Privacy Policy – BestRank: Sales Sorting

Effective date: May 4, 2026 · Last updated: May 12, 2026

This Privacy Policy explains honestly and in plain language what data BestRank: Sales Sorting ("we", "our", or "the App") collects, why it is collected, how it is used, and how long it is kept. It applies to Shopify merchants (store owners and their staff) who install the App. If you have any questions, email us at lab.aspeed@gmail.com — we will respond within 30 days.

Plain summary: We only store what is necessary to rank your products. We never read, store, or process any personal data belonging to your shoppers (customers). The only customer identifier we ever hold is a Shopify-supplied customer GID when Shopify sends us a legally required GDPR data request — and even then we hold no other details about that person.

1. Who We Are

BestRank: Sales Sorting is an independent Shopify app that automatically ranks products in your store collections based on real sales performance — reordering products, applying a badge:best-seller tag, and writing ranking data to product metafields.

Contact: lab.aspeed@gmail.com

2. What Shopify Permissions We Request and Why

When you install the App, Shopify asks you to approve the following permission scopes. Here is exactly what each one is used for:

read_orders — We read your paid order history to count how many units of each product were sold within your chosen time window (e.g. last 7 days). We read the line items of each order (product ID + quantity + price) to calculate aggregated totals per product. We do not read, store, or process customer names, emails, phone numbers, shipping addresses, or payment details. Only the product-level numbers are used.
read_products, write_products — We read your product catalogue to build the ranking list, then reorder products within collections and apply or remove the badge:best-seller tag. We also write ranking metadata to product metafields (namespace: bsync) so the data can be used by your storefront.
read_themes, write_themes — Required by Shopify to support our Theme App Extension (the Bestseller Widget). The widget is placed by you via the Shopify Theme Editor — we do not automatically write to or modify your theme files. You can add or remove the widget at any time from the Theme Editor.
read_publications, write_publications — We read collection publication status to support accurate collection ranking across sales channels.

3. What Data We Store and Why

Below is a complete and honest list of every piece of data we store in our database, with the reason for storing it:

3a. Merchant Authentication (Session table)

Shop domain (e.g. yourstore.myshopify.com) — identifies which store the data belongs to
OAuth access token — required to call Shopify's API on your behalf
Merchant name and email — provided by Shopify during the OAuth login flow; used only for admin identification purposes
Shopify user ID — identifies which staff account authenticated the app
Session expiry timestamps — used to invalidate old sessions automatically

This data is deleted immediately when you uninstall the App.

3b. Collection Settings (CollectionConfig table)

Shop domain, collection ID, and collection title
Ranking settings: mode (days / orders), metric (units / orders / revenue), sync window, max products
Pinned product IDs (up to 5) and excluded product IDs — these are Shopify product GIDs you choose to pin or hide
Sync schedule, last sync time, last error message

This is your configuration — no customer data. Retained for 48 hours after uninstall to allow seamless reinstall recovery, then permanently deleted.

3c. Sync History (SyncSnapshot table)

Ordered list of product IDs per collection at the time of each sync
Aggregated sales numbers per product: units sold, order count, gross revenue
Rank position, percentile score, and grade (ABC) per product
Change summary: which products entered, left, or moved in rank

The last 30 sync snapshots are kept per collection — older ones are automatically deleted. This data contains no customer information: it is entirely product-level aggregates. Permanently deleted 48 hours after uninstall.

3d. Billing & Plan (Plans table)

Shop domain, current plan (free / pro / agency), plan activation date
Shopify subscription ID — used to manage billing via Shopify's API
Grace period end date (if a payment fails), subscription status
Agency linking info (if you link multiple stores under one agency account)

Required to enforce plan limits and handle billing events. Permanently deleted onshop/redact webhook (48 hours after uninstall).

3e. Sync Lock (SyncLock table)

Shop domain, collection ID, lock timestamp — a temporary row that prevents two syncs from running at the same time

Released immediately after each sync completes. Never holds customer data.

3f. GDPR Request Log (DataRequest table)

Shop domain, Shopify customer GID (e.g. gid://shopify/Customer/12345), request timestamp, and handling status

Shopify sends us a customers/data_request webhook when one of your shoppers requests their data. We are legally required by Shopify's Partner Program and GDPR to log this and respond. We store only the customer GID — no name, email, address, or any other customer detail. Because we hold no customer PII, our response is always: "we hold no personal data for this individual."

3g. Feature Flags and Cron Health (internal only)

Global on/off flags for app features (e.g. "new_dashboard_v2") — no personal data
A single-row timestamp recording when the background sync job last ran — no personal data

3h. Temporary Redis Cache

Aggregated order metrics (units sold, revenue, order count — per product, not per customer) are cached in Upstash Redis with a maximum TTL of 23 hours to reduce Shopify API calls. This cache is invalidated immediately when a new paid order arrives. It holds no customer identifiers and expires automatically.

