Privacy Policy

Geosort — Privacy Policy

Last updated: 2026-06-04

What we collect

Geosort sorts the products inside your Shopify collections. To do that the app receives, from Shopify, the following data via webhooks and the Admin API:

  • Order line items – product ID, quantity, price, and the order’s shipping country code (ISO-2). We aggregate these into a per-product, per-country, per-day rollup. We do not store customer names, emails, or any other personally identifiable information.
  • Collection and product metadata – IDs, handles, tags, inventory levels, publish dates. Used to build the candidate set when computing the sorted order.
  • Merchant-configured recipes – the rule stack the merchant builds in the Geosort admin UI.

What we do NOT collect

  • Customer names, emails, addresses, or phone numbers.
  • Individual purchase histories tied to a customer.
  • Any storefront visitor PII beyond the visitor’s country code (used solely to pick which sorted order to serve).

To measure whether sorting actually improves store performance, the storefront block sets a first-party session cookie containing a random identifier. It is not linked to any customer account, carries no personal data, and is never shared with third parties. It lets us join a collection view to a later checkout so we can report aggregate conversion metrics to the merchant.

Where data is stored

Application data is stored in Postgres and Redis hosted by our service provider. All data is encrypted in transit (TLS) and at rest. Shopify access tokens are encrypted and never exposed to client-side code.

Data retention

When a merchant uninstalls Geosort, their record is soft-deleted immediately. Shopify fires the shop/redact webhook 48 hours after uninstall; we hard-delete every row associated with the shop within 24 hours of receiving that webhook. There is no archival copy.

GDPR / CCPA rights

We respond to Shopify’s mandatory privacy webhooks:

  • customers/data_request – Geosort holds no customer-identifiable data, so the response is an acknowledgement with no payload to transmit.
  • customers/redact – same as above; nothing to redact.
  • shop/redact – we hard-delete the shop row and all dependent records (recipes, layers, daily metrics, sorted-orders cache, billing subscription).

Third parties & sub-processors

Geosort does not sell your data or share it with advertising networks, and we use no third-party analytics SDKs or trackers in the embedded admin or the storefront block. To run the service we rely on a short list of infrastructure sub-processors, each receiving only the data it needs:

  • Shopify – the source of all merchant and store data described above.
  • Amazon Web Services (AWS) – hosts our application, the Postgres database, and the Redis cache (region eu-west-1).
  • Resend – transactional email provider. Used only when a merchant enables the optional analytics email digest. It receives the store’s contact email address, any additional recipients the merchant configures, and the contents of that digest (the merchant’s own store-performance metrics). No customer data is sent.

Each sub-processor is bound by its own data-processing terms.

Contact

Questions: info@geosortapp.com