Shopify Sync Privacy Policy

Last Updated: January 2025

This Privacy Policy describes how Bean Merchant Limited (“Bean Merchant”, “we”, “us”, or “our”) collects, uses, and shares information when you connect your Shopify store to the Bean Merchant marketplace using the Bean Merchant Sync app (“the App”).

1. Information We Collect

When you connect your Shopify store to Bean Merchant, we access and store the following information:

1.1 Store Information

  • Shopify store name and domain
  • Store contact information
  • Store ID

1.2 Product Data

  • Product titles, descriptions, and images
  • Product variants (size, grind options, etc.)
  • Pricing information
  • Inventory/stock levels
  • Product tags and categories
  • Product metafields (roast level, origin, tasting notes, etc.)

1.3 Order Data

  • Order details for orders placed through Bean Merchant
  • Customer shipping information (for fulfillment purposes only)
  • Order status and fulfillment information
  • Tracking numbers and shipping updates

1.4 Authentication Data

  • OAuth access tokens (stored encrypted)
  • Connection timestamps
  • API scope permissions

2. How We Use Your Information

We use the information collected to:

  • Display your products on the Bean Merchant marketplace
  • Synchronise inventory between your Shopify store and Bean Merchant
  • Process orders by creating draft orders in your Shopify store when customers purchase your products
  • Track fulfillment to update customers on shipping status
  • Maintain the connection between your store and our marketplace
  • Provide support and troubleshoot technical issues

3. Data Storage and Security

3.1 Where Data is Stored

Your data is stored on:

  • Our secure WordPress/WooCommerce hosting environment (Cloudways, Sydney region)
  • Encrypted database tables for sensitive information

3.2 Security Measures

We implement the following security measures:

  • Encryption: OAuth tokens and API credentials are encrypted using AES-256-CBC encryption
  • HTTPS: All data transmission uses SSL/TLS encryption
  • Access Control: Only authorised Bean Merchant administrators can access roaster configurations
  • HMAC Verification: All OAuth callbacks are verified using Shopify’s HMAC signatures
  • Rate Limiting: Protection against brute force and abuse

4. Data Sharing

4.1 Customer Information

When a customer purchases your product on Bean Merchant:

  • Their shipping address is shared with you via Shopify draft order for fulfillment
  • Their email may be included for shipping notifications
  • Payment is processed by Bean Merchant; we remit your portion minus commission

4.2 Third Parties

We do not sell, rent, or share your data with third parties except:

  • Shopify: As required to maintain the API connection
  • Hosting Providers: Our infrastructure partners who process data on our behalf
  • Legal Requirements: If required by law or to protect our rights

5. Data Retention

  • Active Connection: Data is retained while your store is connected to Bean Merchant
  • After Disconnection: We retain order history for 7 years for accounting purposes
  • Product Data: Removed within 30 days of disconnection (unless products have active orders)
  • OAuth Tokens: Immediately invalidated and deleted upon disconnection

6. Your Rights

You have the right to:

  • Access: Request a copy of the data we hold about your store
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Disconnect: Disconnect your Shopify store at any time from your vendor dashboard
  • Export: Request an export of your data in a portable format

7. Disconnecting Your Store

You can disconnect your Shopify store at any time:

  1. Log in to your Bean Merchant vendor dashboard
  2. Go to Shopify Connection settings
  3. Click “Disconnect Store”

Upon disconnection:

  • We immediately stop accessing your Shopify store
  • Your OAuth token is deleted
  • Products are delisted from Bean Merchant (unless manually retained)
  • Pending orders will still be fulfilled

You can also uninstall the app from your Shopify admin, which will revoke our access.

8. Cookies and Tracking

The Bean Merchant Sync app does not use cookies or tracking technologies within your Shopify store. The Bean Merchant marketplace website uses standard analytics cookies as described in our main Privacy Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify connected roasters of significant changes via email. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or requests, contact us at:

Bean Merchant Limited
Email: contact@beanmerchant.co.nz
Wellington
New Zealand

11. Shopify’s Role

Shopify Inc. provides the platform that enables this integration. Their privacy policy governs data within the Shopify platform: https://www.shopify.com/legal/privacy