4. What We Do NOT Store

Customer names, emails, phone numbers, or addresses
Individual order contents or order IDs
Payment card or financial details of any kind
Browsing behaviour, cookies, or tracking data of your shoppers
Any data from your store's end-customers beyond the legally required customer GID in GDPR request logs

5. How We Use Data

Rank products in your collections by sales velocity
Reorder products in Shopify collections to reflect their rank
Apply or remove the badge:best-seller product tag
Write ranking metadata to product metafields for storefront display
Show sync history, trends, and change summaries in your app dashboard
Manage your subscription, enforce plan limits, and handle billing events
Respond to legally required GDPR and Shopify data requests

We do not use your data for advertising, profiling, machine learning training, or any purpose outside the App's core functionality.

6. Shopify Webhooks We Handle

Webhook	What we do with it
`app/uninstalled`	Delete OAuth sessions immediately. Deactivate collection configs (48h hold for reinstall recovery).
`orders/paid`	Invalidate the Redis order cache so the next sync uses fresh data. The order payload is not stored.
`app/subscriptions_update`	Update billing plan status (payment failure → grace period; cancellation → downgrade to free).
`app/scopes_update`	Acknowledge scope changes. No data stored.
`customers/data_request`	Log the Shopify customer GID and mark request as fulfilled. No customer PII is held so there is nothing to export beyond the GID itself.
`customers/redact`	Confirm receipt. No customer PII is held so there is nothing to erase.
`shop/redact`	Permanently delete all shop data: configs, snapshots, locks, plan record, GDPR logs, and sessions.

7. Data Retention

While installed: all data is retained to operate the service
On uninstall: OAuth sessions deleted immediately; collection configs and snapshots deactivated (48-hour hold for reinstall recovery)
48 hours after uninstall (on shop/redact): all remaining data is permanently and irreversibly deleted
Redis cache: auto-expires within 23 hours regardless of install status
Sync snapshots: only the last 30 per collection are kept; older snapshots are deleted automatically on each sync

8. Data Storage and Security

All data transmitted over HTTPS / TLS — never in plain text
PostgreSQL database hosted on Railway (GCP infrastructure) with encryption at rest and SSL-enforced connections
Redis cache hosted on Upstash with TLS in transit
OAuth access tokens stored server-side only — never exposed to client-side code, browser logs, or URLs
Admin panel protected by password authentication with brute-force lockout (5 attempts → 15-minute block)

9. Third-Party Sub-processors

Your data is processed only by the following services:

Railway (railway.app) — application hosting and PostgreSQL database. Data may be stored on GCP servers in the US or EU.
Upstash (upstash.com) — Redis cache for temporary aggregated order metrics. Data resides in the region closest to our Railway deployment.
Shopify — as required by the Shopify API and Partner Program Agreement

We do not sell, rent, or share your data with any other third party for any purpose.

10. International Data Transfers

Railway and Upstash are US-headquartered companies. Data may be stored or processed outside your country. If you are in the EU/EEA/UK, transfers are covered by Standard Contractual Clauses (SCCs) established by our sub-processors. If you are in other jurisdictions (Middle East, Australia, Canada, Singapore, Brazil, Japan), we process only the minimum data necessary and delete it fully on uninstall.

11. Cookies and Browser Storage

Session cookies — set by Shopify's OAuth flow to maintain your authenticated admin session. Strictly necessary; cleared when you log out.
No tracking cookies — we do not use advertising, analytics, or third-party tracking cookies of any kind.
No tracking pixels — no third-party scripts or pixels are loaded in the app or injected into your storefront.

12. Your Rights as a Merchant (GDPR / CCPA / Other)

Regardless of where you are located, you have the following rights over your store data. Contact us at lab.aspeed@gmail.com to exercise any of them. We respond within 30 days.

Access — request a copy of all data we hold about your store
Correction — request that inaccurate data be corrected
Erasure — request deletion of all your data at any time (or simply uninstall — deletion happens automatically within 48 hours)
Restriction — request that we limit processing of your data
Portability — receive your data in a structured, machine-readable format (CSV available from within the app)
Objection — object to any processing you believe is unlawful

13. Children's Privacy

BestRank is a business-to-business tool for Shopify merchants. It is not intended for and does not knowingly collect data from individuals under 18 years of age.

14. Changes to This Policy

If we make material changes to this policy (e.g. storing new types of data), we will notify you via the in-app dashboard and update the "Last updated" date above. Minor clarifications will be updated silently. Continued use of the App after notification constitutes acceptance of the revised policy.

15. Contact

BestRank: Sales Sorting
Email: lab.aspeed@gmail.com
Response time: within 30 days