session metadata that Shopify's session-storage adapter persists (session id, state, scope string, token expiry, and the user id, first name, last name, email, account owner flag, locale, collaborator flag, and email-verified flag that Shopify includes in an online-access session).
This session data is used solely to authenticate the App's own requests to the Shopify Admin API. We do not use it for marketing, profiling, advertising, or any purpose unrelated to operating the App.
2.2 Buyer / company / checkout context (read at checkout, not stored)
The App's two Shopify Functions run inside Shopify's checkout. At checkout they receive a limited input from Shopify and use it to evaluate the merchant's configured rules. The fields the App reads include:
- B2B buyer context: the associated company and company location identifiers and names.
- The shipping address region (country and province/state) of the delivery destination.
- The available delivery/shipping options for the cart.
The App uses these inputs in-memory only, to decide which delivery options to hide, rename, or discount. The App does not write this checkout context to our storage, log it to our systems, or transmit it to any third party. The evaluation happens within Shopify's infrastructure and the result (the shaped set of delivery options) is returned to Shopify.
2.3 Rule configuration data (stored in the merchant's Shopify store)
The IF/THEN rules a merchant authors are compiled to JSON and saved as
app-owned metafields on the merchant's store (namespace
$app:shipping-rules, keys authoring and
ruleset). This data lives in the merchant's own Shopify
account, under the merchant's control. It does not contain buyer personal
data; it contains rule logic (for example, "if company location is in
California, hide Express").
2.4 Diagnostic / error data
We use Sentry for error monitoring. When the App encounters an error, a diagnostic event (stack trace, App route, shop domain, and technical context) may be sent to Sentry so we can detect and fix faults. We configure Sentry to avoid capturing buyer personal data in these events. Error events are used only for reliability and security of the App.
3. Why we process this data (purpose)
- To operate the App's core function: evaluate B2B shipping rules and shape delivery options at checkout.
- To authenticate to Shopify on the merchant store's behalf using the stored session token.
- To keep the App reliable and secure by monitoring and diagnosing errors.
We do not sell personal data. We do not use personal data for advertising.
4. Legal basis for processing (GDPR / UK GDPR)
Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases:
- Performance of a contract (Article 6(1)(b)): processing the merchant's session and configuration data is necessary to provide the App the merchant installed.
- Legitimate interests (Article 6(1)(f)): processing limited diagnostic data to keep the App secure and functioning. We balance this against data-subject rights and limit collection accordingly.
The merchant is the data controller for buyer personal data processed through their store. We act as a data processor / service provider on the merchant's behalf, and as a controller for the merchant's own account/session data.
5. How data is shared (sub-processors)
We do not sell or rent personal data. We share data only with the infrastructure sub-processors required to run the App:
| Sub-processor | Purpose | What it may process |
|---|---|---|
| Shopify | Hosts the merchant's store and runs the App's checkout functions; provides the Admin API and OAuth | Store data, OAuth sessions, checkout/buyer context (within Shopify's own platform) |
| Fly.io | Hosts the App server and the persistent volume that stores the session database | Shopify OAuth session records |
| Sentry | Error monitoring and diagnostics | Diagnostic/error events (technical context, shop domain) |
| Cloudflare | Hosts this published privacy policy page | No App user data; serves a static document |
Each sub-processor processes data under its own data-protection commitments. We may update this list as our infrastructure changes; material changes will be reflected here.
6. Data retention
- OAuth session data: retained only while the App is installed. When a merchant uninstalls the App, Shopify sends the
app/uninstalledwebhook and we delete the store's session records. We also honor Shopify'sshop/redactcompliance webhook by deleting any remaining store-associated session data. - Buyer / checkout context: never stored; processed only in-memory during checkout evaluation, so there is nothing to retain.
- Rule configuration metafields: stored in the merchant's own Shopify store and removed according to the merchant's own data lifecycle and Shopify's app data cleanup when the App is removed.
- Diagnostic events in Sentry: retained for the limited period configured in Sentry for operational troubleshooting, then automatically purged.
7. Security
- All traffic to and from the App is served over HTTPS/TLS.
- OAuth session tokens are stored on a Fly.io persistent volume that is attached to the App's server and is not publicly accessible.
- We request only the Shopify access scopes the App needs to function (
read_customers,read_companies,read_products,read_delivery_customizations,write_delivery_customizations,write_discounts,write_companies). - We do not store buyer payment information, and we do not build buyer profiles.
No method of transmission or storage is perfectly secure, but we take reasonable technical and organizational measures appropriate to the limited data we handle.
8. Data-subject and consumer rights
Depending on where a data subject lives, they may have rights to access, correct, delete, or restrict processing of their personal data, to object to processing, and to data portability.
Because the App stores no buyer personal data, most buyer requests are fulfilled by the merchant (the controller) directly within Shopify. For requests that reach us, we respond through Shopify's mandatory compliance (GDPR) webhooks:
customers/data_request: when a buyer asks a merchant for the data a store holds about them, Shopify notifies the App. Because the App stores no buyer personal data, we have no buyer data to return; we acknowledge the request.customers/redact: when a buyer asks a merchant to delete their data, Shopify notifies the App. We hold no buyer personal data, so there is nothing to delete; we acknowledge the request.shop/redact: sent 48 hours after a store uninstalls the App. On receipt we ensure all session and store-associated data for that shop is deleted.
To exercise rights directly with us, or to ask a question about this policy, contact us using the details in Section 12. We respond to requests within the timeframes required by applicable law (and within 30 days for Shopify compliance requests).
9. GDPR / UK GDPR specifics
- We act as a processor for buyer data on the merchant's behalf and as a controller for the merchant's own account/session data.
- We process data only for the purposes in Section 3 and share it only with the sub-processors in Section 5.
- International transfers: our sub-processors (Shopify, Fly.io, Sentry, Cloudflare) may process data in the United States and other regions. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses offered by those providers.
- Data subjects in the EU/UK may lodge a complaint with their local supervisory authority.
10. CCPA / US state privacy specifics
For residents of California and other US states with comparable laws:
- We do not sell personal information and do not share it for cross-context behavioral advertising.
- The categories of data we process and the purposes are described in Sections 2 and 3.
- California residents have the right to know, delete, and correct personal information, and the right not to be discriminated against for exercising these rights. Because the App holds no buyer personal information, deletion and access requests are generally fulfilled by the merchant within Shopify; requests that reach us are handled as described in Section 8.
11. Children
The App is a B2B merchant tool and is not directed to children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided personal data through the App, contact us and we will delete it.
12. Contact
For privacy questions or to exercise your rights, contact:
- Company: Caretaker Industries LLC
- Email: privacy@ctind.com
13. Changes to this policy
We may update this policy as the App or its sub-processors change. When we make material changes, we will update the Effective date at the top and post the revised policy at its published URL. Continued use of the App after an update constitutes acceptance of the revised policy.
14. Governing law
This policy is governed by the laws of the State of California, USA, without regard to its conflict-of-laws rules.